I am... so not understanding #OMEMO. Why do people actually like this?
keverets
Follow

@rozzin Not entirely sure what you mean, but I like end-to-end encryption (and forward secrecy) and federated services like jabber, so OMEMO fills a need. Is there something you don't like about it?

@keverets yeah I get that, and I generally agree; my issue is that trying out a client that had OMEMO enabled for a moment meant that I suddenly would never be able to read any of the messages people were sending me on any of the other clients/computers that I actually use. Suddenly I was the guy saying "I cannot read your messages, please stop doing that".
... and then, even when I had successfully received and decrypted messages with that client on that device, there's no provision for forwarding those messages to another client/device so that I can ever migrate away from the original one.
When "my messages are all locked up inside one particular device" was one of the major reasons I gave up on SMS and switched to XMPP in the first place, suddenly having the old SMS problems show up in XMPP hits a sore spot... https://www.hackerposse.com/~rozzin/journal/availability/cutting-the-cord-on-sms.html

@rozzin I can understand that. Though I still find many XMPP servers don't support XEP-0280 so the problem persists even for non-encrypted messages. Having a well-configured XMPP server has been an ongoing struggle since I started using jabber.

In terms of E2E encryption there's an attack vector I've observed where two devices are logged in & one is left physically behind. That device is then used to observe conversations that were thought to be private. Hard to get the UX right around these.

I actually do really want to secure my data in transit; but it's frustrating to the point of deterrence that the tools for secure transit seem to frequently create more problems for data at rest. #Enigmail maintained similar barriers to PGP use for years, for example: http://status.hackerposse.com/conversation/44450#notice-52884 #crypto

@rozzin I agree. It seems like a solvable problem but too often it's made into an all-or-nothing approach. It would be good to be able to select the degree of confidentiality: none (red), confidential-in-transit (yellow), confidential-in-transit-and-at-rest (green).

Perhaps even a level beyond with an ephemeral (do not store) though too many options leads to other problems.

Sign in to participate in the conversation
mastodon.cloud

Generalistic and moderated instance.
Everyone is welcome as long as you follow our code of conduct!