this post was submitted on 17 Aug 2023
70 points (98.6% liked)
Linux
48365 readers
1419 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Interesting. Thanks for the info. I turned off the listening notification. Hopefully this is the one you meant. I hadn't thought about settings for the device itself.
I don't entirely understand the verification notice and all. I don't understand the context of verification. I generally avoid making any external internet connections (finger printing) between my phone and other hardware. They are on separate VPNs and firewalls. I get the message about no verification every time I open element. I don't know what it is trying to verify exactly. I imagine it is a copy of the keys and hashes, but like, I don't want to connect social across devices and I am given no options or context details. I don't mind backing up or storing keys, but I'm not installing the software on my workstation or punching holes in that firewall.
Anyone with access to your homeserver can change your password and log into your account. That's why by default, when someone logs into account, their session is unverified and doesn't have access to encryption keys. To verify it and sync encryption keys, you have to mark it as trusted from another device you own (which sends the encryption keys from the old device), or if it's the first session it becomes the only trusted device (and generates new encryption keys).
Note that the homeserver owner can always reset all of your sessions and encryption keys, then log in as the first session. They won't be able to read your past encrypted messages obviously, but they will be able to impersonate you. To prevent that, you can additionally perform the same verification process for the devices of those you chat with - that way they will also know which devices you marked as trusted.
Yeah. That's the correct one. You can also do that with other apps that rely on a background connection to some server. I also don't use google and their cloud messaging. So that's the way around it.
Regarding the verification: It's an additional layer of security for you. To make sure all the devices logged in into your account actually belong to you. Otherwise someone with access to your computer or password (or matrix-server(?)) could in theory read your messages. To prevent that, they make you verify it's actually you who registered that additional device. I think Element has an option to not sync encryption keys with unverified devices. So you could end up with malfunctioning encryption. But in case it's working fine for you, you can skip the verification. You're just missing out on the extra security this way.