Interestingly enough, I've been to Turkey twice. I know the taste of the food, the gentleness of the people, their hospitality. I got a haircut both times - I lived their style. I had lunch with some of them. I sat and listened to them talk. I toured their houses and walked their streets.
I know a couple of interesting facts about Turkey, but I know things that I can't describe in a Wikipedia article, too.
I think the article, even though the author protests it's not that, looks at knowledge and experience as merely an accumulation of things.
With this mindset, seeing a photo on the internet and seeing the real thing with your eyes, after a walk to the location, is "the same". You've seen the thing, you can mark it in your checklist. Google, Wikipedia, and the real physical experience are all the same, you've "gained" the same. Reading about a sports match in Wikipedia is the same as having experienced it live, petting a dog is the same as looking at a photo of a dog, etc.
The author protests this is not what they mean, but ultimately, it seems that's exactly what they mean.
I read the OP's observation to be "they need to take it for life - and not treat it as a short term fix" but people talk about it as a short term fix.
Some medication, like Tylenol, is short term. You take it for a headache, and then move on. Other medication, like Adderall, you take for life. Everyday, you take it to manage ADD.
OP is arguing that appetite suppressor are a "take everyday for life, and stop talking about it as though it is a short term fix"
---
For my part, I know 3 people on appetite suppressors. 1 person lost a lot of weight, and then stopped recently - it is too soon to know if she "relapsed". 1 person lost a lot and will "stop taking it in 2 months". 1 person recently started taking it.
In my experience, people do talk about it like a short term fix. Should they take it for life? I'm not equipped to have an opinion just yet.
I'm about to start taking it, with plans for it to only be temporary.
I used to be fit and healthy, but then some things happened, and now I need a jumpstart to get to a lower weight to where I can resume doing physical activities and resume a healthy diet and lifestyle.
This is exactly what E2EE means. I used to work at a bank, and our data was E2EE, and we had to certify that it was E2EE - from the person paying, through the networks, through the DNS and Load balancers, until it got to the servers. Only at the servers could it be unencrypted and a (authoried) human could look at it.
Of course, only authorized users could see the data, but that was a different compliance line item.
No, E2EE doesn't mean it's encrypted until the service provider decrypts it. E2EE means the service provider is unable to decrypt it. What you are describing is encryption in transit (and possibly at rest).
Bank data is never E2EE because the bank needs to see it. If banks call it E2EE they are misusing the term. E2EE for financial transactions would look like e.g. ZCash.
I would argue it depends on context. E2EE means it's encrypted until the "target" receives it. For a messaging protocol, it's the intended recipient of the message. For what the person you're replying is discussing, the intended recipient IS the bank.
That being said, the person you're replying to seems to be saying that "the server" is always an "intended" end, which is wrong.
No, it doesn't depend on context. The intended recipient of a financial transaction is not the bank. The intended recipient is the party you're trying to pay. It is possible for financial transactions to be E2EE and completely indecipherable by anyone but the two parties of the transaction. Crypto like ZCash can do it. Banks cannot.
Can you expand on this a bit. It was my understanding that you're telling the bank to pay the vendor (from your money/credit). In that case, the bank certainly needs to know about the transaction... so it can make the payment.
I suggest researching how ZCash uses zero-knowledge proofs to allow paying money from your balance to another person's balance without any middleman like a bank being able to decrypt your transaction, while still allowing everyone to verify that important invariants are maintained, such as not allowing you to spend more money than you have.
This is what it takes to make a financial transaction E2EE. I'm not saying that banks could or should do this. I'm just saying that their systems do not qualify as E2EE unless they do. It's not ambiguous.
Doesn't the anonymous-ness of crypto/zcash make it impossible for the bank to handle fraud (reversing of charges and such)?
My understanding is that banks, at least in the US, need to have fairly extensive knowledge relating to all transfers of money, both for fraud handling and for non-fraud (money laundering, etc). A transaction they can't know anything about other than "transfer X money to some recipient you can't know anything about" just doesn't seem realistic with the regulations involved.
Plus, even "transfer X money to some recipient you can't know anything about" is a message that you're sending _to_ the bank, that they have to be able to decode and read. And, presumably, you'd encrypt that message and expect the bank to decrypt it.
Honestly, I don't understand what argument is that you're not sending a message TO the bank, and they need to be able to read it in order to act on it, and they need to decrypt it to read it. The bank is the target of the message, they are one of the "ends" in E2EE.
I feel like I need an "Explain this like I'm 5", because clearly you believe differently than me... and I don't understand _how_ it can be otherwise.
> Honestly, I don't understand what argument is that you're not sending a message TO the bank, and they need to be able to read it in order to act on it, and they need to decrypt it to read it. The bank is the target of the message, they are one of the "ends" in E2EE.
You might just as well say that E2EE messaging is impossible because you are sending a message "to" Signal, and they need to read it in order to act on it.
I'm telling the bank "I want you to give $5 of my money to Bob". I'm not asking them to pass a message to Bob. The entire message is the instructions for the bank to give the $5 to Bob. The bank MUST be able to read that message in order to follow the directions. There's nothing to "leave encrypted" to treat the bank as a non-end of the E2EE.
You could presumably hide who Bob is by making it some kind of anonymous account thing... but that _still_ wouldn't leave any message encrypted. Because all of the information needs to have been decrypted for the bank to act on it.
For the Signal analogy to apply, there would need to be some message going to Bob. And there isn't... other than "We're giving you this $5 for OP", all of which is information in the original message that the bank needs to act on it.
> I'm not saying that banks could or should do this. I'm just saying that their systems do not qualify as E2EE unless they do. It's not ambiguous.
That said, it might not be impossible to implement some enforcement of AML-like rules with zero-knowledge proofs. What's possible with advanced cryptography is not at all intuitive. But banks profit from their middleman position and surely wouldn't be interested in disintermediating themselves. Neither would crypto people be interested in adding AML. So I don't expect anyone to try. This fact still doesn't make existing middleman banks qualify as E2EE.
While what you're saying makes sense, it's not the normal use of the term - in fact, the term 'end to end encryption' was basically coined to differentiate user-to-user encryption (through an intermediary service that can't decrypt the message) from the regular case (user to service encryption) that you're talking about!
$ end-to-end encryption
(I) Continuous protection of data that flows between two points in
a network, effected by encrypting data when it leaves its source,
keeping it encrypted while it passes through any intermediate
computers (such as routers), and decrypting it only when it
arrives at the intended final destination. (See: wiretapping.
Compare: link encryption.)
Examples: A few are BLACKER, CANEWARE, IPLI, IPsec, PLI, SDNS,
SILS, SSH, SSL, TLS.
Tutorial: When two points are separated by multiple communication
links that are connected by one or more intermediate relays, end-
to-end encryption enables the source and destination systems to
protect their communications without depending on the intermediate
systems to provide the protection.
There's a bunch of older references as well. Since SSL/TLS wasn't really adopted by a lot of services until 2008+ usages of it are mainly in papers, old forum posts, etc. I saw it used and was discussing it back in the day on IRC with folks who were way more knowledgeable than me on this topic and had been in the trenches for a while :D
Nah. You have no reasonable expectation that the bank itself can’t access your financial records. Anyone reading Kohler’s lies would have every expectation that the Internet of Poopcam screenshots are theirs and theirs alone.
Anyone reading that is misunderstanding what E2EE means. As the article says, that's client-side encryption. Kohler isn't lying, people are confusing two different security features.
They're also claiming regulatory requirements as features. At least consumers might be able to sue in addition to several governments when it turns out to be a bunch of crap.
There is a level of convenience that is hard to get elsewhere.
I went on a Disney cruise 2 summers ago. All restaurants were in walking distance. All of deck 5 was dedicated to child care. They took you straight to excursions. Family was close, but not too close.
There were some downsides, too, but let's not focus on those. I think the "king" reason we went is because the grandparents were paying and they wanted everyone to be "there" and not leaving. I think the main reason we aren't going again is cost.
>It's not all-or-nothing. I'd rather have a choice instead of none.
I used to work adjacent to car financing. One of the "tricks" used in car negotiating is the "fake choice": "oh, you want to pay less for the car? Well. I can give you X OR Y for FREE!". Now you spend time thinking if you want X or Y, forgetting thay they are worth $200, and what you really want is $1000 less on the car.
Be careful with the "choice" you think you are making
"Sure, we can get some on-prem machines. They'll pay for themselves in 6 months. I just need permissions from Finance to spend some CAPEX, and get IT and Facilities to cooperate"
"Ugh, actually please keep using AWS. But try and spend less.. if you can and this does not compromise deadlines"
I know a couple of interesting facts about Turkey, but I know things that I can't describe in a Wikipedia article, too.
10/10 would recommend a trip to Turkey
reply