So the Department of Justice pushes to ban End-to-End encryption, denying people their basic human right to privacy.

WhatsApp would need to hand all the messages to the state authorities if needed.

Damn, who would have guessed this could happen?

nytimes.com/2019/10/03/us/poli

For the record, E2EE is not enough itself. Implementing a backdoor at the client app level allows to decrypt the whole conversation and send it to the mothership.

This is a nice reminder that non-free software can easily be abused to deny people's basic human rights

As for the alternatives, someone compiled a nice spreadsheet of Instant Messaging systems (on Google's cloud, sorry) with different criteria:

docs.google.com/spreadsheets/d

I see at least two criteria that are hard to estimate: ease of installation (including server side, if any), and ease of use/user experience.

I love the Matrix concept, but boy, the UX really needs polishing before I can recommend it to my non-tech friends

@thibaultamartin have you seen the new RiotX for android? It's still in alpha but already has much better UI/UX than the existing Riot's

@f0x for several reasons I'm not an Android user. Plus neither my family nor friends use Android.

IM systems are meant to communicate with others. Unfortunately the iOS world is often left behind when good standards start to emerge. While I can understand it, it sure is a cold shower of the average citizen

Follow

@thibaultamartin @f0x Yesterday I read that someone was able to hack the French governments Matrix/Riot based chat in one hour. Do you know anything about this? I want to really like it, but that was worrying

@forteller @thibaultamartin Let me find the writeup for that, it wasn't "hacked" per se, and an error in code specific to the french deployment

@forteller @thibaultamartin the details are on matrix.org/blog/2019/04/18/sec

It allowed someone to sign up on an instance that was set to only allow sign-ups from specific email-addresses. It did not give access to any existing accounts or communications.

as a sidenote, the Ars Technica article about this has some factual errors, the matrix.org tweet linked refers to a different incident, which was unrelated to Matrix/Synapse

@f0x @thibaultamartin Thank you both for the info. Sounds like everything is OK, then :)

@forteller @f0x Yes it was french security researcher Baptiste Robert (twitter.com/fs0c131y) who discovered the flaw, which was quickly patched by the Matrix team

@thibaultamartin @forteller and another sidenote, that "security researcher" handled it like an absolute ass, going for twitter fame instead of responsible disclosure

@f0x @forteller What actually happened is that he privately contacted both the DINSIC (maintainer of the app) and Matrix teams, plus he publicly said he found a vulnerability.

He published the vulnerability details after the patch was issued though.

Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!