[Standards] Easy XMPP

Sam Whited sam at samwhited.com
Wed Jan 18 15:44:48 UTC 2017


On Wed, Jan 18, 2017 at 7:53 AM, Brian Cully <bcully at gmail.com> wrote:
>         Whether they know about it or not, people do need to have encryption. It’s a complicated, esoteric thing that they shouldn’t have to know about but do silently benefit from. In the dreaded car analogy: how many users discuss limited slip differentials? Does that mean there shouldn’t be engineering resources behind it?

I took "encryption" in this context to mean "end to end encryption",
and I disagree. I don't want end to end encryption in most situations,
I want searchable history that I can query on the server and sync to
any new devices. Where "I" in this case am assuming the role of "some
random user who just wants to chat and be able to go back and find the
date of an event their friend sent them".

I'm certainly not arguing that e2e encryption is useless or that we
shouldn't throw resources behind it, but we should stop assuming it's
needed 100% of the time for all users and use cases.

(to take this analogy too far, this is the best video I've ever seen
explaining the topic: https://www.youtube.com/watch?v=yYAw79386WI)

>         It’s a similar thing, in my mind, with federation. IMHO, it’s dangerous to put so much information in the control of a few huge organizations, and federation is a necessary, but not sufficient, way to alleviate that. It’s more than just whether or not users knowingly care, it’s engineering ways to help keep them safe and in control of what they share and with whom.

I do agree with you here for the general users case here, but also
bear in mind that one use case is "don't share anything with anyone
not allowed on this server", at which point federation probably isn't
necessary (and may be a bad thing).

—Sam


More information about the Standards mailing list