(C) Alec Muffett's DropSafe blog.

(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]

A short thread on implementing properly private end-to-end encrypted messaging on your global megaplatform

2023-04-30 20:14:58+00:00

So, minor implementation details that should be super easy to address. — thaddeus e. grugq [email protected] (@thegrugq) April 30, 2023 https://twitter.com/0xcharlie/status/1652689971671646211

Alec’s Response

Quite; when building FB Messenger “Secret Conversations” in 2015/16, our analogous thinking was:

0/5) app-only

1) privacy precludes visibility

2) compensate with better report flows

3) fix cards mañana with local rendering

4) photo re-encoding is a thing

5) webclient will be hard

re: Web-Client, there were more significant architectural issues with in-browser keymgt back then — since resolved — but stuff like “not killing the data layer with zillions of fetches of old conversations to support E2E web clients” would also need fixing

So at the time (2016) it made sense to just provide Messenger E2E via the apps and to avoid web-clients, hence the “optional mode” thing. My understanding is that a lot of FB’s other technical barriers have since been resolved.

Similar: none of this should preclude E2E TwitterDM

(i’m presuming here that @thegrugq was not trying to be sarcastic; if so then ?whoosh? over my head, because really this is all a matter of corporate willpower more than anything else.)

Originally tweeted by Alec Muffett (@AlecMuffett) on 2023/04/30.
[END]

[1] URL: https://alecmuffett.com/article/60985
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/