Marcus Hoffmann via guardian-dev: > > On 13.04.19 00:17, Kevin Steen wrote: >> On 12/04/2019 11:51, Abel Luck wrote: >>>>> >>>>> If you still have Riot open and it hasn't logged you out yet, you need >>>>> to export your E2E room keys so you don't lose your chat history. >> >> There's something I don't understand with these E2E keys - are they not >> actually stored in the end devices? >> >> How come, now that we've all been logged out, we can't access those >> keys? Are they actually stored on the server? > > The riot clients, for better or worse, are set up to delete the local > decryption keys when their login token is no longer valid. > > (Otherwise you couldn't backup the keys from a currently offline device.) > >> >> I've tried to find and read the spec on these things, but if anyone can >> explain in simpler language I'd appreciate it! >> >> >> In extreme paranoia mode, I've noticed a few things which may or may not >> be related: >> + They recently added the "feature" allowing the backup of keys from the >> app to the server. > > While the implementation landed rather recently this feature was planned > for a long time already. See for example here for a lot of background > considerations: > https://moderncrypto.org/mail-archive/messaging/2017/002471.html > >> + They stopped publishing changelogs and went with the slimy google >> approach of "we're always adding new features, just allow your app to >> auto-update" > > Not sure what changelogs you are reading but all changelogs are here: > https://github.com/vector-im/riot-android/releases or > https://github.com/matrix-org/synapse/releases or > https://github.com/vector-im/riot-web/releases > >> + They forcibly logged everyone out > > Yes, that is what you need to do when someone got potential access to > all active sessions. > >> + The emailed advice to users extolls the virtues of the "backup your >> keys to the server" option. >> >> Has there been some rubber-hose cryptography applied to the Matrix team >> to modify the ecosystem to make life easier for the 3-letter agencies? >> >> -Kevin > Marcus
Yes, what Marcus has posted aligns with my understanding as well. I don't believe anything nefarious is being done by the matrix.org devs. The changelogs are plainly visible in github. The backup feature was long in coming, and is optional for more paranoid users. The fact that the local clients delete the keystore on a logout event is perhaps unfortunate in this case of involuntary logout, however it makes sense. When I logout I don't expect my data to hang around for use later. Put another way, if the keystore was not cleared on logout, then when would the keystore be cleared? If message history is important, then one should backup their keys on a regular basis (after adding a new device), just like one keeps backups of their PGP key, password manager, etc. Again: for the extremely paranoid, make your own backups, don't use the server backup. ~abel _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
