From f73b06447ac4aa705da2f6e273c6d55a87c9a61f Mon Sep 17 00:00:00 2001 From: redoomed1 Date: Wed, 26 Mar 2025 20:54:13 -0700 Subject: [PATCH] update: Internal links Signed-off-by: redoomed1 --- docs/basics/common-threats.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/basics/common-threats.md b/docs/basics/common-threats.md index 5f5380cd..a2bf7626 100644 --- a/docs/basics/common-threats.md +++ b/docs/basics/common-threats.md @@ -126,7 +126,7 @@ Thankfully, E2EE can alleviate this issue by encrypting communications between y

Note on Web-based Encryption

-In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). +In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../essentials/real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). On the other hand, web-based E2EE implementations, such as Proton Mail's web app or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt. @@ -202,7 +202,7 @@ Censorship online can be carried out (to varying degrees) by actors including to Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship. -People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. +People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../essentials/real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.

Tip