XSF Discussion - 2018-08-10

  1. Syndace

    If there is no device list there is literally no way to send encrypted messages. I have no idea what conversations even sends in that case. A message only with the "your client does not support omemo" message? It should not ask to disable, but rather simply tell the user that encryption is impossible and switch to plaintext.

  2. Syndace

    No buttons that helpless users have to decide between

  3. Syndace

    as someone said earlier, if you're scared and don't understand something, you probably click "cancel"

  4. moparisthebest

    Syndace: it won't let you send anything, that's the correct behavior

  5. Syndace

    Oh, that dialogue reappears until you click disable?

  6. moparisthebest

    We have years of evidence that falling back to unencrypted is bad

  7. moparisthebest

    ISPs strip STARTLS all the time for example

  8. Syndace

    not talking about silent fallback

  9. moparisthebest

    Yep @ dialog reappearing

  10. Syndace

    Okay, that makes things a bit better.

  11. Syndace

    But it's not really "falling back" to plaintext if there never was an encrypted chat in the first place

  12. Syndace

    I think "force encryption" should be an opt-in setting

  13. moparisthebest

    It's opt out now in conversations

  14. moparisthebest

    I think that's the correct choice

  15. Syndace

    I would agree if the message was a bit friendlier for non-it people

  16. Syndace

    A message that does not make you click cancel because you don't understand what's going on

  17. Syndace

    But it's okay I guess, my initial rage was a bit too much

  18. goffi

    Hi. I don't think OMEMO by default is a good choice as long as 1) there is no full stanza encryption and 2) it's not at least in draft. But the situation is difficult, for a messenger where one of the main goal is security, the choice of Conversation is understandable.

  19. edhelas


  20. edhelas

    so looks like the futur Librem5 phone will have XMPP shipped in, using the libpurple library

  21. Seve

    I was quite surprised, as they said they were going to use Matrix. Or maybe both come with it?

  22. edhelas

    looks like both

  23. edhelas

    but with libpurple I don't expect to have a modern XMPP experience as well…

  24. Ge0rG

    maybe somebody should sacrifice themselves and bring libpurple to a reasonable level?

  25. Zash

    Crowdsource some monies for it?

  26. MattJ

    I'm starting to think that's the only answer (fixing Pidgin/libpurple)

  27. Zash

    I've been semi-seriously thinking that a while myself.

  28. Ge0rG

    Maybe that's a job for a student who's using Pidgin anyway already?

  29. Ge0rG 's looking at jonasw

  30. jonasw

    Ge0rG, good thing I’m not a student anymore

  31. MattJ

    Lucky escape

  32. Ge0rG

    jonasw: being a student doesn't magically stop with a master's degree. You are still tainted by the attitude.

  33. jonasw

    speaking of attitude: that’s just, like, your opinion, man

  34. Zash

    > who's using Pidgin Did you stop?

  35. Ge0rG

    jonasw: I've got some strong opinions, so you better not question them :P

  36. Seve

    I'm guessing they did research before using libpurple. What does libpurple offer that other libraries don't?

  37. Zash

    Support for every protocol under the sun.

  38. Zash

    More cruft than you can shake a stick at.

  39. Zash

    Dubious security track record