Mastodawn

When I said that your discord clone doesn’t need e2ee, I got a lot of comments along the lines of “ then how would I use it to organize the revolution!” The answer is: you don’t. If you have more users than can comfortably share a Signal chat and hence want to use discord or something like it, you cannot POSSIBLY be vetting all of them to a high standard of trust. Your logs ARE leaking. End-to-end encryption between more people than can fit around a dinner table is pointless.

This article confirms what I already assumed, that “open source [information sense, not code sense] intelligence gathering on social media” includes, for the US government, asking for links to join groups that may *feel* private. My own discord has literally like a thousand idlers. It would be very *lucky* if none of them were logging for potentially nefarious purposes! And I remind the active users of this occasionally.

https://www.kenklippenstein.com/p/exclusive-ice-masks-up-in-more-ways

Exclusive: ICE Masks Up in More Ways Than One

Feds could be in your group chat

Ken Klippenstein

Show thread

refraction

Feb 13

@0xabad1dea I do think there's a point to E2EE that isn't about trying to thwart nation state adversaries. honestly you should probably not talk about your illegal actions on Signal either.

Show thread

refraction

@0xabad1dea but yeah anything that for all practical purposes is basically open to the public anyway doesn't need encryption. I just don't know that that contains all likely use cases.
though I do see the risk of encryption giving folks a false sense of security.

example: we're in a signal group with several hundred local folks where people share about events, ask recommendations for doctors and the like. at that point the encryption is basically pointless. this is just the chat app everyone happens to have.