Key verification is a hard usability problem. Efforts like Key Transparency & CONIKS can help make this less painfulhttps://twitter.com/FredericJacobs/status/819609844693041152 …
-
-
>> have no idea about the setting OR how to react even with the setting on. Assumption default loadout is secure. It isn’t.
-
If not everyone verifies keys, the idea is that everyone is secure by default if the server doesn't know who does and who doesn't.
-
only applies if targets are random. An attacker may know/educated guess if a specific target uses notifications.
-
Indeed. 99.99%+ of users will have the setting off. Even those that have it on, won’t know who is attacking them.
End of conversation
New conversation -
-
-
Clearly the Signal model is more secure. And you could UX the always blocking model to be quite understandable when users >>
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
shouldn't we consider the business impact of WA changing their defaults? 1 billion active users ...
-
I meant it in a way that it's not as easy as choosing "let's not retransmit" and all problems are fixed.
End of conversation
New conversation -
-
-
"blocking" clients could send out a "garbage" message to hide their behavior. See https://tobi.rocks/2017/01/there-is-a-whatsapp-backdoor/ …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
>> changed devices. Very surprised OWS are being so defensive about this. Lots of people rely on WA being secure and will >>
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.