|
Unknown opened 4 years ago
|
|
|
Thank you for your suggestions. We already received similar requests and we will improve that in a future version, however not all of them may be possible to be changed, ie. due to the impact of those settings on users' privacy. |
|
|
Thanks for your quick reply. I agree that there is a convenience/ security trade-off and my proposed default settings might be too weak for some use-cases (and therefore could be discussed). However, I see no security benefit, if (new) user's fail using Siskin and then switch back to centralized commercial apps. Maybe a solution is to provide two sets of defaults and let the user (initially) choose with one prominent switch:
I like to highlight that a number (3) of (new) users faced more user-related issues (described above) than actual software problems (push in MUC with prosody). This shows, that Siskin is already a good piece of software. :) |
|
|
The idea is to ask questions at the first start of the app (but in a way that the user would easily understand) and then just use that. |
|
|
I just spent an hour debugging why OMEMO between my Conversations client and my friend's Siskin wasn't working.
This should absolutely be the default, none of our OMEMO messages working and there was no way to figure out why. We eventually worked around this by using ChatSecure to add me to the roster. Conversations specifically phrases this as "preemptively grant subscription request" under the contact details.
People should be using OMEMO (by default) if this is an actual worry. If they then turn off end-to-end encryption then they don't care about the security of their messages anyway.
The issue here is that Siskin has basic usability issues if it's used by the average user that's coming from WhatsApp by the default settings (for example: one has to add a contact, then they need to figure out how to edit the contact, and then explicitly adjust the presence and then OMEMO works). I also don't think that a questionnaire at the beginning will help - that's just going to scare users more than anything else (which is why WhatsApp/Signal don't do this). |
|
|
I do not agree with this opinion. It is different to do not care if server operators can access a message content and if anyone can access uploaded files. Another thing is that not there is no way to disable OMEMO (for good) and there are issues with having OMEMO working as there is no way to detect if server and clients will behave as expected. Enabling encryption by default, which can be problematic and lead to communication issues, is not the answer in this case.
I do not expect to scare people but to follow the rules. If something is gathered or processed then, in my opinion, the user needs to express consent to that (whether it is encrypted or not). |
|
|
FYI this is how Monal (alpha/beta) does it, on macOS, by asking you on start after you've added your account creds:
|
|
If I understand correctly, if omemo is enabled http upload will also be end to end encrypted. So I don't think the privacy concern of disabling both is realistic. |
|
|
@pravi perfect enemy of the good |
Problem: After recommending Siskin to a number of beginners, I had to manually reconfigure a very high number of settings (switches) for them. In contrast, Quicksy/ Conversations works out of the box.
Effort: This is only a minor diff, but I expect it to be a major improvement for new (beginner) users:
Proposal: I suggest to enable following switches by default:
User's Problem Reports:
I expect this to be a more reasonable start-up configuration for beginner users. Expert users may deactivate unneeded functionality. The above is only my suggestion and could be discussed in further detail.