Yall who understand crypto and security and stuff
Putting encryption on the browser for e2ee encryption is a really bad idea, right? I feel like it is, but it's too early to say for sure. I've been studying the matrix documents around libolm
@urso the biggest things to look for in any encrypted traffic is the certificate chain - do you know what the remote cert is (can you verify it with the other end) to help understand if the communication isn’t decrypted somewhere along the channel. But whenever remote servers get involved, it gets hazy. Signal has probably the best setup I’ve seen. The certificate chains are explicit and you’re expected to verify them. Especially if they change (new phones for example)
@urso others will probably give you a more eloquent response here but typing it out on my phone leads to brevity
@robdaemon that makes sense, thanks! Yeah, whenever I look, it just becomes more clear I shouldn't even try to implement it. Gotta go back to think about the threat model and leave this stuff to people who are experienced with it
And agreed on signal. I just wish it didn't just rely on phone numbers
Bear.community is a 18+ only Mastodon server for bears, chubbies and chasers.