My main concern overall is really the white washing of what security you are actually getting, and what you are not as a user. When people can’t understand easily, they may think they have privacy and live in a sane world… when…

End to end used to mean best possible outcome (assuming the keys used were a sound curve) - and sadly today it’s entirely possible for ‘end to end’ to be something else entirely.

The extent of the scam used to (and often still is,) be SSL Certificate providers attaching ‘$500,000 encryption insurance’ as part of their sold certificates. A bogus un-claimable feature used for marketing and to trick untechnical users into thinking they were highly secure and safe to use their credit card online (this is largely pre the HTTPS push).

Cloudflare are certainly innovators - but in a very centralising way. Their business moat is tied to protecting and growing their centralised empire. Just like any other company, they can be coerced as a business to do a governments bidding.

I’d almost go as far as marking websites or services that use Cloudflare as not a green lock or add a yellow spy glass - but really, browsers are too broken now, best to instead focus on their replacement.

My issue is they make the devices and OS. And I’m not sure we should (read: please don’t) trust apps directly, to be honest, as they are a target vector.

External signing devices are great. What’s missing is a layer perhaps where the external signing device says, “hey, your last message to Dave was to pubkey X, it’s now Y” or similar - however I favour dumb signing devices.

A trusted OS would be ideal to perhaps have this security layer to keep/compare state and make it obvious/transparent - it’s just painful that we can’t trust the OS.

And just to clarify.. you’d need the pinned certificate key/fingerprint - it’s expiry is not enough to detect a change.

Not talking strictly HTTPS. Even so, when have you been directly notified by an app when they updated their pinned certificate? Or even having visibility to a currently pinned certificate and it’s expiry?

It’s not even the key exchange exchange security - that’s largely solved. It’s the swap out and zero-visibility attacks.

I’m largely targeting WhatsApp, Apple iMessages and FaceTime, and whatever large corp constant use a few buzz words that are literally meaningless.

I hope we can do better on Nostr, once key rotation is more mature. We need greater transparency around security related changes. I’m unsure how to include them outside of the app itself - which shouldn’t be trusted.

Nice*