Ow. Okay, I take it back, unless there's something I'm missing then Matrix's system is better than this.
I'm sorry, I just can not imagine asking a non-technical person to copy and paste that into a messenger and then needing to help them debug which letter they left off. It's hard enough to get them to validate "I see a cat, a dog, a horse, a pizza, and a basketball."
I guess I'll wait and see what happens with it, but I'm going to temper my expectations about people adopting this.
You know, that is a good point. Far be it from me to encourage Apple to do more attestation -- to be clear, UX problems aside I don't want a centralized identity management service.
However, from Apple's perspective, this does kind of feel like the worst of both worlds. People have to update their devices to the most recent iOS version, apparently being signed in on an old device just turns off verification, apparently it's not even per-device?
So if that's the case, Apple has all of the downsides of attestation right now. Why also have the downsides for keys and in-band verification as well. It does seem like it would be simpler for them to try and have this be something that's tied into iCloud that gets set up only by the person who wants to be verified. Again, I'm not saying I want that, I don't want Apple arbitrating identities, but... why wouldn't they? Why have a system with both downsides?
I'm sure there are caveats I'm not thinking of, but it does seem like they could probably do this in a less federated/decentralized manner?
In theory no, but in practice, wow do people seem to struggle with keys. Matrix's current system went emoji only because even numbers seem to be too much for people. And arguably, even emoji are too much for people.
There's larger UX problems surrounding when/where to copy and what the caveats are, but even ignoring them, people do seem to struggle with copy paste, especially cross-device stuff. I'm not sure what the solution is.
I'm sorry, I just can not imagine asking a non-technical person to copy and paste that into a messenger and then needing to help them debug which letter they left off. It's hard enough to get them to validate "I see a cat, a dog, a horse, a pizza, and a basketball."
I guess I'll wait and see what happens with it, but I'm going to temper my expectations about people adopting this.