@LordMZTE their e2e ux sucks even harder, glad there's at least cross-device-signing now, but nobody implements it
@LordMZTE matrix has the issue that element is the only client that implements the full spec, but their ux sucks too hard in a lot of places. if "unable to decrypt" sounds familiar to you.
@koyuchan thats true, nheko is missing a few features, but i think its perfectly usable anyways. the whole unable to decrypt thing is also a pretty rare sight once youve understood the system. for example it might help to briefly open another matrix client, so that device can share its keys.
@LordMZTE that's bad ux. all the user wants is to send a message from a to b and not care about how cool and shiny the encryption keys are.
@koyuchan i get that, but i dont think theres a good way around it. afaik, most messagers store e2e keys on the server, which is how you can simply not worry about them and have it all work seemlessly, but thats missing the whole point of e2e, because now the server can also decrypt stuff. matrix only stores the keys on the clients, so some other client, be it your device or the client of the person youre talking to has to send you the key.
@LordMZTE yeah, so let people backup their messages on their computer and don't store any keys. if the message history gets lost it's such a shame, but if you do local backups every evening it's gonna be fine.
@koyuchan but wouldnt that get you an irc-like situation where an offline client doesnt get any messages? i also dont really get how youd be able to decrypt messages if youre not storing keys. that would mean that everyone youre talking to would have to also be online so they can send the keys. i dont think that would make sense
@LordMZTE not really, i'd probably do it like how whatsapp does it, but of course without storing messages in the cloud
@koyuchan oh you mean the whole emoji verification thing? its really only there so you can verify new devices you add to your account. if theyre verified, other devices will share the encryption keys. you basically never have to do it with another user.
@LordMZTE not even that, you can skip that entirely as well. a good messaging app assumes there's no mitm and if it is it'll drop all connections. tofu or nothing.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!