Genuine question - have you ever implemented an E2E encrypted system?
Because it's not particularly easy to do, and there are a lot of caveats and drawbacks.
Let me rephrase your assumption: "Why couldn't you just mail me the letter in a 100lb safe. In 2022, that's my standard expectation from any service".
So - are you willing to pay to ship 100lbs for every letter you send? Are you meticulously managing the details of how to handle locking and unlocking that safe? Are you working out the details on recovery and storage, handling lost devices, configuring a communication channel for sharing certs/keys, managing several crypto dependencies and libraries - all so that you can go "Hey - what's up!" in a notification to your phone?
Or should you just stop whining - accept that this is free - and take the authors advice and host it yourself?
I run a E2E system using public and private keys. It's really not that complex.
Sure, it's not free, but the implementation effort was 1/100 of the UI work.
Clients encrypt data in the browser, share id of the data and key (+ optional password). Some other clients receive id of the data and the key and read it.
For a notification service, you would just need a setup step to generate a key and store it in the browser + on the phone.
That said, I'm not sure I understand why would someone need to notify its own phone.
> Are you working out the details on recovery and storage, handling lost devices, configuring a communication channel for sharing certs/keys, managing several crypto dependencies and libraries - all so that you can go "Hey - what's up!" in a notification to your phone?
In 2022, there is no need to invent anything new about E2E encryption. There are many successful open-source examples, including Keybase and Firefox Sync.
There is no question that it adds development overhead, but I personally wouldn't even run a public service for others without E2E encryption.
> Or should you just stop whining - accept that this is free - and take the authors advice and host it yourself?
I am not attacking the author, nor do I currently care about this particular service he is providing.
This is Hacker News, a discussion platform, and I am raising a question about software development in general.
>This is Hacker News, a discussion platform, and I am raising a question about software development in general.
No - no you aren't. You're complaining about a feature in a product you've admitted you won't use.
Which... is fine. At the end of the day - the feedback might be helpful or it might not, part of the journey of publishing software (or making anything, really) is figuring out what advice to listen to, and what to ignore.
But personally - I don't really find your point sensible. You have no use-case, you have no threat model, you have a very unclear understanding of what E2E encryption entails, in my opinion - since you point to apps whose entire marketing shtick is that they have E2E encryption and say "if they are doing it, it must be easy" - Ignoring that they are literally using the difficulty of doing it as the distinguishing factor for their product.
But hey - I worked for a security company that did E2E encryption for fortune 100 companies, mostly banks, for 5 years (and eventually went out of business... as an aside) so what do I know...
> But personally - I don't really find your point sensible. You have no use-case, you have no threat model [...]
My point is very clear and simple: all private communication on the internet should be E2E encrypted by default, unless there is a good reason not to.
> [...] say "if they are doing it, it must be easy" - Ignoring that they are literally using the difficulty of doing it as the distinguishing factor for their product.
I am not claiming that it's easy, but there has been plenty of open-source projects launched with E2E encryption by default in the past few years.
> all private communication on the internet should be E2E encrypted by default, unless there is a good reason not to.
Why? Why do you think this. What value do you imagine this is bringing you beyond simple TLS?
Because to me, this is like saying "All conversations should be whispered by default, unless there is a good reason not to." except that's obviously not reasonable, because there are many reasons not to whisper all the time. In the same way that there are many reasons wrapping all your communication into a black box is a bad idea (discoverability and search being the most obvious two, although data loss is right on up there).
> My point is very clear and simple: all private communication on the internet should be E2E encrypted by default, unless there is a good reason not to.
Are you counting HTTPS as “E2E encrypted”? Because if not, consider that we do private communication over mere HTTPS all day long. Me loading the HN web page and having my own personal rendering of it with my user cookie header and all my upvote/downvote/karma/profile state is private communication, for example.
> Because if not, consider that we do private communication over mere HTTPS all day long. Me loading the HN web page and having my own personal rendering of it with my user cookie header and all my upvote/downvote/karma/profile state is private communication, for example.
Because there is a good reason for it: it wouldn't work well with E2E encryption.
Well, ok, I guess we can use that as a justification for anything then. For example, the “good reason not to” use E2E for ntfy could be “market analysis says the small and somewhat theoretical benefit isn’t worth the complexity.”
Yes, but you said all private communication should be E2E. Apparently you're defining communication in some way that excludes an awful lot of what I'd consider communication (e.g. HTTPS traffic).
My key point was "unless there is a good reason not to". And in many cases there is a good reason not to use E2E encryption, like the example you have given. But in the case of Ntfy, E2E encryption would be a perfect fit, and eliminate any need for self-hosting.
I'll be blunt - as someone who worked in the space extensively... if you really need e2e encryption, you want to be self hosting anyways.
By the time you're trusting a hosting provider to properly do e2e for you... you've basically already lost the game. At any point they can update what's running and remove any/all protections you think you have.
So again - what is your threat model here? Because it sounds like you want "super convenient" and also "super secure" and those aren't two options you just check off - they're really more like diametrically opposed sides of the same slider.
You solve that by forwarding/decrypting/adding noise between servers, enough to cover metadata traffic you generate. The only data you reveal is anyone listening know you might have used it at some point. See https://vuvuzela.io/ I suspect it is named so because it uses a lot of bandwidth.
Because it's not particularly easy to do, and there are a lot of caveats and drawbacks.
Let me rephrase your assumption: "Why couldn't you just mail me the letter in a 100lb safe. In 2022, that's my standard expectation from any service".
So - are you willing to pay to ship 100lbs for every letter you send? Are you meticulously managing the details of how to handle locking and unlocking that safe? Are you working out the details on recovery and storage, handling lost devices, configuring a communication channel for sharing certs/keys, managing several crypto dependencies and libraries - all so that you can go "Hey - what's up!" in a notification to your phone?
Or should you just stop whining - accept that this is free - and take the authors advice and host it yourself?