Criminals think about a crime before committing a crime, that is unacceptable. Therefore, we should ban thought.

"does this make you bob?" "it does" made me smile

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” - Edward Snowden

"I don't have anything to hide". Oh except maybe all my health records, my credit card number and financial history, some of my browsing history depending on the person reading it, some of my contacts from some of my other contacts, some of the stuff I've said from my current and future employer, some of the stuff I've said from some of my family and friends depending, yeh I guess there's actually quite a lot come to think of it. You don't have to be a bad person to want privacy. And I realize that's the point of what was said.

Why not just make it illegal to commit crime? Problem solved.

This should be shown on BBC to educate the politicians about the problems they have "solutions" for, without understanding the issue itself!

thats like allowing the post office to read all the mail i send. thats not a good thing

"I have nothing to hide" is a terrible argument. Would you be happy for me to walk into your home and take photos of it then? I mean, you have nothing to hide, so you won't mind me just walking in whenever I feel like, right?

The right to privacy is essential in any democracy, even if it helps those who would seek to harm us.

"I don't care if the government sees what I'm doing I'm not hiding anything after all." That's a very dangerous thing to say

The government isn't a secure entity, making a backdoor for them would make it insecure period.

Alice and Bob - Well done. Proper encryption.

The Mike Pound videos are the best on this channel. He's the only one that seems like he's actually worked in industry or has any real-world experience (at least in recent decades).

One of the more obvious, non-technical issues here is that how are you going to prevent criminals from simply continuing to use secure E2E encryption, even if you enforce policies that require backdoors or whatever? You can't, really. If criminals want E2E encryption, they can get it. The knowledge is already out there, there are many different applications and libraries for it and it is entirely unrealistic to think you can prevent access to it.

There is another problem with this proposal: Alice and Bob can just use their public keys on a different level, by directly encrypting their messages for example and not the channels at which point this whole idea is broken again, so in the end even if you introduce it it only hits those who are not actually trying very hard to hide something.

In summary: Social Engineering always wins.

"I have nothing to hide" Awesome, make a video sharing all your account passwords please

"I have nothing to hide" = people who need to hide the fact that they have things to hide.

Even if messaging services did collaborate with governments to add a backdoor, nefarious users could just switch to an alternative system that didn't have one. So there's not really anything we can do to stop this.

Mike Pound's videos are always a pleasure to watch

I'm shocked that Dr Pound didn't mention Signal, the open-source app that invented the encrypted protocol that was later adopted by WhatsApp and Facebook Messenger. Signal solves the problem of data at rest on your device by allowing you to encrypt your message database with a passphrase that is independent of your phone's passcode lock.

I followed a course on Security in Uni one time, and this protocol was praised by the professor quite highly. I love that some blokes just thought of what is essentially quite a simple number transformation and it proves to be incredibly useful everywhere.

I love videos starring Mike, he explains everything so clearly. More Mike videos, please!!

I love that these vids are all coming out as I do the course at uni on them

the best explanation of end-to-end encryption on the internet. thanks, computerphile!

Excellent video and excellent explanations by Mike Pound. Thanks for that (except for the "i've got nothing to hide" fallacy).

Mike Pound will always be my favorite. Fascinating topics, amazing at explaining things, and easy on the eyes too ;)

Best explanation of Diffie-Hellman key eschange Ive seen is in Art of the Problem, an amazing youtube channel

Can we just appreciate what a great job Computerphile is doing? It is just great they are posting so many videos on CS topics. And these are not the usual lecture videos, but short and to the point videos that are fun to watch and we can learn a lot from them! This is really a blessing to CS students. Thanks, Computerphile!

I see a Dr. Mike Pound video, I upvote!

The other problem of a server holding unencrypted info is about what the company would do with it, even though i don't have anyting to hide, I wouldn't feel comfortable if i get condoms adds if they find that i got a STD for some reason... And the thing is that they just made it legal..... WHY would I ever consider giving them all of my info?! they don't need to know what my family situation is, they don't need to know WHY i could wear prothesis... It's about privacy, not about having something to hide... Do you want to see a picture that you send a day where you really shouldn't have? Well, I know that some of the above are already true... but I don't want it to go further

Great video! Looking forward for a new one on Hellman's key exchange method!

Brilliant explanation, visual illustrations helped a lot!

He should really clean his monitor...

Dr. Mike Pound, you are amazing. Someday I am going to send you an application to join your research in computer vision :D.

The major problem I have is that we do have forms of encryption that would allow a great deal of investigative ability without making it susceptible to a central point of failure. I've seen encryption which allows you to perform searches for specific things like the presence of a file, a phrase in plain text, audio clips and anything else you could fit into the comparing mechanism (which was generously large). I think it was 6 or 7 years ago when I seen it demonstarted on a Defcon presentation video. The idea behind that was a transparent encryption scheme that allows authorities and security personal to probe for known threats without weakening the encryption in the process. If I remember right it even had layers designs to protect against code injection attacks so that you couldn't write a program with clever queries to break out. Was an all around impressive encryption scheme and it wasn't even one of it's kind, the presented mentioned other variants that provide similar features at different trade offs. When we have stuff like that laying right in open source space, free for anyone to use. There's no reason why a backdoor should ever be presented as part of regulation. Maybe a regulation that anything crossing public infrastructure must use that type of encryption but not ask to weaken encryption to a master key.

He explains these things so well

This is actually what Assange was alluding to in his last interview regarding the CIA hacks. That end to end encryption really didn't matter because they had backdoor access to people's phones, laptops etc... This channel really is a gem!

I personally do not understand how the home secretary, of all people, doesn't ask computer science experts about the positives and negatives of such a system before saying to the public that it's unacceptable...

I would love to see a more in-depth video on exactly how this key exchange happens securely with E2EE.

Love Mike Pound. Wish there be could more videos of him

Alice seems like an unpleasant person. "What do you want now...?" is not a nice response to what is basically just a "hello". :c

“I don’t have anything to hide” 🤦‍♂️ everyone has things they would tell some people and not others and it doesn’t make you a criminal

I had really expected the line: "So before we declare that insane, let's first look at what that means, and then declare it insane."

Couldn’t the server complete a man in the middle attack when Bob and Alice were executing the Diffie-Helman key exchange?

Please do a video on the key exchange, I'm super curious to see how that works

keep up the good work guys long time fan

hell yeah its MIKE POUND again!

I like this guy the most on the channel. I am watching every video presented by him lol

I would love to study under Dr. Mike Pound, he is the man.

The thing is I don't think anyone would necesserily object to measures that make counter-terrorism an easier thing. What I personally object to is the notion that every message any person ever sends can be subject to scrutany by literally anyone else for any reason... That seems like a more dangerous situation for anyone to be in. Time and time again, legislation brought in "for national security" is used to spy on people en masse, often resulting in prosecutions for relatively minor crimes.

I've never smashed that thumbnail as hard as I did when I saw a new computerphile video with Dr Pound with sheer worry in his eyes.

Thank you, sir

Hey, thanks for the explanation! 2 questions tho: - Why am I able to see my WhatsApp/Telegram messages on my computer, while they were sent/received by/from my phone? Where did my computer took the encryption key from, if not from the server? - If it's impossible to get the content of the messages with an end to end encryption, why would one country ban Telegram and not WhatsApp? If both of them have an end to end encryption implemented, are they not equally impossible to hack? And should therefore both be banned/not banned

Excellent video! Really broke it down for the layman

These popular cryptography videos rock!! :) thank you very much for them

NICELY EXPLAINED MATE

Another option is to mandate the length of the encryption key so that governments can break it with difficulty if they really want to but it would be impossible to do general surveillance. This is a difficult thing to get right though with the constant increases in computer power available to both governments and private entities.

It's 2022 and I'm back for my refresher lesson

Your videos are awesome!!

The truth will set you free. Mighty fine job.

Love the insights. How do password wallets, like LastPass (tm) work?

this guy is insanely brilliant

Can we get a video about how TOTP actually works? I've heard some things about it and it sounded like it was intended to replace 2FA-logins, so it seemed quite interesting to me.

Both RSA and DH can be used with several exponents during the key agreement (multipliers in case of ECDH), all of which are known by the endpoints and which exponents as "sub-keys" are uploaded separately to different servers of prosecutors, judges and police, of which all need to agree and cooperate to eavesdrop on a single communication channel. The problem is rather if this level of separation of powers is sufficient seeing what happens to democracies all over the world right now?

In the example where the messages get decrypted and reencyrpted on the server, couldn't you just encrypt the plain-text messages with yet another key and store that on the server? Then you could hide the decryption key for that somewhere in the mountains of Switzerland or wherever. Then you only take it out when needed and destroy it afterwards. Not proposing that it would be a good idea, but would it work?

So if you had a group chat in say Facebook messenger, is there one key for the group chat or does it send an individual message to each member and have a key with each individual member?

1:35 The fact it's Bob to start texting instead of Alice distrubs me ahahah

I wish Dr. Pound had his own channel for us to subscribe to as well.

Awesome video learn alot from.

How do we ensure S does forwards Bob's public key to Alice, for example? They are still communicating over the server, what's stopping the server from lying about the public keys and using a generated pair to hold the plaintext messages?

Intersting that while ministers have argued to end e2e encryption they adopted a e2e encrpted messaging app for tory party communications during the election and onwards

4:48: See that little dark speck on the desk, just above his right hand? Did that have anyone else trying to clean their screen, too?

What is NFC? Is public key cryptography and ciphers how they encrypt the channel? How is the server involved if only alice and bob use the shared key?

"It's a problem that if a criminal finds out this flaw..." There's no organization more criminal than the government.

I particularly enjoy the cryptography episodes.

I envision the original Skype for mobile phones using the radios and or WiFi within to create a network independent of the carriers passing packets along until.they can reach the ipv6 address or imie device intended . Servletts on every device in the iOt space allowing secured member available transport for all joiners. Last thought, so, shall we move decryption to the display it self?

You know what smart criminals would do. Write their own encryption program that's end to end and exchange the keys in person before using it. So even with these backdoors and ways of bugging the phone/computer, the government is still kinda screwed. They'd end up decryption the messages to see a second layer of decryption that they don't have a backdoor to because the criminals obviously wouldn't install one. It's funny how so many of the proposed solutions aren't really solutions because the criminals have a way to avoid it while the "solution" hurts regular users. Government, please think more about your ideas, once you think you have something, look at it from the perspective of a criminal and go "How could I bypass this, how could I make it so it doesn't apply to me or doesn't work? How could I break this?".

Can you tell if a Digital signature provides confidentiality or not, if so why? Thanks in advance.

can i ask what system are those shelves and where i can get them? they look like they can be rearranged, i rly need something like that :)

wait so how do two users work out a shared secret key without the server in the middle being able to get that key?

Even if they did implement a back door the people who really want to hide what there talking about can just encrypt the messages themselves. They could quite easily use third party software to encrypt the messages with a public-private pair then send that encrypted message over the unsecured messenger app. Even if the government got a warrant the messages would only be readable if they had the private key. So in the end most likely the only people that would be at risk of loosing their privacy is the average users who’s done nothing wrong

People often say “this is only bad because the government is run by humans who are inherently imperfect” but I disagree with that sentiment I’d say that even if the government was a completely morally pure perfect body, as if such a thing can even exist even on a philosophical or ethical level, it’s still a bad thing to just hand that moral authority total access to all of our privacy.

Criminal activity is NOT unacceptable; there is no inherent connection between criminality and immorality, and often it's the laws that are immoral.

how is Kab shared ? if through server then why can't server use it to decrypt message?

I have question. Who generates the public keys? Did i understood correct that Alice phone generate both public and private keys (as same for Bob). I know the private key generates by Alice device(phone) but what about the Public key (where its generating)?

7:35 i like the user experience of decrypted messages.

I believe that what many governments will do is to force developers to include a feature in the apps to request the decrypted chat history ofna conversation from one of the participants. The server will request the client for that, then the client will just decrypt it on its side and send it to the server

Great video, but I still don't understand how the to end user can share a common encryption key without the server knowing what it is and if it changes for every message, how do they communicate this encryption key between the 2 end users

Are there any other methods to transport/ encrypt data than point to point encryption and end to end encryption?

If one of the phones is compromised, all keys of other phones that this phone communicates with can be found as well right? (Since both parties use the same key)

4 years later... still trying to make this work...

How would E2EE work in groups with more than 2 people? Are different keys send to every member of the group?

How is E2EE different from public key cryptography, like pgp. They both establish "tunnel" between two users.

Is the video speed up? It looks like is playing 1.2 times the natural speed. Also hard to follow. I checked the player settings.

Guys go read up on the Diffie-Hellman Key Exchange technique. It's fascinating.

The thing is we have padlocks which can be used for locking and saving good thing or bad thing the same way as E2EE does.

i have a doubt , through what pathway is the key" K ab " is shared between the two devices. is it through the server or by some other means. so is this a type of asymmetric encrypytion?

Could we not use private/public key types of solutions? Then just change they key regularly? :P

What is Perfect Forward Security?