Discord’s audio and video end-to-end encryption (“E2EE A/V” or “E2EE” for short)

That last bit is a little concerning. E2EE is widely understood to mean full end-to-end encryption of communications, not selective encryption of just the audio/video bits while passing the text around in the clear. If Discord starts writing “E2EE” for short when describing their partial solution, it is likely to mislead people into thinking their text chats are protected, or thinking that Discord is comparable to real E2EE systems. They aren’t, and it isn’t.

We want an E2EE A/V protocol that is publicly auditable

Their use of the word “auditable” here is also concerning. What does it mean for a protocol to be auditable? Sure, it’s nice that they’re publishing their design, but that doesn’t allow independent audit of the implementation that actually runs on their servers and (importantly) people’s devices. Without publicly auditable code that can be independently, built, run, and used instead of the binaries they provide, there’s no practical way to know that it matches the design that was reviewed. And even if code is made available, without a way to verify that the code being run is the code that was inspected, any claim giving the impression that the system was audited is misleading at best.

During the rollout phase, a single non-supporting member being present forces the call to transport-only encryption. The call will automatically “upgrade” to E2EE if that member disconnects.

This sort of thing has historically been ripe for abuse. (See also: downgrade attack.) I hope they are very careful about how they implement it.

The protocol uses Messaging Layer Security (MLS) for group key exchange

Interesting. This makes me wonder if their motivation might be eventual compliance with the European Digital Markets Act. If that is the case, perhaps they also have a plan in the works for protecting text chats?

My early impression, based on what they wrote:

This won’t fix Discord’s major fundamental flaws. However, if their E2EE A/V design holds up to scrutiny, and if they were to fix their problematic language and provide truly auditable client code, the protection offered for audio & video could at least reduce Discord users’ exposure to unwanted harvesting of voice & face samples. A step in the right direction, and a timely one, given that biometric data collection and AI impersonation are on the rise.

Seems unlikely that all these would have fallen here.

I wonder what sort of creature would go around collecting them, only to leave them out where they would reflect light and attract the attention of anyone passing by. It’s almost as if…

What was that sound?

@latenightblog@procial.tchncs.de was created ~37 minutes ago.

Their only post violates rule 2, and probably violates lemmy.world rule 8 (misinformation).

Somebody please show them to the door.

I’m so sorry. I promise my laughter is not at you.

also any inputs are probably scraped

ftfy

Let’s hope it’s the bad outputs that are scrapped. <3

Games requiring kernel-level anti-cheat are such a small minority of games that I struggle to think how this could mean big anything (good or bad) to Linux gaming in general.

It’s funny how different scenes stand out to different people. If someone had asked me to list the most memorable bits of The Lighthouse, the scenes you mentioned wouldn’t have entered my mind. Dafoe’s monologue, on the other hand, will stick with me for a long time to come.

We could quibble about the details, but all of them are fundamentally last-man-standing competitions.

The Hunger Games was indeed one of them. I didn’t mention it because it’s the most obvious one in current cultural memory (no need for me to point it out) and because Battle Royale came a decade earlier, and Battle Royal half a century before that. The characters’ situation is probably older than printed words.

Even if a competitive game format was unique to the Hindi film, it would be tough to argue that nobody else could have thought of that detail when making their own variation of the same theme. Calling it a “blatant rip-off” of Luck (2009) is quite a stretch.

(Incidentally, the Luck synopsis that I read says it focuses on gambling, not competitive trials or children’s games. A quick look at the video confirms it.)

They haven’t even had the account for an hour and they’ve already violated lemmy.world ToS (calls for violence) in another thread. May the ban hammer strike swiftly.

Breaking! Community rule 1 (points 3, 4, and 5).

https://www.rottentomatoes.com/m/battle_royale

I wouldn’t be surprised if the theme also showed up in books that predate all of these films.

There are a couple of emulation communities outside of Beehaw:

!emulation@lemmy.world

!emulation@lemmy.ml

many results say to install custom ROMs which I can’t since its a US model and the bootloader is locked.

Are you sure it can’t be unlocked?

https://xdaforums.com/t/guide-to-root-galaxy-s22-plus-b-e-n-0-unlock-bootloader-and-flash-official-firmware-noob-friendly.4404351/

Many phones that don’t officially support unlocking can be exploited to do so anyway. Some will lose relatively minor functionality in the process (camera enhancements were lost on mine, but the camera still works fine) but the tradeoff is often worth it.

And it was composed by Quincy Jones, who has earned a small mountain of awards for his music over the years. Not many TV shows get a theme as good as that one.

Here’s the studio version:

https://www.youtube.com/watch?v=1-wZUgvSlOo

https://en.wikipedia.org/wiki/Internet_Draft

I think it’s pretty clear that IETF drafts are not what author meant when he wrote draft, and I’m pretty sure the IETF doesn’t have much to do with C++ standards.

Are you under the impression that there is no other sense of the word?

It might help you in the future when you are discussing things like drafts, specifications, and proposals.

As it turns out, I have done more than a little of that. Thankfully, I don’t usually see such condescending remarks in the process, nor such insistence on misunderstanding. Good luck to you, too.

Either it’s a draft or it’s a new iteration of the language. Can’t be both.

It’s a draft of a proposal for a new iteration. Is that so difficult to understand?

That’s fair. I think the last word in the URL does a good job of representing the implementation’s claimed level of maturity:

draft

:)

Is it true that Telegram doesn’t encrypt group chats at all? Maybe that would get their attention?

My biggest criticism of Telegram (but not the only one) is that they use homebrew crypto. Of course, I don’t know if your family would understand why that’s bad.

this is yet another competing standard of static analysis.

No, it isn’t.

Those are linters. They might or might not discover problematic use of unsafe language features lurking in existing code.

This proposal is a new iteration of the language and standard library. It would provide safe language features for preventing such problems existing in the first place.

It would be nice to include Zig’s approach in the comparison. I’ve only just begun learning it, but the syntax seems pretty elegant from what I’ve seen so far.

Upvoting not because I share author’s preference, but because I’m interested in reading other people’s perspectives on the topic.