this post was submitted on 25 Aug 2024
1 points (100.0% liked)
Technology
59651 readers
2643 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No, it's not. It's very easy. In the bottom right corner there is a pencil button to compose a new message and right there it asks which tpye of chat to start. Secret chat is the second topmost option after group chat. Really not hidden or complicated at all.
Encryption is part of defense strategy, otherwise it's like a steel door in a house with wall panels made of paper.
That strategy involves all communications being encrypted. Otherwise rubber hose cryptanalysis becomes practical.
Why would it even be an option to have a non-encryted chat if the app can do encrypted?
My man, have you ever worked in tech support? I admire your optimism.
That's my day job and I'm good at it. People understand when I explain three clicks.
Fair enough. I've met both good and bad users.
It is not easy, as it's not even possible on desktop.
It’s three clicks. And it opens a separate chat from the existing one. It’s obscure enough that you could say the UX deprioritizes (which at best is not an actively malicious design choice) usage of end-to-end encryption.
Anything harder than usual in the same application means it won't usually be used.
And encryption is about collective immunity. So everything should be encrypted.
So it's only three clicks, ergo easy.
I don't see the problem. The secret one has the lock icon to clearly mark it. There's no way one would accidentally pick the wrong chat. Delete the old, unencrypted one to be sure.
I agreed in another comment that there should be an "encrypted by default" option somewhere. I'm not claiming that it's perfect but the claim in the blog that it's super complicated is just not true. At least calls are P2P-encrypted by default.
Ah good point, gotta delete the old unencrypted chat too to avoid confusion. That’s definitely more than just 3 clicks.
Yeah I mean if you started one. If you went in with a secret chat in the first place then it wouldn't be an issue. And so it's one extra click vs. starting a normal chat. I hope it hasn't inconvenienced you more than it's taken for all these replies.
If you’re talking to 30 people, it’s 90 clicks. It might be 3 clicks if you know where to look, but end of the day, even if you know where to find it, that’s still that many clicks times how many people you chat with. It’s not ideal. I wouldn’t say it’s complicated sure, but it’s not easy.
Uh, so? A "compose message" button is the approach many communication apps use, including e-mail. Don't get me started how many clicks it is to GPG-encrypt e-mails...
I don't know how many times I have to repeat myself that I agree on that part. You act as I would disagree. I don't. It could be better but it's also not a complicated nightmare as the blog author makes it out to be.
Right. But it’s also not exactly “easy” which is what you’re saying it is.
If easy was a sliding scale. Easy would be enabled by default. Hard would be making it obscure and hard to find. I would say it’s definitely closer to the harder to find side. But that’s just me. But 3 clicks, and having to switch chats and maybe delete the old one to avoid confusion, none of that is easy.
It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.
Better yet, don't have an option to not have encrypted chats. I don't see a reason to not have everything E2EE all the time.
I don't disagree but the claim that you quoted was that it's complicated to initiate and as I explained it's not. Also secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.
If you have to enable it every time, it's complicated enough that most people won't bother. Maybe they'll do it once or twice out of novelty, but it's not going to become a habit.
I only consider something "encrypted" if it's actually encrypted by default, or at least prompts to enable it permanently on first launch. Otherwise, it's not an "encrypted" chat, it just has the option to have some chats encrypted.
annoying != complicated
More steps required to perform something is very squarely within the definition of complicated, no matter how straightforward those steps are.
Is it more complicated to achieve than in other e2ee messengers? Yes, thus saying it is complicated is justified.
But then you couldn't get that juicy user and conversation data.
They’ve implemented it in such a way that you only have access to an encrypted chat on a single device, so no syncing between devices. Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.
That's because if you are able to get your private key on another device, then Google, Apple or Microsoft, and that means anyone, also have access to your private key. And you don't have e2ee, literally.
I would look into how Matrix handles this, for example. It involves unique device keys, device verification from a trusted device, and cross-signing. It’s not just some private key that’s spread around to random new devices where you lose track of.
You probably didn't ever meet non-IT person(or most of the IT people). To use e2ee means you need to keep your private key close and safe. 99.999% people can't do that. So when they lost their key their conversation history is gone and it's your fault not theirs.
Signal does this by having your data be unencrypted at rest on your device, and I think that's a reasonable tradeoff because it protects the most import part: data in transit. Or you can be like Matrix and require/strongly encourage setting up multiple clients so you always have a fallback (e.g. desktop and phone). There are reasonable technical solutions to the problem of making an E2EE chat system.
As I understand it, public groups use server side encryption (so not robust), but private chats use e2e encryption that is client side. (More robust)