| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| em:sg [2025/04/14 23:36] – [The Incident] Typo b.walzer | em:sg [2025/04/15 22:11] (current) – [Introductions] I again forgot the links b.walzer |
|---|
| ======End to End Encrypted Messaging in the News: An Editorial Usability Case Study====== | ======End to End Encrypted Messaging in the News: An Editorial Usability Case Study====== |
| |
| //draft// | |
| |
| Recently (2025 March) a reporter was added to a [[https://signal.org/|Signal Messenger]] group intended for members of the United States of America (USA) government, apparently by accident. So this is a really good time to talk about identity in end to end encrypted (E2EE) messaging with this event as the practical example. This event became hugely political and politics in the USA are well covered around the world right now so most people have at least heard of this. | Recently (2025 March) a reporter was added to a [[https://signal.org/|Signal Messenger]] group intended for members of the United States of America (USA) government, apparently by accident. So this is a really good time to talk about identity in end to end encrypted (E2EE) messaging with this event as the practical example. This event became hugely political and politics in the USA are well covered around the world right now so most people have at least heard of this. |
| If you can get your correspondent's identity number into your device you can then be sure of the identity of that correspondent from that time forward. Alternatively you might be able to just compare the number on your correspondent's device with a number on yours. Where the hardware permits, a QR code can be displayed on one device and the other device can be used to scan it. For people physically separated, the number can be read out over some sort of voice channel. I am old enough to remember a time when [[wp>Key_signing_party|PGP key signing parties]] were a thing that the nerdy set would engage in. Such parties were all about matching identity numbers to actual people. This is not a recent issue. | If you can get your correspondent's identity number into your device you can then be sure of the identity of that correspondent from that time forward. Alternatively you might be able to just compare the number on your correspondent's device with a number on yours. Where the hardware permits, a QR code can be displayed on one device and the other device can be used to scan it. For people physically separated, the number can be read out over some sort of voice channel. I am old enough to remember a time when [[wp>Key_signing_party|PGP key signing parties]] were a thing that the nerdy set would engage in. Such parties were all about matching identity numbers to actual people. This is not a recent issue. |
| |
| All this messing around with huge numbers is inconvenient so a means of mapping the identity number to some already existing aspect of your identity is often provided. When the device is a smart phone that aspect would naturally be a phone number. Then your preexisting phone/address book can be used in a transparent way. The cost is that you have to trust the system that does the mapping to not engage in some sort of deception that would allow them to impersonate you. You can compare the identity numbers later if you want to eliminate the chance of such deception going forward. | All this messing around with huge numbers is inconvenient so a means of mapping the identity number to some already existing aspect of your identity is often provided. When the device is a smart phone that aspect would naturally be a phone number. Then your preexisting phone/address book can be used in a transparent way. The cost is that you have to trust the system that does the mapping to not engage in some sort of deception that would allow that system to impersonate you. You can compare the identity numbers later if you want to eliminate the chance of such deception going forward. |
| |
| =====About the Identity Numbers===== | =====About the Identity Numbers===== |
| |
| To be clearer, I am generally suggesting that group chats should be done in terms of introductions. A participant should be able to see all the introduction information available in a way that would be useful to them and introduction information should be collected and preserved. | To be clearer, I am generally suggesting that group chats should be done in terms of introductions. A participant should be able to see all the introduction information available in a way that would be useful to them and introduction information should be collected and preserved. |
| | |
| | [[em:index|Encrypted Messaging index]]\\ |
| | [[pgpfan:index|PGP FAN index]]\\ |
| | [[:|Home]] |
| | |
| |
