On Wed, Aug 20, 2014 at 1:01 PM, Wasa Bee <[email protected]> wrote:
> >*Perhaps work in this space should focus on security against a passive > adversary first, which can be done with ~0 changes to the UI (examples > include >Apple iMessage and BBM Protected). In practice, this covers 90-99% > of threat models depending on who you ask. Others in the room were > uncomfortable >both philosophically and practically (post-Snowden) with > accepting the ability for a central party to perform MITM attacks. The room > generally agreed it is a >worthwhile goal for the EFF and others to push > large providers not providing any E2E encryption to do so, even with > centralized public key servers to start >with > > I like this idea, but have 2 questions: > To be clear, Apple iMessage and BBM Protected are both E2E encrypted (with public keys distributed by centralized servers). So this is already happening at some large services. > - E2E support does not necessarily mean user awareness of the feature. > That's kind of the whole point. If you can turn on E2E encryption with users not needing to know about it at all, that's the ultimate level of usability. > - more importantly, is there a successful business model one can build > when not having access to user data? What shall it look like? Having > plug-ins available and good UI is important, but to reach a large audience, > someone has to make a living out of it somewhere.... was there any > discussion on that? > Fortunately, for messaging apps it's (hopefully) now established in user's minds that they shouldn't have to see ads. With WhatsApp this has been a clearly-stated policy and I believe most of its competitors don't show ads. Maybe the "get big and hope somebody buys you out" model isn't sustainable, but ad-free messaging seems to be the norm.
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
