-
Syndace
If there is no device list there is literally no way to send encrypted messages. I have no idea what conversations even sends in that case. A message only with the "your client does not support omemo" message? It should not ask to disable, but rather simply tell the user that encryption is impossible and switch to plaintext.
-
Syndace
No buttons that helpless users have to decide between
-
Syndace
as someone said earlier, if you're scared and don't understand something, you probably click "cancel"
-
moparisthebest
Syndace: it won't let you send anything, that's the correct behavior
-
Syndace
Oh, that dialogue reappears until you click disable?
-
moparisthebest
We have years of evidence that falling back to unencrypted is bad
-
moparisthebest
ISPs strip STARTLS all the time for example
-
Syndace
not talking about silent fallback
-
moparisthebest
Yep @ dialog reappearing
-
Syndace
Okay, that makes things a bit better.
-
Syndace
But it's not really "falling back" to plaintext if there never was an encrypted chat in the first place
-
Syndace
I think "force encryption" should be an opt-in setting
-
moparisthebest
It's opt out now in conversations
-
moparisthebest
I think that's the correct choice
-
Syndace
I would agree if the message was a bit friendlier for non-it people
-
Syndace
A message that does not make you click cancel because you don't understand what's going on
-
Syndace
But it's okay I guess, my initial rage was a bit too much
-
goffi
Hi. I don't think OMEMO by default is a good choice as long as 1) there is no full stanza encryption and 2) it's not at least in draft. But the situation is difficult, for a messenger where one of the main goal is security, the choice of Conversation is understandable.
-
edhelas
https://puri.sm/posts/librem5-progress-report-17/
-
edhelas
so looks like the futur Librem5 phone will have XMPP shipped in, using the libpurple library
-
Seve
I was quite surprised, as they said they were going to use Matrix. Or maybe both come with it?
-
edhelas
looks like both
-
edhelas
but with libpurple I don't expect to have a modern XMPP experience as well…
-
Ge0rG
maybe somebody should sacrifice themselves and bring libpurple to a reasonable level?
-
Zash
Crowdsource some monies for it?
-
MattJ
I'm starting to think that's the only answer (fixing Pidgin/libpurple)
-
Zash
I've been semi-seriously thinking that a while myself.
-
Ge0rG
Maybe that's a job for a student who's using Pidgin anyway already?
- Ge0rG 's looking at jonasw
-
jonasw
Ge0rG, good thing I’m not a student anymore
-
MattJ
Lucky escape
-
Ge0rG
jonasw: being a student doesn't magically stop with a master's degree. You are still tainted by the attitude.
-
jonasw
speaking of attitude: that’s just, like, your opinion, man
-
Zash
> who's using Pidgin Did you stop?
-
Ge0rG
jonasw: I've got some strong opinions, so you better not question them :P
-
Seve
I'm guessing they did research before using libpurple. What does libpurple offer that other libraries don't?
-
Zash
Support for every protocol under the sun.
-
Zash
More cruft than you can shake a stick at.
-
Zash
Dubious security track record