E2EE, the be all and end all of chat?

12 points by calvin

awn

bitshift
Thank you for linking this. It's an awesome post because:
1. It starts off by reaffirming that UX is more important than any theoretical feature that people don't use because they can't use your software.
2. It points out that "rogue user scrapes the chat" is not the only threat model. If your hosting provider is compelled to give up their hard drives, encryption still protects the privacy of the chat.

kitkat

I agree. There's been a lot of talk this week about Matrix's subpar E2EE implementation, and why that supposedly disqualifies Matrix as a Discord replacement, but I think those people are missing the point. No, it's not great long-term, but if Matrix gets users off of Discord now then that's a win. We can work on E2EE later (and the people who care about it that much right now can just use Signal).

BinaryIgor

The truth is: most conversations do not need to be E2EE.

It's a great feature to have for privacy-sensitive conversations; but it doesn't have to be a default and requirement.

hoistbypetard

I only half agree with you: I don't think all chat programs need to do E2EE, but if a chat program is going to offer E2EE, it needs to be required for all conversations, or it will have terrible security holes. (i.e. A channel that is sometimes secure and sometimes insecure will eventually end up with sensitive stuff being sent in insecure mode.)

I also think that public group chat servers should not use E2EE for public chats (that anyone can join) because there are footguns when an adversary can see both encrypted and decrypted E2EE messages. I'm not asserting that it's impossible to pull that off safely, but I think it is easy to introduce serious problems.

symgryph

I know there are valid standards that can do this such as omemo. It's just it's hard. I think for people to write it correct. It's not so much as lack of standards as it's hard to properly implement them