1/ Not only must we deal with Governments attempting to kill "big-platform end-to-end encryption" in their own terms … but *now* we also have to deal with extremist geeks amongst ourselves who would like to kill <the same thing> because they hate platforms more than love people: https://t.co/uJyKp8k90c

— Alec Muffett (@AlecMuffett) March 26, 2022

Unroll

2/ No exaggeration about “extremism” here, for instance this is today’s blogpost from @matrixdotorg regarding the proposal, and frankly I am horrified in multiple dimensions that they could propose any of this, for the following reasons:

3/ In reverse order: THE WHOLE POINT of an end-to-end encrypted environment is that “your data” is locked up on:

– your phone
– other participants’ phones
– and nowhere else

NOBODY is holding your data hostage, other than it’s on your phone — where you can save/backup, etc.

4/ Given increasing importance/use of “disappearing messages” & so forth, it’s also arguable that increasingly data is meant to expire rather than persist, and having the data exist within a single app with a single policy regarding that, helps people reason about threat models

5/ This is also known as the “…let’s swap to using Snapchat so we can send each other pictures of ourselves in the nude and can be a bit more confident that (a) images won’t persist, plus (b) I’ll know if you cheat / take a screenshot” -effect.

People want stuff like this.

6/ In short: people want value propositions and differentiation of application features as SOLUTIONS for their WANTS…

But the #interoperability crowd are people who want “one chat client to rule over all chat networks”.

7/ In fairness: there was a time when that worked, but it’s gone. The point is no longer for Alice to send messages to Bob; instead messaging facilities are a given, and it’s features like disappearing photos, or payments, or GIFs and Emoji, or Filters, which offer platform value

8/ So when @matrixdotorg talk about “walled gardens”, since no data is locked-up in E2E, what they’re actually talking about is “user engagement”.

Summary: “We think too many people are using <big platform> rather than <something else>.”

That’s just… envy & hubris.

9/ When @matrixdotorg say:

“we could flag to the user that their conversation is insecure …. Honestly, this is something communication apps (including Matrix-based ones!) should be doing anyway”

I disagree, as WHAT YOU SHOULD BE DOING IS MAKING THE CONVERSATION MORE SECURE:

10/ When @matrixdotorg say:

“such a bridge has to re-encrypt…breaking the end-to-end encryption guarantee…We could run the bridge somewhere relatively safe – e.g. the user’s client…[or spread] them around the internet”

You must ask: what are they trying to achieve, and why?

11/ And then you read @matrixdotorg writing:

“The gatekeeper could switch to a decentralised end-to-end encrypted protocol like Matrix to preserve end-to-end encryption throughout”

…and then you understand where their interest lies.

12/

— AND THE SAD THING IS —

I am a fan of Matrix, and @BriarApp and @r2refresh and a huge number of distributed security applications.

13/ But when they, out of hubris, are willing to weaken the security of billions of people in order to achieve some degree of growth — by painting such as a necessary step against non-existent “walled gardens of data” — they’ve jumped the shark.

14/ More background at this blogpost:

Explaining fundamental problems of the EU #DMA demanding instant #messenger #interoperability, via fun analogies with food & sex — #endtoendencryption #e2ee

Originally tweeted by Alec Muffett (@AlecMuffett) on 2022/03/26.