I can't believe Moxie went all out like that.

· · tweetoot · 5 · 1 · 1

Ok, it was satire. I just changed a couple words in his latest anti-decentralization/anti-web3 post. Encryption was awkward and nerdy until it got easy (like Signal) now everybody manages their own keys and keyrings in these kinds of apps fine, because it's transparent. And they run their own servers when it's easy like a ring doorbell, wi-fi router, printer, or chromecast.

@djsumdog @mk @lucas @icedquinn

@djsumdog @mk @lucas @icedquinn
Also there's plenty of possible ways of interacting with a decentralized system in a decentralized way without running your own server. It's a bit trickier, but so is encryption in messengers. In fact, these are all the exact same complaints that people made against end to end encryption. The same ones Moxie had to defeat making his service.

@sj I think the real lesson is few people care, and the nerds that do care, hate how terrible the PGP experience is. If e-mail wasn't originally a terribly half-assed protocol and required all outbound messages to come from the same server as the MX record, you could ensure some degree of security via TLS between SMTP servers without encryption (at least for those who run their own, pay for a trusted service and don't use Google/Microsoft/etc.) PGP is just another layer of duct tape bolted onto e-mail just like SPF, DKIM and DMAC.
@mk @sj I run a home server and use it to bridge a lot of other messengers:

I deleted FB, but I still have a Signal, Telegram and LinkedIn bridge (although I'm deleting LinkedIn soon).

I generally like Element/Riot. The verification of devices via Emoji is a good idea. The way encryption is handled isn't intuitive and might scare off some people. Also, Synapse really does not scale up, but I heard the company behind it is pretty far along in their Go implementation; so that's promising.


"The way encryption is handled isn't intuitive"

for whom?
users, admins or developers?

i think its ok to make users store some kind of master seed (security code) to be able to recover encrypted messages, but it would probably have been better to implement bip39 for this. words are easier for humans.

BIP39 Mnemonic:
cargo iron between useless glance analyst cotton ensure favorite cherry nerve into

Mnemonic code for generating deterministic keys


@mk @sj There are cases where I'll get a message on one device and it will say it can't be decrypted with a retry link. Sometimes the retry works, sometimes it doesn't. If it doesn't, I can try turning to another device that was on when the message was received.

Once this was just due to a synapse bug and when I updated my home server I could see those messages in a given room. Part of the issue is the overloaded keyserver (which most home servers use by default).

Overall, it's still a much better user experience than PGP. It's not as good as Signal, but it's not centralized like signal and tied to one company doing SMS verification.


"which most home servers use by default"

how do you change your keyserver? oO


@mk I'm not entirely sure.Hey @jasonl8446, how does this shit work again? 😅

@djsumdog @mk @sj

Asking how you change the keyserver? You can change which key server you use in the config, although I use the default ('s) . (Assuming you use synapse as the backend)
@djsumdog @sj
> e-mail is half assed
tbh the problem with SMTP is that like all old IETF protocols it lacks proper framing.


if you make people choose betwenn a end-to-end encrypted messaging system and a cleartext one, they would choose encryption if and only if it is as frictionless as the other one.

people don't like to walk over these fucking stones..they just want to use the fucking service.

users want encryption that is default on, silent and invisible.

Sign in to participate in the conversation
Scriptjunkie Social

scriptjunkie's server