This is exactly what E2EE means. I used to work at a bank, and our data was E2EE, and we had to certify that it was E2EE - from the person paying, through the networks, through the DNS and Load balancers, until it got to the servers. Only at the servers could it be unencrypted and a (authoried) human could look at it.
Of course, only authorized users could see the data, but that was a different compliance line item.
No, E2EE doesn't mean it's encrypted until the service provider decrypts it. E2EE means the service provider is unable to decrypt it. What you are describing is encryption in transit (and possibly at rest).
Bank data is never E2EE because the bank needs to see it. If banks call it E2EE they are misusing the term. E2EE for financial transactions would look like e.g. ZCash.
I would argue it depends on context. E2EE means it's encrypted until the "target" receives it. For a messaging protocol, it's the intended recipient of the message. For what the person you're replying is discussing, the intended recipient IS the bank.
That being said, the person you're replying to seems to be saying that "the server" is always an "intended" end, which is wrong.
No, it doesn't depend on context. The intended recipient of a financial transaction is not the bank. The intended recipient is the party you're trying to pay. It is possible for financial transactions to be E2EE and completely indecipherable by anyone but the two parties of the transaction. Crypto like ZCash can do it. Banks cannot.
Can you expand on this a bit. It was my understanding that you're telling the bank to pay the vendor (from your money/credit). In that case, the bank certainly needs to know about the transaction... so it can make the payment.
I suggest researching how ZCash uses zero-knowledge proofs to allow paying money from your balance to another person's balance without any middleman like a bank being able to decrypt your transaction, while still allowing everyone to verify that important invariants are maintained, such as not allowing you to spend more money than you have.
This is what it takes to make a financial transaction E2EE. I'm not saying that banks could or should do this. I'm just saying that their systems do not qualify as E2EE unless they do. It's not ambiguous.
Doesn't the anonymous-ness of crypto/zcash make it impossible for the bank to handle fraud (reversing of charges and such)?
My understanding is that banks, at least in the US, need to have fairly extensive knowledge relating to all transfers of money, both for fraud handling and for non-fraud (money laundering, etc). A transaction they can't know anything about other than "transfer X money to some recipient you can't know anything about" just doesn't seem realistic with the regulations involved.
Plus, even "transfer X money to some recipient you can't know anything about" is a message that you're sending _to_ the bank, that they have to be able to decode and read. And, presumably, you'd encrypt that message and expect the bank to decrypt it.
Honestly, I don't understand what argument is that you're not sending a message TO the bank, and they need to be able to read it in order to act on it, and they need to decrypt it to read it. The bank is the target of the message, they are one of the "ends" in E2EE.
I feel like I need an "Explain this like I'm 5", because clearly you believe differently than me... and I don't understand _how_ it can be otherwise.
> Honestly, I don't understand what argument is that you're not sending a message TO the bank, and they need to be able to read it in order to act on it, and they need to decrypt it to read it. The bank is the target of the message, they are one of the "ends" in E2EE.
You might just as well say that E2EE messaging is impossible because you are sending a message "to" Signal, and they need to read it in order to act on it.
I'm telling the bank "I want you to give $5 of my money to Bob". I'm not asking them to pass a message to Bob. The entire message is the instructions for the bank to give the $5 to Bob. The bank MUST be able to read that message in order to follow the directions. There's nothing to "leave encrypted" to treat the bank as a non-end of the E2EE.
You could presumably hide who Bob is by making it some kind of anonymous account thing... but that _still_ wouldn't leave any message encrypted. Because all of the information needs to have been decrypted for the bank to act on it.
For the Signal analogy to apply, there would need to be some message going to Bob. And there isn't... other than "We're giving you this $5 for OP", all of which is information in the original message that the bank needs to act on it.
> I'm not saying that banks could or should do this. I'm just saying that their systems do not qualify as E2EE unless they do. It's not ambiguous.
That said, it might not be impossible to implement some enforcement of AML-like rules with zero-knowledge proofs. What's possible with advanced cryptography is not at all intuitive. But banks profit from their middleman position and surely wouldn't be interested in disintermediating themselves. Neither would crypto people be interested in adding AML. So I don't expect anyone to try. This fact still doesn't make existing middleman banks qualify as E2EE.
While what you're saying makes sense, it's not the normal use of the term - in fact, the term 'end to end encryption' was basically coined to differentiate user-to-user encryption (through an intermediary service that can't decrypt the message) from the regular case (user to service encryption) that you're talking about!
$ end-to-end encryption
(I) Continuous protection of data that flows between two points in
a network, effected by encrypting data when it leaves its source,
keeping it encrypted while it passes through any intermediate
computers (such as routers), and decrypting it only when it
arrives at the intended final destination. (See: wiretapping.
Compare: link encryption.)
Examples: A few are BLACKER, CANEWARE, IPLI, IPsec, PLI, SDNS,
SILS, SSH, SSL, TLS.
Tutorial: When two points are separated by multiple communication
links that are connected by one or more intermediate relays, end-
to-end encryption enables the source and destination systems to
protect their communications without depending on the intermediate
systems to provide the protection.
There's a bunch of older references as well. Since SSL/TLS wasn't really adopted by a lot of services until 2008+ usages of it are mainly in papers, old forum posts, etc. I saw it used and was discussing it back in the day on IRC with folks who were way more knowledgeable than me on this topic and had been in the trenches for a while :D
Nah. You have no reasonable expectation that the bank itself can’t access your financial records. Anyone reading Kohler’s lies would have every expectation that the Internet of Poopcam screenshots are theirs and theirs alone.
Anyone reading that is misunderstanding what E2EE means. As the article says, that's client-side encryption. Kohler isn't lying, people are confusing two different security features.
They're also claiming regulatory requirements as features. At least consumers might be able to sue in addition to several governments when it turns out to be a bunch of crap.
There is a level of convenience that is hard to get elsewhere.
I went on a Disney cruise 2 summers ago. All restaurants were in walking distance. All of deck 5 was dedicated to child care. They took you straight to excursions. Family was close, but not too close.
There were some downsides, too, but let's not focus on those. I think the "king" reason we went is because the grandparents were paying and they wanted everyone to be "there" and not leaving. I think the main reason we aren't going again is cost.
>It's not all-or-nothing. I'd rather have a choice instead of none.
I used to work adjacent to car financing. One of the "tricks" used in car negotiating is the "fake choice": "oh, you want to pay less for the car? Well. I can give you X OR Y for FREE!". Now you spend time thinking if you want X or Y, forgetting thay they are worth $200, and what you really want is $1000 less on the car.
Be careful with the "choice" you think you are making
"Sure, we can get some on-prem machines. They'll pay for themselves in 6 months. I just need permissions from Finance to spend some CAPEX, and get IT and Facilities to cooperate"
"Ugh, actually please keep using AWS. But try and spend less.. if you can and this does not compromise deadlines"
I have a go to list of positive things to think about.
I have physical tactile things (a small rock I carry around) that brings me joy when I touch it because it reminds me of good times.
It is very easy for me to get stuck in negative thought loops, and no matter how many things I see / feel / hear / ... it doesn't get better (at least in the short term).
The question your asking to me is akin to "can't people control what they see" thinking it's like a movie you can choose to go and attend, when instead it's like "A Clockwork Orange" where in fact I do not get to control what I see.
My experience quite often is that if I get in a bad state, the things that usually bring me joy just no longer do. In some cases they even produce more sadness.
It depends on my negative thought loop. If it's more existential anxiety the things that bring me joy sometimes can help. Other sources of negative thoughts they definitely don't work on.
I think this question stems from a fundamental misunderstanding of how depression works for a lot of people. You're asking "why don't they replace negative signals with positive signals" when the problem often is that the positive signaling mechanism itself is broken. It's like trying to balance a bike that only goes left.
It's like how you can't really help but automatically read text you look at in a language you know well.
It's very hard to control, over the years I've worked on reigning in my negative thinking, but every once in a while I still end up in a spiral of increasingly negative thoughts that don't just go away by focusing on positive things.
It's not quite as simple as that, but what you describe has some relation to Cognitive Behavioral Therapy. Part of CBT involves recognizing when you're ruminating/spiraling in thought patterns that you want to avoid, and strategies to redirect and break that loop.
No, but you can think less by reducing your cognitive ability through say drugs and alcohol. Notice how the happiest boomers guzzle the wine and don’t have as many (negative) thoughts.
The only thing I'd add to this (as someone with stupidly depressive and negative thought patterns), is that there are techniques that can help.
The parent comment comes off as flippant, but I am going to assume it's not intended that way.
Learning to think more positively takes an incredible amount of effort. An effort which seemingly never goes away. It just never gets easier. It's like my brain is simply wired to assume the worst, worry and of course just constantly make suicide seem like some kind of great way out. So much so, that when I was younger, I had assumed everyone just walked around constantly wondering whether it'd be easier to just die.
To this day, that's where my brain goes first. Decades of nearly daily thoughts of ending it. BUT and this is the crucial part, to me that was just always part of the noise. It's there, but it's not forcing my hand. I can both live and also constantly think that I don't particularly enjoy just existing for existence's sake and therefore death sort of seems like a viable alternative. I don't act upon it, because I'm too curious to see what's next, for the time being.
Anyway, the techniques that people are often taught in therapy sound simple and obvious, but they are harder to do than one might assume. Especially for people deep in depression.
Gratitude journaling is one of those things. It is quite boring and tedious to write down what one is grateful for in life. To write down every single good thing that happened in a day, no matter how small.
BUT, it sort of forces you onto a track of positive thought. It literally blocks / occupies thought, because it takes effort to do and focuses the mind on the positive, even if for a short period of time.
Similarly, as stupid as it sounds, sometimes it can help to simply sit up straight and smile. There is some feedback loop between pretending to be happy and then sort of feeling a bit happier all of a sudden. Doesn't always work, won't work for everyone and deep clinical depressions are a whole different ballgame.
Exercise is a pretty big one for me as well. As much as I hate it, I always feel better afterwards.
Again, the sum of various small techniques can eventually make a bit of a difference.
I've come to terms with the fact that depression is hard-wired into my brain structure and it's not going anywhere. But, I have also made a ton of new pathways that allow me to more quickly switch into more positive and grateful modes of thinking. And this, in some ways, is like a list of positive things to think, like the parent comment alluded to.
Though without all of the above, I'd also take offense at the implication that depressed people can somehow choose to be depressed and need to just stop being depressed. That notion is ridiculous and has prevailed for (what feels like) centuries of ignorance of mental conditions.
I have a really hard time doing gratitude. Most days are pretty much like any other day, especially with work. If I journal the same thing over and over ("lunch was fine" "the podcast I listened to was slightly interesting") it feels grim.
I feel like I'm already aware of the good things in my life. I'm actually quite fortunate. But even that forms a baseline: "I was healthy today in a world where not everyone is" grows repetitive. Saying it every day means little even if I write it down, and the writing itself feels more like a burden than a help.
Do you have any thoughts on how I might reframe that more beneficially?
I'll try to offer my perspective, but there is no guarantee it'll be of any use to you.
You are touching on a few things that sound familiar. I _struggle_ with repetition. Tasks like emptying a dishwasher or taking out the trash, to me, are like pure torture. No idea why. Now you can probably imagine what gratitude journaling feels like for me as well ;)
Another commenter mentioned the mantra as a technique (even espoused by various religions, though I'm not religious at all). The mantra is a way to simply take up space / time / focus. As I also mentioned, gratitude journaling simply doesn't allow you to think anything else for a moment and that, in and of itself, can be a relief.
I tend to play around with how I write these things down. Prose takes more effort. Changing the wording, and writing it from different perspectives can be a way to dedicate more mind-resources to it and also make it less boring.
Crucially, however, my ability to do this is supported by the other things I do. I have found that another concept comes in handy here, something I've come to call "avoiding zero-days". A zero-day is a day where I have not done a single thing that contributes to my health. E.g. I have not eaten healthy, I have not learned anything, I have done no exercise, I have done no work and I have ALSO not relaxed (see, the thing with my depression is that I won't really do anything. The tell-tale sign for me is when I stop enjoying video games. That's when I know I'm in deep. So literally getting myself to even play a video game is a win which contributes to a non-zero-day).
The reason I try to avoid zero-days is because ANY of the aforementioned things can give me that tiny positive push to accomplish another thing. Eventually, that can lead to a cascade of me achieving 2-3 positive things I'd like to achieve. And that can be the beginning of crawling out of depression for a while.
Another tendency of mine is to retreat into repetition (ironically, despite hating it) for comfort / safety / convenience / efficiency. So my mind kind of goes "I can score non-zero days by just doing one thing over and over". Take gratitude journaling. I'll be really tempted to not put effort in. To the point where I'll just write single words "exercise, training, sunshine" and be done with it. I start to try to cheat my own system.
So, I then have to remind myself to mix up the activities and see if I can pivot away from the obsessive component locking me in.
It's a never-ending cat and mouse game. That's all I can add from my perspective, not sure if that's of any use to you.
I'm not the person you replied to but their list of strategies (gratitude practice, evoking joy, exercise) pretty much mirrors what I've been trying to employ.
> Saying it every day means little even if I write it down, and the writing itself feels more like a burden than a help.
Perhaps an obvious statement but our experience with any type of practice varies in infinite ways from moment to moment. At times things just click or maybe we've built up enough momentum that it could feel effortless, but on just as many occasions it can feel like wading through sludge. When it's the latter I have to ask myself just how am I showing up for the activity. How mindful am I? What's my intention? Perhaps most importantly, is the sense of gratitude actually being felt in my body?
If you don't mind self-help type books, 'Hardwiring Happiness' by Rick Hanson is a fairly accessible resource that stresses the importance of the somatic side of this type of work. The tl;dr is that if more parts of the mind pay _sustained_ attention to the embodied experience of gratitude, compassion, joy etc. then we're increasing the chances of training our minds. So if I find myself enumerating things in a journal that I believe I'm grateful for but the exercise feels contrived or flat then that's a sign I should either tune even more into large parts of the body (can be anywhere but for me it's usually my face, chest, and arms) or just attempt to evoke warm feelings in those areas. That last part can feel fake at times but there's probably value in learning how to encourage more mind processes to sign up for the practice. The OP alluded to this bit with "sometimes it can help to simply sit up straight and smile". If the body remembers what gratitude feels like then chances are that's going to influence the mind for the next few moments.
'Awakening Joy' by James Baraz is another book in this vein. In it the author makes the case that learning how to shift our baseline towards one coloured with joy and gratitude usually requires someone repeatedly and genuinely appreciating seemingly trivial things over the course of each day (food, shelter, mobility, pet, access to nature, etc.). Whereas shifts occurring solely due to significant positive life events are potentially less common.
Likewise with the dot com bubble and the web - it was a bubble and it was overhyped, but it was still transformative if you look back 20 years as to how things are different in terms of media, and commerce.
Both smartphones (and tablets, and smart watches) and the internet went through the hype cycle [0], and the sentiments I've been reading lately indicate AI is in the "trough of disillusionment" right now. That said, I don't believe AI will ever reach the heights (i.e. the measurable ones, how much it penetrates our lives, how much money goes into it) as either smartphones or the internet had. Probably higher than VR / AR, but nowhere near the other ones.
It will of they can actually make it think better than we do. Whether they ever will is hard to say, but it feels pretty clear that throwing more money at LLMs isn't going to get us there.
Transformative, but not necessarily in a good way: likely to lead to the end of the open internet, along with all sorts of weird social effects from lowering the cost of convincing fakes.
Of course, only authorized users could see the data, but that was a different compliance line item.