A few weeks ago I enabled for the fist time #e2e for a 1:1 chat in #Matrix and it was really cumbersome until all devices of all participants where verified correctly. Nothing I could do with any "normal" user. Hope there will be a more intuitive solution like #TOFU in the future and leave device verification to the people who really need/want it.
@bjoern yea, we enabled encryption in a chat with one person here and it's a headache since then. No amount of cross-verification helps.
@masoud I think Conversations does many things right in this regard. By default all devices are trusted, no error messages, no warnings. Only if I start to explicitly verify one of your devices our relationship become more strict. From this point on I will get a warning when a new device shows up and I have to verify it. IMHO that's a good tradeoff, by default it is user friendly and if I want to have this extra level of security it becomes more strict.
@bjoern They are working on cross-signing, so you'll only have to verify one of each user's devices.
Security comes with a price!
Nothing wrong to have to verify devices, That ensures you know who you are talking to.
Besides, it is not hard at all to verify.
That is how I feel about this. :)
Good security depends on many things, threat model, personal security needs, usability to make sure people use it and use it right,.. There are definitely people who need a high level of security, protecting them from targeted surveillance, including knowing and verifying every device. For other people it is enough to protect each other from mass surveillance - 1/2
@Divert We need to design security for the masses with the extra features for the few if we want to succeed - 2/2
@Divert What I'm waiting for (and afaik it is on the roadmap) is E2E by default, ideally with no possibility to opt-out. Because that's the only way to make encrypted communication the default. For this it is crucial that by default it is completely transparent to the users, like Signal, Wire, Conversations,... I have a lot of trust in the Matrix people and I'm sure they will get there.
I don't think there is a point on encrypting large public rooms.(+2000 users) And if this will harm performance I would appreciate to have the option to not encrypt such rooms.
Other than that, I agree with encrypting everything else. So I would be on the side of having an opt-out for some rooms.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!