End to End Encryption SIG - 2021-12-30

  1. pep.

    Yeah this article is debatable, at least. “So E2EE only hinders State surveillance marginally and exposes users to an increased risk of being hacked by the State.” < The last part of this sentence is not backed up by any kind of data, it appears out of nowhere. (that it increases risks) “E2EE is not effective against surveillance if it is not accompanied with metadata protection.” < This is a useless statement? Sure e2ee doesn't protect against leaking metadata, so what? “An even bigger issue here are message archives and audit trails.” < “e2ee is bad because it can't be decrypted” do I understand correctly? And then tackling on the "false sense of security". Not questioning at all the fact that users (people in general) aren't taught what security means is maybe the issue rather (or tech in general, not just security)

  2. Alastair Hogge

    The only point I was able to extract from the article was, that marketing or propagandising of E2EE apps as exploits the ignorance of the app user, example the blind trusting of other agents'

  3. Alastair Hogge

    s/as//

  4. moparisthebest

    it also wrongly assumes that state surveillance is the only thing it's protecting against

  5. qy

    Do i have to manually send out pubsub#event headlines?

  6. qy

    Or is that done by the server

  7. MattJ

    qy, by the server, that's kinda the point of pubsub :)

  8. qy

    Right, yeah, just checking :)

  9. qy

    I distractedly just tried sending external iqs

  10. qy

    Wasnt sure headlines followed the same logic

  11. qy

    Okay i'm reading the 0384, am i right in understanding that sending an <encrypted> block with no payload is how to initiate a session? Or otherwise, how? Cause i'm announcing bundle and devicelist, but my other account is still not initiating one with me best i can tell

  12. larma

    The session is typically initiated with the first message

  13. qy

    Right, but my other account doesnt look to be trying, is that perhaps because it tried earlier, and its still waiting for a response?

  14. qy

    Im not sure what step is missing

  15. qy

    I can initiate one myself on my side, but i fancied at least a little verification im not going the wrong path

  16. qy

    Jeez i need someone who's implemented this before who's brain i can pick on the regular, cause i can't grok the spec well enough

  17. *IM*

    moparisthebest: > it also wrongly assumes that state surveillance is the only thing it's protecting against What else? Could you give examples?

  18. moparisthebest

    *IM*: evil WiFi, evil server operators, server hacking/compromise, abusive spouse, probably more?

  19. *IM*

    Thanks a lot!