tam boosted

The new #gajim #xmpp client is looking really good. The devs made a great effort of re-designing a lot of the UI/UX. Furthermore, this runs on Linux, Windows and Mac OS.
Gajim: Gajim 1.4.0
gajim.org/post/2022-05-11-gaji

And fourth, back to the "secure" proprietary chip/enclave from which to generate the private keys. Wouldn't this unauditable blackbox be a convenient place to do keys fingerprinting as a mean to track users across multiple services and/or prevent multiple keys/accounts to be produced to authenticate against a same service (hence eroding pseudonymity on the internet and forbidding alt-accounts)?

Show thread

Third, how about multi-device? Shouldn't I be able to authenticate equally easily from a phone with a fancy proprietary "secure" chip/enclave, as from my 10yo laptop? If so it means again trusting client-side to do the right thing when comes the necessity to transfer keys across devices. If not, this is a severe overlook/shortcoming.

Show thread

Second, it pretends to be multi-factor, because the private key may be kept in an encrypted "keystore" locked behind biometrics. But isn't this even up to the client to implement? (if we relied on clients to do the right thing/abide by security best practices, this whole thing would be moot because everyone would be using strong passwords and encryption already…)

Show thread

OK, can someone please "sell me" on , and convince me that it's not just a lot of hyped nonsense?

First, it pretends to be a password-less authentication, but isn't the password just replaced by a private key whose loss is as damaging as a lost password?

 Indieweb.Social

INDIEWEB.SOCIAL is an instance focused on the #Openeb, #Indieweb, #Fediverse, #Mastodon #Selfsovereign #identity (#SSI), #Humanetech and #Calm technologies evolution.