Post
If you're designing E2EE in 2026
And your expectation for the user experience is that even half your users will
Then you have not been paying attention to the research at all!
That isn't the normal behavior for how we use software.
When's the last time someone you kmow that doesn't know what "TCP" is inspected a website's certificate before sending it their password?
This is a proposal for how to ensure keys aren't tampered with in group chats:
https://github.com/swicg/activitypub-e2ee/issues/43#issuecomment-3929554771
Some power users might find this useful, or even comforting.
This will not help Johnny encrypt. It demands perfect discipline and training from everyone at all times.
I'm trying to solve this problem differently: https://publickey.directory
Key Transparency inverts the responsibility model. It ensures everyone has the same view of the relationships between Actors and Keys at every point in time.
It accomplishes this with an append only data structure.
If anyone is being disciplined or paranoid, and therefore witnessing updates, they can assure the entire protocol is being followed honestly. And most people need to take no action other than use the software normally to be secure.
If power users want to verify fingerprints on top of this, fine, I'm not here to kinkshame.
If you don't meet people where they already are, and don't have billions to spend on experiential marketing to train them, you're setting yourself up for disappointment.
