"does this make you bob?" "it does" made me smile

Criminals think about a crime before committing a crime, that is unacceptable. Therefore, we should ban thought.

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” - Edward Snowden

Why not just make it illegal to commit crime? Problem solved.

This should be shown on BBC to educate the politicians about the problems they have "solutions" for, without understanding the issue itself!

"I don't have anything to hide". Oh except maybe all my health records, my credit card number and financial history, some of my browsing history depending on the person reading it, some of my contacts from some of my other contacts, some of the stuff I've said from my current and future employer, some of the stuff I've said from some of my family and friends depending, yeh I guess there's actually quite a lot come to think of it. You don't have to be a bad person to want privacy. And I realize that's the point of what was said.

The Mike Pound videos are the best on this channel. He's the only one that seems like he's actually worked in industry or has any real-world experience (at least in recent decades).

thats like allowing the post office to read all the mail i send. thats not a good thing

"I have nothing to hide" is a terrible argument. Would you be happy for me to walk into your home and take photos of it then? I mean, you have nothing to hide, so you won't mind me just walking in whenever I feel like, right?

The right to privacy is essential in any democracy, even if it helps those who would seek to harm us.

One of the more obvious, non-technical issues here is that how are you going to prevent criminals from simply continuing to use secure E2E encryption, even if you enforce policies that require backdoors or whatever? You can't, really. If criminals want E2E encryption, they can get it. The knowledge is already out there, there are many different applications and libraries for it and it is entirely unrealistic to think you can prevent access to it.

Alice and Bob - Well done. Proper encryption.

The government isn't a secure entity, making a backdoor for them would make it insecure period.

There is another problem with this proposal: Alice and Bob can just use their public keys on a different level, by directly encrypting their messages for example and not the channels at which point this whole idea is broken again, so in the end even if you introduce it it only hits those who are not actually trying very hard to hide something.

Mike Pound's videos are always a pleasure to watch

In summary: Social Engineering always wins.

"I don't care if the government sees what I'm doing I'm not hiding anything after all." That's a very dangerous thing to say

I see a Dr. Mike Pound video, I upvote!

I followed a course on Security in Uni one time, and this protocol was praised by the professor quite highly. I love that some blokes just thought of what is essentially quite a simple number transformation and it proves to be incredibly useful everywhere.

Excellent video and excellent explanations by Mike Pound. Thanks for that (except for the "i've got nothing to hide" fallacy).

I love videos starring Mike, he explains everything so clearly. More Mike videos, please!!

"It's a problem that if a criminal finds out this flaw..." There's no organization more criminal than the government.

I love that these vids are all coming out as I do the course at uni on them

Can we just appreciate what a great job Computerphile is doing? It is just great they are posting so many videos on CS topics. And these are not the usual lecture videos, but short and to the point videos that are fun to watch and we can learn a lot from them! This is really a blessing to CS students. Thanks, Computerphile!

This is actually what Assange was alluding to in his last interview regarding the CIA hacks. That end to end encryption really didn't matter because they had backdoor access to people's phones, laptops etc... This channel really is a gem!

I had really expected the line: "So before we declare that insane, let's first look at what that means, and then declare it insane."

the best explanation of end-to-end encryption on the internet. thanks, computerphile!

Dr. Mike Pound, you are amazing. Someday I am going to send you an application to join your research in computer vision :D.

Best explanation of Diffie-Hellman key eschange Ive seen is in Art of the Problem, an amazing youtube channel

Mike Pound will always be my favorite. Fascinating topics, amazing at explaining things, and easy on the eyes too ;)

I'm shocked that Dr Pound didn't mention Signal, the open-source app that invented the encrypted protocol that was later adopted by WhatsApp and Facebook Messenger. Signal solves the problem of data at rest on your device by allowing you to encrypt your message database with a passphrase that is independent of your phone's passcode lock.

"I have nothing to hide" = people who need to hide the fact that they have things to hide.

I've never smashed that thumbnail as hard as I did when I saw a new computerphile video with Dr Pound with sheer worry in his eyes.

Criminal activity is NOT unacceptable; there is no inherent connection between criminality and immorality, and often it's the laws that are immoral.

"I have nothing to hide" Awesome, make a video sharing all your account passwords please

hell yeah its MIKE POUND again!

I like this guy the most on the channel. I am watching every video presented by him lol

The major problem I have is that we do have forms of encryption that would allow a great deal of investigative ability without making it susceptible to a central point of failure. I've seen encryption which allows you to perform searches for specific things like the presence of a file, a phrase in plain text, audio clips and anything else you could fit into the comparing mechanism (which was generously large). I think it was 6 or 7 years ago when I seen it demonstarted on a Defcon presentation video. The idea behind that was a transparent encryption scheme that allows authorities and security personal to probe for known threats without weakening the encryption in the process. If I remember right it even had layers designs to protect against code injection attacks so that you couldn't write a program with clever queries to break out. Was an all around impressive encryption scheme and it wasn't even one of it's kind, the presented mentioned other variants that provide similar features at different trade offs. When we have stuff like that laying right in open source space, free for anyone to use. There's no reason why a backdoor should ever be presented as part of regulation. Maybe a regulation that anything crossing public infrastructure must use that type of encryption but not ask to weaken encryption to a master key.

I would love to see a more in-depth video on exactly how this key exchange happens securely with E2EE.

It's 2022 and I'm back for my refresher lesson

Even if messaging services did collaborate with governments to add a backdoor, nefarious users could just switch to an alternative system that didn't have one. So there's not really anything we can do to stop this.

He explains these things so well

4 years later... still trying to make this work...

Alice seems like an unpleasant person. "What do you want now...?" is not a nice response to what is basically just a "hello". :c

Please do a video on the key exchange, I'm super curious to see how that works

Great video! Looking forward for a new one on Hellman's key exchange method!

Couldn’t the server complete a man in the middle attack when Bob and Alice were executing the Diffie-Helman key exchange?

1:35 The fact it's Bob to start texting instead of Alice distrubs me ahahah

“I don’t have anything to hide” 🤦‍♂️ everyone has things they would tell some people and not others and it doesn’t make you a criminal

The other problem of a server holding unencrypted info is about what the company would do with it, even though i don't have anyting to hide, I wouldn't feel comfortable if i get condoms adds if they find that i got a STD for some reason... And the thing is that they just made it legal..... WHY would I ever consider giving them all of my info?! they don't need to know what my family situation is, they don't need to know WHY i could wear prothesis... It's about privacy, not about having something to hide... Do you want to see a picture that you send a day where you really shouldn't have? Well, I know that some of the above are already true... but I don't want it to go further

Hey, thanks for the explanation! 2 questions tho: - Why am I able to see my WhatsApp/Telegram messages on my computer, while they were sent/received by/from my phone? Where did my computer took the encryption key from, if not from the server? - If it's impossible to get the content of the messages with an end to end encryption, why would one country ban Telegram and not WhatsApp? If both of them have an end to end encryption implemented, are they not equally impossible to hack? And should therefore both be banned/not banned

I would love to study under Dr. Mike Pound, he is the man.

4:48: See that little dark speck on the desk, just above his right hand? Did that have anyone else trying to clean their screen, too?

People often say “this is only bad because the government is run by humans who are inherently imperfect” but I disagree with that sentiment I’d say that even if the government was a completely morally pure perfect body, as if such a thing can even exist even on a philosophical or ethical level, it’s still a bad thing to just hand that moral authority total access to all of our privacy.

wait so how do two users work out a shared secret key without the server in the middle being able to get that key?

I personally do not understand how the home secretary, of all people, doesn't ask computer science experts about the positives and negatives of such a system before saying to the public that it's unacceptable...

Brilliant explanation, visual illustrations helped a lot!

He should really clean his monitor...

I'm unclear about the necessity of this algorithm. What is the exact problem it's solving, that is not being solved by a plain public key exchange?

I'd like to know more about how KAB is known to both devices without it going through the server - which seems to be the only way the 2 devices can communicate?

How do we ensure S does forwards Bob's public key to Alice, for example? They are still communicating over the server, what's stopping the server from lying about the public keys and using a generated pair to hold the plaintext messages?

Very well explained ! Simply put!

I wish Dr. Pound had his own channel for us to subscribe to as well.

finally another pound of computer science.... gosh, i am horrible with puns :(

Love Mike Pound. Wish there be could more videos of him

You know what smart criminals would do. Write their own encryption program that's end to end and exchange the keys in person before using it. So even with these backdoors and ways of bugging the phone/computer, the government is still kinda screwed. They'd end up decryption the messages to see a second layer of decryption that they don't have a backdoor to because the criminals obviously wouldn't install one. It's funny how so many of the proposed solutions aren't really solutions because the criminals have a way to avoid it while the "solution" hurts regular users. Government, please think more about your ideas, once you think you have something, look at it from the perspective of a criminal and go "How could I bypass this, how could I make it so it doesn't apply to me or doesn't work? How could I break this?".

"does that make you bob?" *with a toddler-esque grin* "itdoes :D"

The truth will set you free. Mighty fine job.

What's to prevent a server along the way pretending to be Bob to Alice, and Alice to Bob? Or to put it a different way, how do you make sure a public key belongs to the person you're attempting to communicate with?

Can we get a video about how TOTP actually works? I've heard some things about it and it sounded like it was intended to replace 2FA-logins, so it seemed quite interesting to me.

Excellent video! Really broke it down for the layman

If one of the phones is compromised, all keys of other phones that this phone communicates with can be found as well right? (Since both parties use the same key)

The thing is I don't think anyone would necesserily object to measures that make counter-terrorism an easier thing. What I personally object to is the notion that every message any person ever sends can be subject to scrutany by literally anyone else for any reason... That seems like a more dangerous situation for anyone to be in. Time and time again, legislation brought in "for national security" is used to spy on people en masse, often resulting in prosecutions for relatively minor crimes.

Another option is to mandate the length of the encryption key so that governments can break it with difficulty if they really want to but it would be impossible to do general surveillance. This is a difficult thing to get right though with the constant increases in computer power available to both governments and private entities.

Why not use asymetric encrytion (RSA) over the server dirctly for communication, isn't that sufficient?

It's interesting how he seems to feel comfortable with the government having access to all his information.

So if you had a group chat in say Facebook messenger, is there one key for the group chat or does it send an individual message to each member and have a key with each individual member?

How is E2EE different from public key cryptography, like pgp. They both establish "tunnel" between two users.

How do you ensure the server is not acting as a MITM in the picture at around 5:00? Just because Diffie-Hellman can securely exchange a key between A and B, it doesn't mean that S cannot pretend to be A or B. All S has to do when receiving the Diffie-Hellman request is to reply with its own key. Then, create a new one to B, essentially creating K_AS and K_BS without telling A nor B. I suppose the solution is certificates. In other words, we can really only rely on trust.

I have question. Who generates the public keys? Did i understood correct that Alice phone generate both public and private keys (as same for Bob). I know the private key generates by Alice device(phone) but what about the Public key (where its generating)?

What is NFC? Is public key cryptography and ciphers how they encrypt the channel? How is the server involved if only alice and bob use the shared key?

Can you tell if a Digital signature provides confidentiality or not, if so why? Thanks in advance.

"I don't have anything to hide" oh, this naiveté...

4:00 Why tho ?

5:40 I would object. Government should not spy on my messages, under ANY condition. Even if I'm doing illegal things - snooping on calls and messages is very bad idea for any kind of law enforcement.

I envision the original Skype for mobile phones using the radios and or WiFi within to create a network independent of the carriers passing packets along until.they can reach the ipv6 address or imie device intended . Servletts on every device in the iOt space allowing secured member available transport for all joiners. Last thought, so, shall we move decryption to the display it self?

Alice and Bob should be awarded for their contribution to information security.

So if only the two endpoints can decrypt the messages, how are the previous messages decrypted when a user changes their endpoint (device)? The new endpoint shouldn’t have the old key, isn't it?

How would E2EE work in groups with more than 2 people? Are different keys send to every member of the group?

What is Perfect Forward Security?

Can someone explain the difference between E2E and PGP ? Isn’t the same like making a public&private key....

I'm a little bit troubled by his explanation of E2E encryption. Yes a DHE key exchange is a big part of it, but at no point is it directly implemented. As you still have the verification problem. Verification can only be done using a public key which you cannot trust unless you have some outside method of knowing it should be trusted: I.E. trusted certificate authority or simple QR code scanning and verifying a public key locally.

So both end users generate a private key using both public keys.... both public keys were visible to the server... couldn't the server also generate that private key? What is the mechanism that allows both end users to generate a private key pair using public keys that can't be replicated by the server?

These popular cryptography videos rock!! :) thank you very much for them

2022, here we go again

Couldn't the criminals manually encrypt their messages before sending them through whatsapp and circumvent this anyway?

Great video, but I still don't understand how the to end user can share a common encryption key without the server knowing what it is and if it changes for every message, how do they communicate this encryption key between the 2 end users

Love the insights. How do password wallets, like LastPass (tm) work?

Wouldn't the initial public key exchange between the phone be susceptible to a man in the middle attack since the phones keys aren't signed?

Are there any other methods to transport/ encrypt data than point to point encryption and end to end encryption?