Mastodawn

When I said that your discord clone doesn’t need e2ee, I got a lot of comments along the lines of “ then how would I use it to organize the revolution!” The answer is: you don’t. If you have more users than can comfortably share a Signal chat and hence want to use discord or something like it, you cannot POSSIBLY be vetting all of them to a high standard of trust. Your logs ARE leaking. End-to-end encryption between more people than can fit around a dinner table is pointless.

This article confirms what I already assumed, that “open source [information sense, not code sense] intelligence gathering on social media” includes, for the US government, asking for links to join groups that may *feel* private. My own discord has literally like a thousand idlers. It would be very *lucky* if none of them were logging for potentially nefarious purposes! And I remind the active users of this occasionally.

https://www.kenklippenstein.com/p/exclusive-ice-masks-up-in-more-ways

Exclusive: ICE Masks Up in More Ways Than One

Feds could be in your group chat

Ken Klippenstein

Show thread

5225225 Feb 13

@0xabad1dea to be honest, i disagree, not because it's safe to fedpost in a chat of hundreds of users, but because it makes e2ee itself less suspicious, and more noisy to infiltrate

yes, a fed can lurk in a large member count e2ee chat, but that still involves the effort to join, and possibly even talk sometimes when spoken to. and they'll absolutely not be in every chat.

as opposed to "hey discord let us run grep across your message database"

like, we're at the point for the web where every website[maintained] is encrypted, even if it would be fine for most to be plaintext. (and we got to that point by making TLS pretty much free)

e2ee is only really considered optional/a misfeature in some cases because it's not free, but it should be.

Show thread

George B

@5225225 @0xabad1dea

From what I've seen, org based chats (discord, slack, Zulip, etc where you join a server/organization/community that has channels in it that you can join and leave at will) are a lot more complicated to get E2EE working right on than group based ones (like signal where you just join a group) and solve a different problem.

Getting to "E2EE is normal' can be easily done with just the groups. I'm already in 7 signal groups that are just for talking about parenting toddlers.