Mastodawn

When I said that your discord clone doesn’t need e2ee, I got a lot of comments along the lines of “ then how would I use it to organize the revolution!” The answer is: you don’t. If you have more users than can comfortably share a Signal chat and hence want to use discord or something like it, you cannot POSSIBLY be vetting all of them to a high standard of trust. Your logs ARE leaking. End-to-end encryption between more people than can fit around a dinner table is pointless.

This article confirms what I already assumed, that “open source [information sense, not code sense] intelligence gathering on social media” includes, for the US government, asking for links to join groups that may *feel* private. My own discord has literally like a thousand idlers. It would be very *lucky* if none of them were logging for potentially nefarious purposes! And I remind the active users of this occasionally.

https://www.kenklippenstein.com/p/exclusive-ice-masks-up-in-more-ways

Exclusive: ICE Masks Up in More Ways Than One

Feds could be in your group chat

Ken Klippenstein

Show thread

5225225 Feb 13

@0xabad1dea to be honest, i disagree, not because it's safe to fedpost in a chat of hundreds of users, but because it makes e2ee itself less suspicious, and more noisy to infiltrate

yes, a fed can lurk in a large member count e2ee chat, but that still involves the effort to join, and possibly even talk sometimes when spoken to. and they'll absolutely not be in every chat.

as opposed to "hey discord let us run grep across your message database"

like, we're at the point for the web where every website[maintained] is encrypted, even if it would be fine for most to be plaintext. (and we got to that point by making TLS pretty much free)

e2ee is only really considered optional/a misfeature in some cases because it's not free, but it should be.

Show thread

abadidea Feb 13

@5225225 sorry, I can't hear you. maybe we should both just delete all our keys and generate new ones? just click through whatever warning it shows you, this happens all the time

Show thread

seliaste Feb 13

@0xabad1dea @5225225 that's such a terrible reply.

Show thread

abadidea Feb 13

@seliaste ma’am it’s a lot more efficient to block me yourself than to ask me to block you for you

Show thread

seliaste Feb 13

@0xabad1dea I'm mostly saying this for the others reading this exchange and showing support to the one who was sharing an interesting counterargument, which you completely brushed aside and then proceeded to make an unrelated joke that's not even a thing in signal. I really didn't expect to see that kind of behaviour around here.

Show thread

abadidea Feb 14

@seliaste I’m genuinely baffled to the point I have to assume this is a language barrier thing. unrelated joke? it was a rhetorical point about the one piece of software that does in fact do the exact thing I am saying not to do, because this is literally what happens

Show thread

seliaste

@0xabad1dea I completely understand the meaning of the words I used.
You made a complaint about one specific instance of a protocol that used to have this kind of problem (which it does not anymore) to someone who was answering on a completely different topic of "why we should have e2ee" and not "there is good, seamless e2ee in matrix".