Lol. Rofl, even.

@sophieschmieg @q same

People can't help but try to evangelize Matrix in response to things I wrote, so I just disclosed a few more issues in Matrix's cryptography to their security@ email address.

This time, the issues were in their Rust library, vodozemac.

One of them was pretty fucking stupid.

I'll do a better write-up than I was initially planning when they've had time to fix it.

@0x4d6165 Anyway, to that I say: No.

It's important for privacy that a lot of the data being encrypted is low-value.

If you only ever encrypt activist stuff, then by virtue of using encryption the government can argue they know you're doing activist stuff. Possibly illegal activist stuff. And a Grand Jury will be convinced.

But if we normalize using encryption always, not just for "sensitive" stuff, then that argument falls apart.

@0x4d6165 Your post keeps 404ing every time I try to interact with it.

On Discord Alternatives

Next month, Discord is going to start requiring age verification. The backlash from gamers everywhere has been predictable and justified. I guess their company name checks out. I've had a few people reach out to me because of my prior vulnerability disclosures and criticism of encrypted messaging apps. (Thanks, Toggart.) Unfortunately, asking a cryptography-focused security engineer for app recommendations is like asking a rocket scientist to…

On Discord Alternatives - Dhole Moments

Next month, Discord is going to start requiring age verification. The backlash from gamers everywhere has been predictable and justified. I guess their company name checks out. https://www.youtube.com/watch?v=D-s6HuzZRNg https://www.youtube.com/watch?v=D-s6HuzZRNg I've had a few people reach out to me because of my prior vulnerability disclosures and criticism of encrypted messaging apps. (Thanks, Toggart.) Unfortunately, asking a…

Dhole Moments (soatok.blog)