> On Apr 15, 2020, at 2:58 PM, Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote: > > To be clear, I don't think this is a problem that can be solved by protocol design. Unless/until we can actually audit both the hardware and software in our mobile devices, we're vulnerable to whatever the big companies put in those devices, and to whatever governments demand of them. But these are two distinct issues. It’s entirely possible to design a protocol that has specific, effective privacy preserving properties, and possibly even some interesting "subversion resistance” properties, and then subvert it. It’s also possible to design a protocol that doesn’t have those properties in the first place - at which point I don’t need to subvert it. It seems to me that one of these approaches should still seem more attractive than the other one to the privacy-concerned, even if neither is perfect. cheers, -john