In a decentralised world, an inside job could only impact a single server instance... and in an E2EE verified world, the insider wouldn't be able to spoof messages anyway. We should get on and add signing for public messages to Matrix's E2EE.
@matrix That would be such a nice feature!
@matrix And when you have that you can let us quote complete public messages into different Channels with Authors signatures intact?
@matrix signing only moves the problem around.
Now you need a reliable way for other people to figure out which public key is yours.
a) you have a centralized key directory, or
b) you use TOFU/WoT/etc., in which case people will keep losing keys and everyone will get used to public keys changing every so often
In either case, an insider can use a different keypair to impersonate the famous person, and nobody will notice that the public key is different.
@matrix Signing everything I write so it can be pinned to me forever? No thanks.
Especially with the eventually consistent principle used by matrix chat rooms that's just asking for disaster and abuse.
Signing everything can be very bad.
Twitter was just the vessel. That was a social hack.
What would have happened if only devices that had the private key could have sent those tweets?
The attack vector is different, which may make it harder, but it would still have happened.
@tokudan nobody said anything about signing everything(!) - just giving the option to send signed messages using matrix's existing PKI, just like you can with PGP. And yes, if the attacker had compromised keys held on endpoints then they could still have spoofed messages. Which is way way harder than a mere social engineering attack on a twitter employee.
@matrix The hack was "hey, send me money through a service that hides my identity, I'll send back double the amount".
Getting access to those accounts isn't the real issue. It will always happen. in some way or another.
Signing those messages with an invalid key would have probably still caught some people.
@matrix And then port that to Mastodon so toots can be signed as well?
mastodon.matrix.org is one server in the network