|
|
|
|
|
|
by upofadown
376 days ago
|
|
|
>...you're still relying on the Twitter server to give you the public key of the other party and there's no out of band mechanism to do that or verify the authenticity of that public key at present. ... >Signal doesn't have these shortcomings. Use Signal. Dunno that Signal is a really good counterexample for this particular aspect of E2EE messaging. The option exists to compare a 60 digit decimal number but the usability of this feature is such that most users don't even know that this is something they have to do. Just having a feature is not valuable if no one knows that feature exists and have no idea what any of it means. I like the approach used by Briar Messenger. They just have the user use the number that represents identity in the system. There is no misleading feature that maps a phone number to the actual cryptographic identity. This makes it much harder for the user to unknowingly use the system in an unsafe way. A Briar identity looks like this: briar://bafybeiczsscdsbs7ffqz55asqdf3smv6klcw3gofszvwlyarci
|
|
|