[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / siberia / edu / hobby / tech / games / anime / music / draw / AKM ] [ meta / roulette ] [ wiki / twitter / cytube / git ] [ GET / ref / marx / booru ]

/meta/ - Ruthless criticism of all that exists (in leftypol.org)

Discussions, querries, feedback and complaints about the site and its administration.
Name
Options
Subject
Comment
Flag
File
Embed
Password (For file deletion.)

Join our Matrix Chat <=> IRC: #leftypol on Rizon


 

Why is the Matrix server not end to end encrypted?

Whoever has rights to this room should enable end to end encryption.

I understand that because there are around 300 users in the room at current count you might think that this doesn't give much security but actually it gives more than you think.

First of all if the users are using the public matrix .org server, and then that server is a counterparty and can read all of the messages. Why let them? And the same is true of any other public or semi public server.

And even in the case where it's a law enforcement who for whatever stupid reason wants to see, having them end to end encrypted makes the investigation more costly because they have to find somebody with the key who is willing to share it. That's not hard to do when you got 300 people to go through but it is definitely work and won't get done in an hour, probably has a turn around time around 6 for the feds.

Finally there is the point that ISPs can read all the messages. It's just not smart to leave it off

 

in practice it's buggy as fuck, it makes messages constantly not go through. i don't understand the security concerns, it's a public room so all this talk about LE methods is pointless because you can just stick a bot in there and log everything

 

>>25756
Right. If you need to have a private encrypted conversation, do it in a smaller group. It’s not possible to ensure perfect privacy in a large group chat. And IRC is already on the other side leaking the decrypted conversation.

 

>around 300
That's not around 300, it's around 250
REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

 

>>25757
>>25756
Interesting points, thanks. I did not know that there was some limitation as to the number of users that you could have within an encrypted group. This makes me think that the implementation that Matrix itself is using is wrong because typically what you want to do is make a single key for the room, and then just encrypt that key, which is itself a private key that gives you access, against all of the users that have access. This way you only have to actually encrypt the messages once, the same as in a small group.

Some systems do rotation as well, for example when users are leaving and joining it might rotate the key either every time that happens or every 10 minutes, whichever takes longer.

 

>>25756
>>25757

Looking at this page I understand perfectly why it's so difficult, but this doesn't really mean their implementation is wrong, it's just maximally secure which is okay for small groups but not good for large groups as you said.

https://matrix-org.github.io/synapse/latest/auth_chain_difference_algorithm.html

And by the way I have no particular security concern. That isn't the point, the point is I don't believe in giving people any more data than they're entitled to, and so I didn't see a reason that all the various counterparties here should get data that they otherwise would not if the option were just how I thought it worked.

Thanks for explaining.

 

>>25764
In practice, anyone who isn't a complete retard could get access to the chat. So e2e encryption might even be harmful by giving the impression of offering privacy. Anything you post there and here should be considered public. For 98+% of people, you can call your local FBI agency, NSA, etc, tell them you're a leftist, post on 4pol your address and political affiliations and literally nothing will happen to you.

I still think you should try to be private and secure, but the paranoia is sometimes blown out of proportion.

 

>>25766
>In practice, anyone who isn't a complete retard
Kinda a funny point.
Thankfully we've never had an enemy, such as they are, who wasn't an absolute retard. But the possibility shouldn't be disregarded to keep safe.

 

>>25767
The "IQ of a mentally challenged pug" filter already excludes like 80% of the problematic people lmao


Unique IPs: 5

[Return][Go to top] [Catalog] | [Home][Post a Reply]
Delete Post [ ]
[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / siberia / edu / hobby / tech / games / anime / music / draw / AKM ] [ meta / roulette ] [ wiki / twitter / cytube / git ] [ GET / ref / marx / booru ]