I am... so not understanding #OMEMO. Why do people actually like this?
Follow

@rozzin Not entirely sure what you mean, but I like end-to-end encryption (and forward secrecy) and federated services like jabber, so OMEMO fills a need. Is there something you don't like about it?

@keverets yeah I get that, and I generally agree; my issue is that trying out a client that had OMEMO enabled for a moment meant that I suddenly would never be able to read any of the messages people were sending me on any of the other clients/computers that I actually use. Suddenly I was the guy saying "I cannot read your messages, please stop doing that".
... and then, even when I had successfully received and decrypted messages with that client on that device, there's no provision for forwarding those messages to another client/device so that I can ever migrate away from the original one.
When "my messages are all locked up inside one particular device" was one of the major reasons I gave up on SMS and switched to XMPP in the first place, suddenly having the old SMS problems show up in XMPP hits a sore spot... https://www.hackerposse.com/~rozzin/journal/availability/cutting-the-cord-on-sms.html

@rozzin I can understand that. Though I still find many XMPP servers don't support XEP-0280 so the problem persists even for non-encrypted messages. Having a well-configured XMPP server has been an ongoing struggle since I started using jabber.

In terms of E2E encryption there's an attack vector I've observed where two devices are logged in & one is left physically behind. That device is then used to observe conversations that were thought to be private. Hard to get the UX right around these.

I actually do really want to secure my data in transit; but it's frustrating to the point of deterrence that the tools for secure transit seem to frequently create more problems for data at rest. #Enigmail maintained similar barriers to PGP use for years, for example: http://status.hackerposse.com/conversation/44450#notice-52884 #crypto

@rozzin I agree. It seems like a solvable problem but too often it's made into an all-or-nothing approach. It would be good to be able to select the degree of confidentiality: none (red), confidential-in-transit (yellow), confidential-in-transit-and-at-rest (green).

Perhaps even a level beyond with an ephemeral (do not store) though too many options leads to other problems.

@keverets, I'm comfortable just keeping `how it gets there' and `what you're supposed to do with it after it arrives' separate domains—and actually I'm pretty sure I prefer it at this point; everything I said 5 years ago in that other conversation still stands ☺http://status.hackerposse.com/conversation/44450#notice-52898
Sign in to participate in the conversation
mastodon.cloud

Generalistic and moderated instance.
Everyone is welcome as long as you follow our code of conduct!