So the Department of Justice pushes to ban End-to-End encryption, denying people their basic human right to privacy.

WhatsApp would need to hand all the messages to the state authorities if needed.

Damn, who would have guessed this could happen?

nytimes.com/2019/10/03/us/poli

Follow

For the record, E2EE is not enough itself. Implementing a backdoor at the client app level allows to decrypt the whole conversation and send it to the mothership.

This is a nice reminder that non-free software can easily be abused to deny people's basic human rights

· · Web · 1 · 7 · 6

As for the alternatives, someone compiled a nice spreadsheet of Instant Messaging systems (on Google's cloud, sorry) with different criteria:

docs.google.com/spreadsheets/d

I see at least two criteria that are hard to estimate: ease of installation (including server side, if any), and ease of use/user experience.

I love the Matrix concept, but boy, the UX really needs polishing before I can recommend it to my non-tech friends

@thibaultamartin have you seen the new RiotX for android? It's still in alpha but already has much better UI/UX than the existing Riot's

@f0x for several reasons I'm not an Android user. Plus neither my family nor friends use Android.

IM systems are meant to communicate with others. Unfortunately the iOS world is often left behind when good standards start to emerge. While I can understand it, it sure is a cold shower of the average citizen

@thibaultamartin even if you don't use Android it still shows there's lots of work being done to make the UI better, which will probably trickle down to iOS as well, eventually

@f0x I don't mean to deprecate the Matrix team and community's work which is amazing. I just mean that as of today I do not recommend it to my non-tech surrounding :)

@thibaultamartin @f0x Yesterday I read that someone was able to hack the French governments Matrix/Riot based chat in one hour. Do you know anything about this? I want to really like it, but that was worrying

@forteller @thibaultamartin Let me find the writeup for that, it wasn't "hacked" per se, and an error in code specific to the french deployment

@forteller @thibaultamartin the details are on matrix.org/blog/2019/04/18/sec

It allowed someone to sign up on an instance that was set to only allow sign-ups from specific email-addresses. It did not give access to any existing accounts or communications.

as a sidenote, the Ars Technica article about this has some factual errors, the matrix.org tweet linked refers to a different incident, which was unrelated to Matrix/Synapse

@f0x @thibaultamartin Thank you both for the info. Sounds like everything is OK, then :)

@forteller @f0x Yes it was french security researcher Baptiste Robert (twitter.com/fs0c131y) who discovered the flaw, which was quickly patched by the Matrix team

@thibaultamartin @forteller and another sidenote, that "security researcher" handled it like an absolute ass, going for twitter fame instead of responsible disclosure

@f0x @forteller What actually happened is that he privately contacted both the DINSIC (maintainer of the app) and Matrix teams, plus he publicly said he found a vulnerability.

He published the vulnerability details after the patch was issued though.

@thibaultamartin are any of those projects compatible with each other?
I.e. are there any other protocols than XMPP that is used by more than one chat implementation?

@zatnosk I'd say that as long as the specs are open, anyone can implement his own client.

While it looks easy on paper, actually implementing software with a decent UX is really hard. Software developers are much more willing to spend their free time on libre software than designers.

What this means is basically that we both need to find a sustainable way to fund libre software (including design) and spread the awareness to more designers

@thibaultamartin while anyone _can_ implement their own client, it makes a hell of a difference whether anyone actually does - at least it's a pretty powerful indicator on the health and diversity* of a protocol (*of people influencing the evolution of the protocol), and the health and diversity of the ecosystem around it.

@thibaultamartin Developing good interfaces IS hard, both on paper and in practice. Developers are the only digital workers who can make tools for themselves - designers have to trust a developer. And this trust is easier to build if there's a healthy community / ecosystem around the protocol and the software. And not just a productive community, but a community that is inviting and friendly to newcomers - e.g. designers that can help make better UX.

@thibaultamartin If the community is centered around a central project, then the maintainers of that project automatically becomes gatekeepers of who can participate in the protocol's evolution. The worst case is a BDFL with a specific vision that they want to make real, and from there it's a gradient to all the way to multiple independent democratic projects.

So anyone who isn't a designer, should focus on making it more democratic, while the designers should listen to people and work.

@thibaultamartin (this conclusion of course only applies to projects where there's a lack of good UX)

@thibaultamartin (sorry for the long thread, I just needed to get all those words out of my system)

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré

Mamot.fr est un serveur Mastodon francophone, géré par La Quadrature du Net.