A few weeks ago I enabled for the fist time #e2e for a 1:1 chat in #Matrix and it was really cumbersome until all devices of all participants where verified correctly. Nothing I could do with any "normal" user. Hope there will be a more intuitive solution like #TOFU in the future and leave device verification to the people who really need/want it.
@bjoern man kann doch auch einfach ohne Verifizierung verschlüsselt schreiben, dann ist halt ein Ausrufezeichen an den Nachrichten.
I don't have the log. But the red exclamation marks contained "error messages" which where not obvious if everything works as expected (does my message arrives on all devices? Is it really encrypted?), if I remember correctly. The "normal" user mode shouldn't be full of warning signs, imho.
@masoud I think Conversations does many things right in this regard. By default all devices are trusted, no error messages, no warnings. Only if I start to explicitly verify one of your devices our relationship become more strict. From this point on I will get a warning when a new device shows up and I have to verify it. IMHO that's a good tradeoff, by default it is user friendly and if I want to have this extra level of security it becomes more strict.
@bjoern They are working on cross-signing, so you'll only have to verify one of each user's devices.
Security comes with a price!
Nothing wrong to have to verify devices, That ensures you know who you are talking to.
Besides, it is not hard at all to verify.
That is how I feel about this. :)
Good security depends on many things, threat model, personal security needs, usability to make sure people use it and use it right,.. There are definitely people who need a high level of security, protecting them from targeted surveillance, including knowing and verifying every device. For other people it is enough to protect each other from mass surveillance - 1/2
@Divert We need to design security for the masses with the extra features for the few if we want to succeed - 2/2
@Divert What I'm waiting for (and afaik it is on the roadmap) is E2E by default, ideally with no possibility to opt-out. Because that's the only way to make encrypted communication the default. For this it is crucial that by default it is completely transparent to the users, like Signal, Wire, Conversations,... I have a lot of trust in the Matrix people and I'm sure they will get there.
I don't think there is a point on encrypting large public rooms.(+2000 users) And if this will harm performance I would appreciate to have the option to not encrypt such rooms.
Other than that, I agree with encrypting everything else. So I would be on the side of having an opt-out for some rooms.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!