Conversation
Notices
-
Embed this notice
feld (feld@friedcheese.us)'s status on Wednesday, 15-Jan-2025 15:14:20 JST 
feld
If you rely on disappearing messages to keep your conversations private, you need Perfect Forward Secrecy
If you keep your chat history there is no point in having PFS because if they compromise your device to get the key to decrypt your messages they captured, they'll just see your entire chat history is *right there* so why do they need your key?-
Embed this notice
Delta Chat (delta@chaos.social)'s status on Thursday, 16-Jan-2025 03:04:41 JST 
Delta Chat
@feld here is a corollary with more precision. You need perfect forward secrecy if _all_ of the following is true:
- you use disappearing messages
- you have an adversary that has access to all your past encrypted messages (i.e. to the internal records of your message relay server)
- the same adversary also gets access to your device contents (i.e. secret decryption key)
When did anyone you know or talked to encounter such an adversary in a real life situation?
-
Embed this notice
feld (feld@friedcheese.us)'s status on Friday, 17-Jan-2025 04:28:40 JST
feld
@rakoo every messenger with PFS uses its own protocol and is something that can be easily blocked or its usage tracked by nation states
When you build on top of something like email it restricts their ability to do anything about it without massively disrupting all email access in the country. And email is too important to shutdown. -
Embed this notice
rakoo (rakoo@blah.rako.space)'s status on Friday, 17-Jan-2025 04:28:44 JST 
rakoo
Although I totally agree with you, I like to see it the collective way: if all messengers have PFS, the few who actually need it have a better infrastructure to rely on (because there is more money put into it) and everyone else gets a higher bar even if they don't use it @feld
-
Embed this notice
All GNU social JP content and data are available under the