Threat Modeling of E2EE Adoption
π₯ Contributions accepted
If you'd like to contribute, get in
touch.
Fork and open pull requests at Github.
β οΈ Early version hint
We publish this in an early version with some branches unexplored or undocumented.
End-to-End Encryption (E2EE) is known for it's awesome privacy and confidentiality. Still, very few services are offered with E2EE. Users have to use unencrypted alternatives, which threatens their privacy.
Why is this? Can we find solutions for the challenges vendors face when implementing E2EE? This threat model takes a closer look at E2EE Adoption from the perspective of system vendors and aims to debunk all the reasons why providers βcannotβ implement E2EE.
The analysis chooses a Fortunately / Unfortunately Forest, as presented in the π Fortunately β π Unfortunately of π Fortunately β π Unfortunately based on the method presented in a whitepaper by Adam Shostack.
The analysis is inspired by E2EE Adoption Challenges discovered in Hendrik's master thesis on Usable and Secure End-to-End Encrypted Medical Image Link Shares.
Threat Model
[view threat model source code] [... nicer at GitHub]Conclusion
The Fortunately / Unfortunately Forest method is well suited for discussing the back and forth of E2EE Adoption Challenges and their solutions.
The problem space is well understood. In this early stage, the threat model needs more work and documentation to address all the challenges.