• woelkchen@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    edit-2
    3 months ago

    It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.

    I don’t disagree but the claim that you quoted was that it’s complicated to initiate and as I explained it’s not. Also secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.

    • brrt@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      ·
      3 months ago

      Is it more complicated to achieve than in other e2ee messengers? Yes, thus saying it is complicated is justified.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      7
      ·
      3 months ago

      If you have to enable it every time, it’s complicated enough that most people won’t bother. Maybe they’ll do it once or twice out of novelty, but it’s not going to become a habit.

      I only consider something “encrypted” if it’s actually encrypted by default, or at least prompts to enable it permanently on first launch. Otherwise, it’s not an “encrypted” chat, it just has the option to have some chats encrypted.

        • scarabic@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          3 months ago

          More steps required to perform something is very squarely within the definition of complicated, no matter how straightforward those steps are.

      • woelkchen@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        3 months ago

        If you have to enable it every time, it’s complicated

        But you don’t. As I already explained: secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.

        I have plenty of encrypted chats that I don’t have to enable every time I want to send one. I don’t understand where this misconception comes from.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          4
          ·
          3 months ago

          Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.

          It’s not an encrypted chat app. It’s an unencrypted chat app that has an option for encrypted chats. Whether something is encrypted or not depends on how most people use it and what the defaults are.

          Signal is an encrypted chat app. E2EE is the default and AFAIK only behavior. Telegram can be encrypted, but it’s not by default, and defaults matter.

          • woelkchen@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            3
            ·
            3 months ago

            Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.

            Maybe you get acquainted to 100 new people every day, so your day is a constant chore of starting secret chats all the time. I don’t. I doubt regular people do. Just start the secret chat once and then pick it up later.

            Signal is an encrypted chat app.

            Except for the locally stored data which is not encrypted and Signal’s attitude is that device encryption is up to the user.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              1
              ·
              3 months ago

              True, device encryption should be up to the user. Mine is encrypted, and most smartphones have encrypted storage these days. I actually have mine reboot after a period of inactivity, which removes the encryption keys from memory.

              That said, they should have an option for app data encryption, but that’s hardly a requirement IMO, because I care far more about data being encrypted in transit than at rest on my devices. I can encrypt data at rest on my machines, I can’t encrypt data in-transit unless that’s baked in to the service.

              • woelkchen@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                3 months ago

                That said, they should have an option for app data encryption, but that’s hardly a requirement IMO

                So Telegram is not an encrypted messenger because there are types of messages that are not E2E encrypted but Signal is a encrypted messenger because encrypting local storage is optional. Got it.

                • sugar_in_your_tea@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  3 months ago

                  Yes, because the “encrypted messenger” metric is about sending and receiving messages, not storing messages. On the order of things I care about, E2EE is much more important than local storage. I can do something about local storage, I can’t realistically do anything about E2EE.

                  • woelkchen@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    3 months ago

                    Yes, because the “encrypted messenger” metric is about sending and receiving messages, not storing messages.

                    So whether or not the messages can be retrieved by criminals or law enforcement is not a metric. Got it!

                  • pressanykeynow@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    arrow-down
                    2
                    ·
                    3 months ago

                    I can do something about local storage, I can’t realistically do anything about E2EE.

                    You can enable secret chat. Like press the button. But that’s probably too difficult compared to encrypting you devices.

              • pressanykeynow@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                3 months ago

                most smartphones have encrypted storage these days

                Encrypted from your girlfriend or yourself if you forgot your gesture, but not from Google/Apple/Government or anyone who actually wants your data.

                • sugar_in_your_tea@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  3 months ago

                  I’d like to see them try. I use GrapheneOS, and it reboots after a period of inactivity, so the decryption keys aren’t even loaded into memory unless I’ve used my phone recently. There are also constitutional protections so the government can’t take my data without my permission, or with a warrant (if they can break the encryption, that is).

                  Even your average smartphone w/o any special setup is encrypted by default, though a lot of people use pretty awful security (i.e. only biometrics, and police can unlock your device with your biometrics violating your right to not self-incriminate).

                  It would be nice if Signal stored my data encrypted, but my devices are already encrypted (phone, desktop, and laptop), are usually in my possession, and have extra layers of protection on top to prevent stealing my data. So I’m a lot more comfortable with “unencrypted” data at rest than the chance that a contact will send me an unencrypted, sensitive message. I can mitigate the former, I can’t do anything about the latter.