Trending February 2024 # Security Experts Debate Messaging Interoperability Encryption Challenges # Suggested March 2024 # Top 11 Popular

You are reading the article Security Experts Debate Messaging Interoperability Encryption Challenges updated in February 2024 on the website Tai-facebook.edu.vn. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested March 2024 Security Experts Debate Messaging Interoperability Encryption Challenges

Messaging interoperability encryption challenges are being discussed by security experts, following the European Union’s decision to make cross-platform messaging capabilities a legal requirement.

There was much debate on whether or not to include messaging interoperability in the Digital Markets Act (DMA), and the challenges of maintaining end-to-end encryption was one of the key issues …

Background

We previously summarized the background to this issue:

Messaging interoperability is the idea that instant messaging should be like email. We can each use our preferred service and app, while still being able to communicate with each other.

So I might use Telegram, and you might receive it in WhatsApp. Your mom may send you a Facebook Message, and you might receive it in iMessage. Like email, we would send the message to the person, not the service […]

The EU has long been working on a huge piece of antitrust legislation known as the Digital Markets Act (DMA). The key aims of the planned law are to ensure that tech startups are able to enter the market without their growth being inhibited by the dominant players, and that consumers are able to benefit from the fruits of that competition – the best services at the lowest prices. 

There has been much internal debate about the appropriate scope of the legislation, and, in particular, whether messaging interoperability requirements should be included. Some argued against it on the grounds that it would be a nightmare to implement.

I argued that while messaging interoperability would indeed be a nightmare for tech giants to implement, it would be a dream for consumers. Most of the discussion, however, has focused on the nightmare part.

Messaging interoperability encryption challenges

There are many different ways to implement end-to-end encryption, and different messaging platforms have opted for different privacy solutions. But even where two services have opted to use the exact same encryption technique, they’ll still end up with different keys for communication between the same individuals, meaning you can’t just forward an E2E encrypted message from one to the other: much more work is required.

The Verge reports on the various concerns being expressed by security experts. One is the need for messaging services to make major changes to their respective approaches.

Steven Bellovin, an acclaimed internet security researcher and professor of computer science at Columbia University, said: “Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes. A design that works only when both parties are online will look very different than one that works with stored messages …. How do you make those two systems interoperate?”

He argues that this could mean stripping out features to reach a lowest common denominator between services.

A second issue is that a security vulnerability in one messaging platform could effectively expose them all to the same exploits. Related to this, each service would have to trust every other service’s method of verifying user identities.

“How do you tell your phone who you want to talk to, and how does the phone find that person?” said Alex Stamos, director of the Stanford Internet Observatory and former chief security officer at Facebook. “There is no way to allow for end-to-end encryption without trusting every provider to handle the identity management… If the goal is for all of the messaging systems to treat each other’s users exactly the same, then this is a privacy and security nightmare.”

Potential solutions

However, open-source E2E nonprofit Matrix says that there are ways to solve these problems.

Unsurprisingly, each platform adopting Matrix’s own open-source solution is one of these. Using open-source code would have the benefit of any security researcher being able to verify the integrity of the encryption system used. Even WhatsApp chief Will Cathart – who has been very critical of the call for messaging interoperability – acknowledges this possibility.

Another would be to decrypt and re-encrypt en-route – which would normally completely compromise the whole basis of E2E encryption – but to do so on user’s own machines.

Your laptop or phone effectively maintains a connection over to iMessage or WhatsApp or whatever as if it were logged in… but then relays the messages into Matrix once re-encrypted.

This doesn’t introduce additional risks, since an end user with a compromised machine can already expose messages.

The bottom line

Ultimately, security experts agree on two things:

Allowing messaging interoperability without compromising E2E encryption is possible

It is very difficult, and would require a great deal of work

That second point means that it isn’t going to happen any time soon, and the EU is aware of this. It’s expected that the deadline for offering this will be much later than the deadlines for complying with other Digital Markets Act requirements.

Photo: Camilo Jimenez/Unsplash

FTC: We use income earning auto affiliate links. More.

You're reading Security Experts Debate Messaging Interoperability Encryption Challenges

Messaging Interoperability Would Be A Nightmare For Tech Giants, But A Dream For Consumers

Messaging interoperability – in which it would be possible to send a message to someone without knowing or caring which chat service they use – finally made it into the European Union’s Digital Markets Act.

It was one of the most controversial elements of the upcoming legislation, with some arguing that it would be a technological nightmare to implement, and others that it would benefit both startups and consumers …

Background

The EU has long been working on a huge piece of antitrust legislation known as the Digital Markets Act (DMA). The key aims of the planned law are to ensure that tech startups are able to enter the market without their growth being inhibited by the dominant players, and that consumers are able to benefit from the fruits of that competition – the best services at the lowest prices.

There has been much internal debate about the appropriate scope of the legislation, and, in particular, whether messaging interoperability requirements should be included. Some argued against it on the grounds that it would be a nightmare to implement, others because consumers are already free to choose from a wide range of messaging platforms. But in the end, those arguing in favor won the day.

The problem with instant messaging

Right now, the instant messaging market is extremely fragmented. There’s SMS, RCS, iMessage, WhatsApp, Facebook Messenger, Signal, Telegram, WeChat, Line, QQ, Viber, KIK, Snapchat, Twitter DMs, Discord, and many more. That’s before we even get into Google’s ever-changing range of IM apps, those popular in specific countries (like KakaoTalk in South Korea), and the even lengthier list of business messaging apps like Slack and Teams.

On the one hand, that’s great for consumers, and evidence that competition works. Everyone can choose their own preferred app. On the other hand, it’s a bit of a nightmare when you want to actually, you know, message someone – because everyone can choose their own preferred app.

I have most of the above IM apps installed on my devices, not because I want them all, but because different friends, family members, and other contacts use different services.

I’m old enough to remember things being simple when it came to digital communications. Yes, there were a bunch of competing, incompatible chat apps, but people only used those when they wanted to actually chat – that is, have a real-time interactive text conversation. Most asynchronous digital communication – sending a message for someone to read when it was convenient to them – used email.

But that’s no longer the case. Email is probably the least-popular option when it comes to sending a message to someone. Today, chat apps are the new email – and that’s a problem.

Email is purposely universal in nature. I can send you an email without knowing which email platform or app you use. You might receive my email in Apple Mail on your iPhone, in Spark on your Mac, in Outlook on your PC, on the web interface for Gmail – or hundreds of other options. I don’t need to either know or care: I just send you an email, and you receive it.

But if I want to send you an instant message, I need to know which apps you use. I mean, I can use your phone number without caring whether you receive it as an SMS or an iMessage, but that’s about it. Otherwise I need to know which apps you have, and which ones you actually read.

Messaging interoperability

Messaging interoperability is the idea that instant messaging should be like email. We can each use our preferred service and app, while still being able to communicate with each other.

So I might use Telegram, and you might receive it in WhatsApp. Your mom may send you a Facebook Message, and you might receive it in iMessage. Like email, we would send the message to the person, not the service.

Of course, this would be a technical nightmare! Just look at the difficulty WhatsApp has had in making its own service operate seamlessly between iPhone, iPad and Mac (spoiler: it still doesn’t).

That’s mostly down to end-to-end encryption. It’s not just that different messaging services use different forms of encryption – it’s that the way E2E encryption works which makes it tricky even for one service to support multiple devices for a single user.

So there is no doubt at all that this would be an absolute nightmare for messaging companies to implement. E2E messaging essentially expects one person to be using one app on one device.

But solving this is not impossible. Even Apple – which has complete control of hardware, platform, and app – had to come up with a clever workaround to enable you to seamlessly use iMessage between iPhone, iPad, Mac, and Watch. Development of a messaging interoperability standard is tricky, but entirely possible.

It isn’t going to happen anytime soon, and even the DMA acknowledges this. But I do think it’s a worthwhile goal, and I look forward to the time when I can message five different friends without having to use five different apps.

FTC: We use income earning auto affiliate links. More.

Ai Writing Challenges In Education

Educators spend their time preparing for class with a long list of thought work:

Grading

Giving feedback

Creating notes and assignments

Making materials look appealing to increase student engagement

Adding elements to lessons that make the material more fun or accessible

Professional development training often offers tips on how to do the above tasks more efficiently. And certainly, AI is a new way to do that.

Not all AI is text and image generation. You may have already been using AI in some daily tasks without realizing it. For example, the newest Samsung Interactive Display contains features like handwriting recognition, graphic recognition, smart search, and smart shapes. These tools can empower educators and students to work more efficiently in a classroom setting.

Blended learning without limits

Simple, scalable and secure display solutions empower educators to take control of curriculum. Download Now

The big challenges of AI in writing

Data privacy is another issue when it comes to using AI. Growing concern over the data needed for AI algorithms to function effectively may lead to a moratorium on student use of this technology until we can verify data privacy. The best practice for educators concerned about protecting their data would be to access these tools using credentials not tied to their school or their students’ information.

Asking the right questions

As educators and students become comfortable with AI in their daily workflow, it is essential to focus on clear and specific tasks for AI to complete. Clarity is the first hurdle that students may encounter as they turn to AI for tutorials or quick answers. You must first be able to communicate what you need. The more organized your thoughts are, the better the results will be. As an educator, ask ChatGPT to generate questions on a topic that utilizes the levels of Bloom’s Taxonomy, and you will not regret it.

AI was designed to recognize keywords and patterns, so users should play to its strengths. With this in mind, there are many ways AI can help you with thought work as you prepare for class. AI can create:

Differentiated questions and activities

Summaries of texts, notes, or videos for review or support

Annotations for a text considering specific criteria such as theme, tone, imagery

Further explanation of concepts

Word problems and step-by-step instructions for solving them

Grammar recommendations

Project ideas

Essay topics

Counterpoints to help qualify a position

Virtual field trips

Book club activities

AI writing tools that can help

New tools are popping up daily, and I am particularly excited about a few. As an English teacher, I gravitate toward applications that would significantly impact my classroom by saving time, differentiating lesson materials, or providing students with instant feedback.

Curipod is an educator tool for lesson and slide creation, interactive engagement for students, and AI-generated feedback to student responses.

Grammarly is a writing aid and grammar check tool that students and professionals have long used to ensure clear and concise writing, but they recently added GrammarlyGO for text generation help.

YouTube Summary is a Chrome extension that provides a transcript and summary of YouTube videos and websites.

Speechify is a Chrome extension that provides AI-powered text-to-speech of any website, offering a variety of voices and speeds.

Readwise Reader is an app in beta testing that enables users to organize and prioritize a variety of documents and texts. The AI can rephrase complex language and aid in the comprehension and processing of information. Students could use it to keep up with assignments from all classes in one place.

The Samsung Education team works diligently to support the educator community, offering in-person professional development and additional support year-round. And discover the full range of Samsung Interactive Displays, all designed for more engaging and visually enhanced collaboration in the classroom.

Top Challenges For Desktop Linux

I have been using various Linux distros for many years now. One of the benefits is that I’ve seen many things improve and have been there to celebrate each success as it happened. Unfortunately, like any modern operating system, even the most modern Linux distributions are not without their challenges.

In this article, I’m going to share the biggest issues I’ve experienced over the years. At no time am I disparaging Linux on the desktop. Rather, I hope to start a dialog so that some of these issues can be addressed.

With the rise of mobile devices taking the spotlight from desktop platforms, getting Linux adopted by the masses feels more challenging than ever. Why does this matter? Because I think having Linux as an alternative desktop option adds value for a lot of potential newcomers.

The next biggest issue besides mobile devices flooding the market is the missed opportunity disenfranchised Windows users never hear about – Linux! Setting aside technical barriers for a moment, the fact is most people only know of OS X and Windows. This is largely because no one is spending big ad dollars on Linux promotion. Most people that are introduced to Linux on the desktop are doing so by chance.

Solution: I can’t in good conscience suggest that there is a solution to this. Even if we could magically zap computers with Linux goodness, when it comes time to get a PC repaired, folks are left with Windows-biased technicians. The best course of action is to accept that this will be a grassroots effort that won’t shatter any adoption records.

To be fair, software projects are abandoned on Windows and OS X too. But it does seem to hurt more when it happens to a Linux project. I’ve seen this happen with Twitter clients, Webcam software and other non-critical applications. This may not seem like a big deal on the surface, but there have been abandoned projects that really bugged me for a long time.

Ideally in the Open Source world, this problem is addressed by someone choosing to fork the project. Sadly this doesn’t always happen (I’m looking at you, GNOME Nanny). Where this rubs me the wrong way is when we’re trying to get something done, locate the perfect application…only to find that it’s no longer being developed.

Solution: Figuring out a way to make adopting existing code a bit more transparent would be a good start. Jono Bacon has some interesting ideas, but I think it’s something that really needs to be looked at for the long haul.

One area that I have gone back and forth on is the level of fragmentation within Linux distributions. On the one hand, I love being able to jump from distro to distro for new experiences. Unfortunately software developers for Windows and OS X do not like this.

Acknowledging that there are exceptions ranging from Steam games to Skype, overall most Windows and OS X software tends to avoid Linux altogether. Why, you might ask? Because according to the developers, fragmentation within the Linux community makes it pretty unattractive. Is this unfair? Perhaps, but at the end of the day the result is the same – no Photoshop, no MS Office, and no (insert software title here).

Solution: I have to admit that I’m on the fence with this issue. On the one hand, I don’t rely on any of the “missing” software titles Linux newcomers might expect. But I’d be a fool if I tried to pretend like this isn’t a deal breaker for some people. There are a lot of people that need certain legacy software titles. According to the developers of these apps, fragmentation is a big reason why they don’t try to port their software titles to Linux.

Personally, I’m in the camp that believes that developers could do it if they simply chose a distro and stuck with it, but alas, that would again point straight back to the fragmentation issue. Even if they chose the most popular distro, they’d be missing out on users from others Linux distributions.

This easily fits in nicely with my above point. The difference between reported market share and fragmentation is that one is accurate while the other is perceived nonsense. Say it with me folks: The reported market share myth is higher than the “stats” have indicated in the past. The truth is no one actually knows. The Linux community don’t issue licenses or sell traceable pre-installed PCs with Linux. Notice I said traceable, there are a number of vendors that sell Linux pre-installed.

Regardless of this fact, the consensus of a tiny market share remains. And like with the issue of fragmentation, this doesn’t help matters much when Linux users are trying to convince a developer to port a game or software over to Linux.

Solution: I believe asking for a cited link when someone spouts off Linux adoption numbers is a good start. But in the end, there isn’t anything we can really do about it. For now, we’re left with making sure we reward developers that support us. This means participating in crowd funding opportunities, along with promoting our favorite distribution at ever opportunity. This doesn’t do much for reported market share, but it does let others know that we Linux users are a passionate bunch.

If you use Arch or another related distribution, this doesn’t apply to you. However, if you use a release-based distribution, getting the latest software version usually requires some extra work. For Ubuntu, this could mean looking for a PPA (personal package archive) that contains a later version of your desired software. For other distributions, it might make more sense to simply put a package together yourself. However you slice it, the situation sucks for release based distributions.

Virtualization Poses Challenges For It Pros

Tales from the frontline of companies deploying virtualization were among the highlights of a webinar this week sponsored by Hewlett-Packard. Constraints on physical space and power in the datacenter were among the key reasons companies participating in a panel discussion gave for moving to virtualization technology.

“We adopted virtualization initially to handle backup and fault tolerance for our primary machines and to handle space and power constraints in the datacenter,” said Michael Diamant, CTO of procurement solution provider MoreDirect.

“We started virtualizing servers because of a lack of power and space in our computer center,” said Debbie Karcher, CIO of Miami-Dade County Public Schools.

While panelists said virtualization has helped them better manage server sprawl and increased power consumption, they also found some applications were better suited to the technology than others. For example, MoreDirect’s Diamant said that Microsoft’s Exchange had been difficult to virtualize.

Karcher said that SAP had initially resisted virtualization until she proved their apps would work on it. “Vendors still sometimes ask us to move the app to a virtual server if we’re having a problem,” she said. “We push back. We may do it, just to show that the problem is still there after we move it to a physical server.”

Diamant explained that MoreDirect adopted Xen first because the first departments to use virtualization ran on Linux and Unix. But in light of the problems trying to run Exchange on Xen, he hopes to standardize on VMware in the future.

“These are not aspirational virtualization plans,” said Eunice. “These folks are really doing it.”

Controlling virtualization

Asked by chúng tôi about controlling VM sprawl, also known as “cowboy activity,” panelists said they are aware of the issue.

“VMs are kind of like candy,” said Christopher Renece, CFO of FICO, a credit management and compliance practice. “Either people want VMs and they’re all over the place or people hoard them. vSphere 4.0 gives us more management capabilities. We track VMs as assets even though they’re virtualized.”

Karcher said that she supplements vSphere’s management capabilities with Ipswitch’s WhatsUpGold software. Diamant said that MoreDirect also uses WhatsUpGold.

He added that virtualization has broken down a set of silos in IT.

“Like a lot of IT shops, there was a traditional separation between Linux, UNIX, and Windows. We got those groups to collaborate better than ever in the past now that they’re all running in the same environment.”

Diamant added that as an HP customer, he was thrilled when HP acquired LeftHand, because he was already using LeftHand for storage in virtualized environments.

Studying the cloud

While all of the panelists were busy building private clouds and virtualization farms in their own datacenters, they were reluctant to subscribe to the outside infrastructure offered by public cloud providers.

“We are preparing to adopt the cloud, whether it’s provided by Amazon, Microsoft, or HP. But cloud providers need to provide access control, manage data, clean up data, and support compliance,” said Renece.

“I’m worried about compliance,” said Diamant.

“I struggle with the cloud,” said Karcher. She added that Miami-Dade County Public Schools had contracted with Microsoft for cloud-based student e-mail but had issues with single sign-on and security.

“We’re still studying what the cloud is,” she added.

Article courtesy of chúng tôi

Editor’s Desk: Apple’s Changing Encryption Story, Patient Data Access

A news story at the beginning of the week shows a very changing position for Apple, which has focused for years on customer data access freedom and privacy but appears to have changed its tune when it comes to encryption. There’s also news from the electronic medical records (EMR) industry, which may get shaken up this year thanks to new rules imposed by a federal government agency that oversees how medical records are maintained.

Did Apple bow to government pressure on encryption?

A bombshell report made the rounds early in the week that Apple may have put the brakes on end-to-end encryption in iCloud backups at the behest of the FBI.

End-to-end encryption does exist in various parts of Apple’s cloud services, but not with iCloud backups. And in fairness, Apple has a good customer-forward reason not to do end-to-end encryption: If you, the user, lose the encryption key, Apple would have no way to unlock your backup, meaning you’d lose it forever. This makes it possible for Apple to still unlock it, since it has a copy of the key itself and can unlock it once it’s verified your identity, or if it’s ordered to by law enforcement.

It’s disturbing to think that Apple would have stopped this by government request, especially after saying that it was looking into how to do it. It’s also a bad look for a company that makes customer data security such a central part of its message – one that it’s often willingly to publicly combat the government on when pressed.

The good news is that if you do need encrypted backups of your iPhone or iPad, it’s still possible to connect them to a Mac (or PC) and back it up – either with iTunes, or in the case of iTunes-free Catalina, directly from the Finder.

TIP: How to sync your iPhone with a Mac in macOS Catalina

Patient data access should be sovereign, but isn’t

A new report from CNBC says that Epic Systems, one of the largest makers of electronic health records software, opposes proposed legislation that would make it easier to share medical records more broadly. On the surface it’s easy to roll your eyes and say, “well, no kidding.” But it’s also really important to understand what’s at stake here, because the issue of “information blocking” is something that affects literally everyone in the country touched by the health care system.

The Electronic Medical Records (EMR) industry has been pegging double-digit growth from year to year, with revenues predicted north of $38 billion globally by the end of 2025. Those business are interested in maintaining the status quo. Right now, the businesses managing this technology have little incentive to make it easy to make information interchangeable, thanks to a patchwork of ineffective legislation.

So it’s possible for patients to view records through a web site portal or using an app, but actually using that data is a different story – even exporting it to a tab-delimited file can be impossible. This has been an ongoing issue for years, and this was to be the year that new “information blocking” rules proposed by the U.S. Department of Health and Human Services (HHS) would help.

Under the proposed legislation, healthcare providers and health info system makers have to make their data more portable, to help patients exchange, access, or otherwise use their own medical records. They’d have to use standarded APIs (application programming interfaces) to make that data accessible. Epic Systems’ CEO believes the rules may put patient privacy at risk by potentially making info available without their consent. On the other hand, Cerner – one of Epic’s biggest rivals in the EMR space – has expressed support for the new rules.

I think Epic’s CEO is on the wrong side of this, and I’ve expressed my disappointment with the current state of health care record access before. Ultimately, patient data should be in the hands of patients, to do with as they will. I’m sure that making patient data more portable raises the possibility that Epic’s CEO sees – that people or businesses may unintentionally share information they’d rather keep personal. But I’d still rather be allowed to make that mistake rather than have that option taken away from me altogether.

I know Apple’s worked hard to integrate iOS with medical information systems whenever they can. Apple supports Epic, Cerner, athenahealth and other companies with what little open API support already exists in this realm. But it’s still in its infancy. If Epic’s top concern is making sure that patient data stays as private as they can make it, maybe they should take a page from Apple and do whatever they can to maintain that data privacy and security, while still acknowledging that it’s the patient’s data to do with as they will, not Epic’s.

Update the detailed information about Security Experts Debate Messaging Interoperability Encryption Challenges on the Tai-facebook.edu.vn website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!