THE CHAT PROTOCOL OF THE FUTURE
-
the terraform provider creates and owns the channel. it is the only user with the right to turn on encryption for said channels. voila. this is a perfectly reasonable solution.
matrix E2EE channels are fucking stupid because they leak all sorts of metadata
for example, the topic is unencrypted
reactions are unencrypted
replies reference unencrypted MXIDs so you can tell what is being replied to even if the payload itself is encrypted
do not use them. do not waste your time on them. it is not worth it.
-
matrix E2EE channels are fucking stupid because they leak all sorts of metadata
for example, the topic is unencrypted
reactions are unencrypted
replies reference unencrypted MXIDs so you can tell what is being replied to even if the payload itself is encrypted
do not use them. do not waste your time on them. it is not worth it.
or as I put it in the Bundernet #known-issues room which is acting as an FAQ
-
R relay@relay.an.exchange shared this topic
-
I incentive moved this topic from Uncategorized
-
or as I put it in the Bundernet #known-issues room which is acting as an FAQ
@ariadne Matrix also allows unencrypted messages in encrypted rooms, and the information that a room is encrypted may not reach a client. I reported this to both clients and the matrix spec, but was told that this was expected behaviour both times ("because we want to allow bots"). Dumbest E2E impl out there.
-
R relay@relay.infosec.exchange shared this topic
-
matrix E2EE channels are fucking stupid because they leak all sorts of metadata
for example, the topic is unencrypted
reactions are unencrypted
replies reference unencrypted MXIDs so you can tell what is being replied to even if the payload itself is encrypted
do not use them. do not waste your time on them. it is not worth it.
@ariadne is this something that could be fixed or is it too fundamental to how Matrix works?
-
THE CHAT PROTOCOL OF THE FUTURE
@ariadne Are there any good, federated and E2EE IMs? Signal has good E2EE but not federation, XMPP has better federation but no E2EE out of the box.
IMHO, Matrix is currently the best of what we got, in terms of both decentralisation and privacy. -
@ariadne Are there any good, federated and E2EE IMs? Signal has good E2EE but not federation, XMPP has better federation but no E2EE out of the box.
IMHO, Matrix is currently the best of what we got, in terms of both decentralisation and privacy.@tapafon when it comes to E2EE federation is not a priority for me, safety is the priority.
-
THE CHAT PROTOCOL OF THE FUTURE
-
@tapafon when it comes to E2EE federation is not a priority for me, safety is the priority.
-
-
Well, I'd say some public xmpp servers hosted by people actively developing clients or being active in the XSF (xmpp standards foundation) are safe to use, too. For example: conversations.im or yax.im.
Both are listed as default in Monal and I know both admins personally
You can of course use any server with Monal.
-
@tapafon @ariadne The whole "Metadata" discussion is for the most part FUD by Signal fans.
OFC this doesn't mean I deny the problem.
- But if you are concerned about said issue then you'd already only communicate with you own private self-hosted servers that are only reachable with a VPN over Tor.
The truth is that as of now there are no good options out there, unless you consider sending #PGP-encypted messages to a self-hosted, hidden ntfy.sh server to each other.
-
@tapafon @ariadne The whole "Metadata" discussion is for the most part FUD by Signal fans.
OFC this doesn't mean I deny the problem.
- But if you are concerned about said issue then you'd already only communicate with you own private self-hosted servers that are only reachable with a VPN over Tor.
The truth is that as of now there are no good options out there, unless you consider sending #PGP-encypted messages to a self-hosted, hidden ntfy.sh server to each other.
> The whole "Metadata" discussion is for the most part FUD by Signal fans.
lmao no it isn't. CIA kills based on metadata.
-
Well, I'd say some public xmpp servers hosted by people actively developing clients or being active in the XSF (xmpp standards foundation) are safe to use, too. For example: conversations.im or yax.im.
Both are listed as default in Monal and I know both admins personally
You can of course use any server with Monal.
-
the solution to Signal being proprietary is to build a libre clone of Signal, not to pretend that Matrix and XMPP are safe.
-
But if you are concerned about said issue then you'd already only communicate with you own private self-hosted servers that are only reachable with a VPN over Tor.
Again: Layering & Defining your Scope is critical.
If we expect "#TechIlliterate #Nirmies" to "migrate to #Tails & #GrapheneOS or die" they'll give us all the finger and most likely add a restraint order on top of it.
- OFC we need to work on this scope, but I'd rather offer the "best possible" than being complicit in the Starus Quo.
Feel free to name alternatives that actually work and have actual support…
-
@tapafon @ariadne that won't hapoen because #Signal are so fucking criminally incompetent that they are hard locked-in on #aws on their inrastructure.
- It would likely be easier and cheaper in terms of personnel hours needed to just make better, hardened clients for existing protocols rather than "unfuck" the mess that is @signalapp, which at best is just a big-ass #Honeypot!
-
But if you are concerned about said issue then you'd already only communicate with you own private self-hosted servers that are only reachable with a VPN over Tor.
Again: Layering & Defining your Scope is critical.
If we expect "#TechIlliterate #Nirmies" to "migrate to #Tails & #GrapheneOS or die" they'll give us all the finger and most likely add a restraint order on top of it.
- OFC we need to work on this scope, but I'd rather offer the "best possible" than being complicit in the Starus Quo.
Feel free to name alternatives that actually work and have actual support…
the scope is that western democracy is in a state of freefall and we are actively losing ground to fascist oligarchs in both the US and EU.
in such a scope, cute toys like OMEMO and IRC's blowfish scripts and things of the same shape like Matrix's OLM/MegOLM do not provide an acceptable level of personal assurance.
telling people to depend on these technologies as a security engineer is malfeasance.
Signal also is not truly good enough (because it is proprietary), but it is at least accessible to non-technical people and cryptographically sound.
the real answer is Tox, but somebody needs to build the plumbing to make it accessible to non-technical people.
-
the scope is that western democracy is in a state of freefall and we are actively losing ground to fascist oligarchs in both the US and EU.
in such a scope, cute toys like OMEMO and IRC's blowfish scripts and things of the same shape like Matrix's OLM/MegOLM do not provide an acceptable level of personal assurance.
telling people to depend on these technologies as a security engineer is malfeasance.
Signal also is not truly good enough (because it is proprietary), but it is at least accessible to non-technical people and cryptographically sound.
the real answer is Tox, but somebody needs to build the plumbing to make it accessible to non-technical people.
@kkarhan @tapafon@soc.ua-fediland.de @ariadne Isn't Tox that P2P thing? There's @cwtch developed by amazing folks like @sarahjamielewis
-
@kkarhan @tapafon@soc.ua-fediland.de @ariadne Isn't Tox that P2P thing? There's @cwtch developed by amazing folks like @sarahjamielewis
@tris @kkarhan @cwtch @sarahjamielewis yes. Cwtch would also work, but I am less familiar with it. It also needs plumbing for non-technical people.
BBM worked with fingerprints back in the day because PGP fingerprints were 32-bit at the time. Asking non-technical people to memorize 100s of bits of public key material isn't going to work.
-
@tapafon @ariadne @monocles @kkarhan sure, but you talked about honeypots and controlled opposition and that's normally not true for the people I mentioned.
Also, albeit a bit philosophical, you always have to trust someone. You seem to make the cut at the client side (so you trust the client developers to not sneak some surveillance code in) and I make the cut somewhere on the server side, not trusting all servers, but some
