It’s called a backdoor for a reason. Also since adobe software nowadays has almost full access to your machine, what is to stop adobe from simply uploading and storing your private key on their servers and using it when they like? They run their DRM client with a ton of rights to your computer on boot.
WhatsApp can do exactly the same thing and read every message you write and still claim it is “end to end encrypted” for example because key creation is through a process in their proprietary software.
Not sure why you’d say that, its just a factual statement. Also, I don’t even use Adobe products, and transitioned to GIMP and Shotcut many, many years ago. I work in privacy and data security, so I just happen to be involved with this initiative from the sidelines.
As for your conmetary, you could say the same thing about Signal. But you wouldn’t, because you like them. Just because you don’t like a company doesn’t mean they are being nefarious.
Would I rather a privacy-focused company be doing this? Yes.
Am I pleased with what I see from Adobe (a weekly working group full of identity and open source community members)? Yes.
Does Adobe have a good chance of making this mainstream because of their ecosystem? Also yes.
When you see something better, let me know and I’ll participate there too, vs complaining about those trying.
Please tell me where I can find the source code of Adobe’s creative cloud DRM that has full access to the computer it is installed on and their audits to verify that they aren’t sending my private keys back.
You are comparing an audited, open source program with closed down proprietary system that says “trust me bro, we work with ‘security partners’, no we won’t release the audits”.
Interesting comparison. It’s like comparing a local farming co-op to the agro-industrial complex of Monsanto/beyer and saying “you could say the same about either! Monsanto is at least innovating in the seed space, no no no, ignore how they use it!!”
You’re taking that out of context. Signal is open source, but you don’t get to see what happens between GitHub and the Play Store. Adobe’s system that I am aluding to is also open, but we don’t get to see what happens in the software itself. The problem is, that’s not even what I’m talking about. I’m talking about a standard they are developing, not their software or DRM.
This isn’t just for Adobe, they’re just starting the process. Other systems can run it. Hardware can run it. Do you not use linux because Canonical or Red Hat contributed? Do you steer developers away from flutter because Google started it? Where is the line? Who do you think kicks off all the standards you use today? OAuth, OIDC, etc. If you want to avoid everything these companies contribe to, you’re going to have to stop using the internet.
Spoken like a real Adobe rep lol.
It’s called a backdoor for a reason. Also since adobe software nowadays has almost full access to your machine, what is to stop adobe from simply uploading and storing your private key on their servers and using it when they like? They run their DRM client with a ton of rights to your computer on boot.
WhatsApp can do exactly the same thing and read every message you write and still claim it is “end to end encrypted” for example because key creation is through a process in their proprietary software.
Not sure why you’d say that, its just a factual statement. Also, I don’t even use Adobe products, and transitioned to GIMP and Shotcut many, many years ago. I work in privacy and data security, so I just happen to be involved with this initiative from the sidelines.
As for your conmetary, you could say the same thing about Signal. But you wouldn’t, because you like them. Just because you don’t like a company doesn’t mean they are being nefarious.
Would I rather a privacy-focused company be doing this? Yes.
Am I pleased with what I see from Adobe (a weekly working group full of identity and open source community members)? Yes.
Does Adobe have a good chance of making this mainstream because of their ecosystem? Also yes.
When you see something better, let me know and I’ll participate there too, vs complaining about those trying.
https://community.signalusers.org/t/overview-of-third-party-security-audits/13243
Here is an entire list of years and years of independent audits
https://github.com/signalapp
Here, go look yourself to verify that the frontend isn’t sending your encryption key back to the server.
https://www.adobe.com/trust/security.html
Please tell me where I can find the source code of Adobe’s creative cloud DRM that has full access to the computer it is installed on and their audits to verify that they aren’t sending my private keys back.
You are comparing an audited, open source program with closed down proprietary system that says “trust me bro, we work with ‘security partners’, no we won’t release the audits”.
Interesting comparison. It’s like comparing a local farming co-op to the agro-industrial complex of Monsanto/beyer and saying “you could say the same about either! Monsanto is at least innovating in the seed space, no no no, ignore how they use it!!”
You’re taking that out of context. Signal is open source, but you don’t get to see what happens between GitHub and the Play Store. Adobe’s system that I am aluding to is also open, but we don’t get to see what happens in the software itself. The problem is, that’s not even what I’m talking about. I’m talking about a standard they are developing, not their software or DRM.
This isn’t just for Adobe, they’re just starting the process. Other systems can run it. Hardware can run it. Do you not use linux because Canonical or Red Hat contributed? Do you steer developers away from flutter because Google started it? Where is the line? Who do you think kicks off all the standards you use today? OAuth, OIDC, etc. If you want to avoid everything these companies contribe to, you’re going to have to stop using the internet.