you don't need to detect encryption. with full memory access, you just take the plaintext.

My point is that you don't have to do the encryption on the device. You can send/store encrypted data via compromised devices and channels.

Yes. And you can obfuscate it. You can even encode it using packet timing, which is very hard to detect. It's also very inefficient, on the order of 1%, but that's enough for text over HD video. See True Names by Vernor Vinge.

You can't trust the device - it's compromised. So even if you use encryption with that compromised device the plain text still leaks.

Not if the encrypted text was created on a trusted device.

Consider that, as it is now, encrypted data on the Internet traverses numerous untrusted devices.

For an extreme example, see https://github.com/maqp/tfc-otp

> Consider that, as it is now, encrypted data on the Internet traverses numerous untrusted devices

And those untrusted devices leak considerable amounts of that data! You know that it doesn't matter how good the encryption is if one of the computers in the chain is full of malware.

I genuinely don't understand the point you're making, especially in reference to this parent: https://news.ycombinator.com/item?id=11271745

For your OTP example: I know what the cipher text is. I slurped that. I don't know what the key is, or the plain text is, until you decrypt it, at which point I know both because I have access to your memory because your computer is compromised.

My point is that compartmentalization allows secure communication through untrusted devices. It won't be convenient, but it's doable. There is no "computer". There are local networks of suitably isolated devices.

The device that decrypts can't send anything to the Internet, because it's behind receive-only optoisolators. The device that encrypts can't receive anything from the Internet, because it's behind send-only optoisolators. All intervening information processing may occur in your head. Or there may be other devices that are totally air-gapped, with all data transfer through single use flash storage. If you're using entirely untrusted devices, you move all crypto to such air-gapped devices.

It does help if these devices can be trusted, but that's not essential. You could, for example, do encryption manually with one-time pads. Or use that thing with decks of cards.

Maybe you claim that no trustable devices will be available. But that's unlikely. Consider how easy it is to obtain Afghani heroin in NYC. Also, if I were targeted by American adversaries, I could arguably trust devices backdoored by the Russians, or the North Koreans, etc. And vice versa.

There still are some encryption schemes that can be run with nothing more than a pencil and paper. See SMSPP for example: https://gist.github.com/plugnburn/6b50ceee3a89893a9e48

You can also use straddling checkerboards if you can do some very simple math.