@sigmasternchen Yes, I agree that encryption is beneficial, but I think that marking these large group chats as "encrypted" without at least a warning message creates a false sense of security that may make people be more comfortable than they should be. This will do more harm than encrypting large group chats. So I think that if a chat service were to support encryption of large group chats, they should put a warning there at least not less obvious than ones used for sending to unverified devices.
Conversation
Notices
-
Embed this notice
Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ (petercxy@comfy.social)'s status on Sunday, 21-Jan-2024 01:18:02 JST Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ
- Sexy Moon likes this.
-
Embed this notice
Sigma (sigmasternchen@comfy.social)'s status on Sunday, 21-Jan-2024 01:18:04 JST Sigma
@PeterCxy Totally fair. But I still think there is a benefit in encrypting as much as possible. Bigger groups make it more probable that something is leaked but at least it's not systematically accessible (for keyword searches or similar).
-
Embed this notice
Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ (petercxy@comfy.social)'s status on Sunday, 21-Jan-2024 01:18:06 JST Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ
@sigmasternchen Back in China there has also been cases where someone in a group chat ran into a cop when they had to take the metro. And they were required to show their phone to them. These are all somewhat low possibility events for each individual, but for large group chats it almost certainly will happen.
-
Embed this notice
Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ (petercxy@comfy.social)'s status on Sunday, 21-Jan-2024 01:18:09 JST Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ
@sigmasternchen Let's not even talk about the possibility that you don't even need to compromise the device per-se. Someone might just inadvertently post a screenshot of the group chat somewhere they shouldn't. Someone might have shown their phone with the chat open to someone else to whom they shouldn't show. As your group members grow, these "mishap"s will only become more and more likely, and I will argue that all of these options are far easier than either legal processes or trying to break E2EE itself. Personally I am only comfortable trusting E2EE up to around 20 participants. For anything beyond that I automatically assume that E2EE does not exist.
-
Embed this notice
Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ (petercxy@comfy.social)'s status on Sunday, 21-Jan-2024 01:18:10 JST Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ
@sigmasternchen I don't think the major risk is smuggling a mole into the chat either. But I think it is also far easier and more likely for any adversary, not just law enforcement, to compromise 1 device of 1 user within a chat of 1000 users, than to go through all the trouble of either compromising the server provider or to compel them to cooperate, especially when the server provider is not in a nation with easy law enforcement cooperation.
-
Embed this notice
Sigma (sigmasternchen@comfy.social)'s status on Sunday, 21-Jan-2024 01:18:11 JST Sigma
@PeterCxy Hmm, I get the argument. But on the other hand I think it's much more probable that e.g. law enforcement would approach the server provider instead of trying to smuggle a mole into the chat. At least that's what the FBI is doing with Whatsapp.
-
Embed this notice
Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ (petercxy@comfy.social)'s status on Sunday, 21-Jan-2024 01:18:13 JST Tᴀᴋᴀɴᴀsʜɪ Hᴏʀᴏ
@sigmasternchen I kind of think that group chat E2EE does not really need to scale. And I actually think that any protocol that supports group E2EE with more than a dozen participants should show a BIG FAT WARNING about large E2EE chats to mitigate a false sense of security.
Sexy Moon likes this. -
Embed this notice
Sigma (sigmasternchen@comfy.social)'s status on Sunday, 21-Jan-2024 01:18:14 JST Sigma
E2E encrypted chats and their disadvantages:
- Matrix: Meta-data (room topics/members, ...) + reactions not encrypted/authenticated. Security protocol has a bunch of disadvantages. Hard to use for non-techies.
- XMPP + OMEMO: Even harder to use for non-techies. No history on new devices. MUC members not encrypted/authenticated (afaik). MUCs don't scale well.
- XMPP + OTR: Like above, but no support for MUCs and no offline messages.
- XMPP + PGP: Like above, but similar security disadvantages to Matrix (replay attacks, ...)
- Signal: Centralised service on GCP (Google can see connection meta data). Group chats don't scale well. Only useable with a phone number.
- Whatsapp: Centralised service by Meta with a bad track record for security. Group chats don't scale well (same protocol as Signal). Provider can apparently access messages somehow. Only useable with phone number.
- Telegram: Also centralised. Normal chats and group chats not e2e encrypted at all. Secret chats use custom unverified protocol.