| 28 Mar 2023 |
 Pynk ⚡️ | In reply to @nicegirl:matrix.org
Can you explain why this is security critical? Matrix spec definies the online key backup, so I assume it can be done in a secure way. Wasn't this online key-backup once implemented in FluffyChat? It's encrypted with the security key.
If you lost it you can't decrypt it thus you can't restore your encryption keys without it. | 13:31:34 |
 aaron | In reply to @kgb:tchncs.de
What, just putting different accounts in bundles? Yea, it lets you sort accounts if you have a lot. I think you can also quick-switch with them. | 13:31:45 |
| Pynk ⚡️ | In reply to @nicegirl:matrix.org
Can you explain why this is security critical? Matrix spec definies the online key backup, so I assume it can be done in a secure way. Wasn't this online key-backup once implemented in FluffyChat? * It's encrypted with the security key.
If you lost it you can't decrypt it thus you can't restore your encryption keys without it (assuming you use secure backup) | 13:31:48 |
|  alinedubardfmf84 joined the room. | 14:25:26 |
|  Asahi 95 ☀ joined the room. | 14:29:41 |
|  Jae -> @jae:777.tf changed their display name from Jae (She/Her) to Jae -> @jae:777.tf. | 14:36:42 |
 All-Purpose Mat | Is there a way to view the time of a read receipt in FluffyChat? On nheko, I can click the checkmark to see when each person saw my message. | 15:00:41 |
| aaron | In reply to @mat:allpurposem.at
Is there a way to view the time of a read receipt in FluffyChat? On nheko, I can click the checkmark to see when each person saw my message. Nope. | 15:14:28 |
|  @mikeg80122:matrix.org joined the room. | 16:24:23 |
|  Snwoden_51 joined the room. | 19:04:54 |
 NoName | In reply to @nicegirl:matrix.org
Can you explain why this is security critical? Matrix spec definies the online key backup, so I assume it can be done in a secure way. Wasn't this online key-backup once implemented in FluffyChat? You can setup a client as the backup keys holder. This way you can transfers these keys to a bother client after verifying the new client, or export them so you can restore them later even if you lose access to all clients. What’s not possible, as far as I know, is to save those keys on the same server where you have an account. Having the keys used to encrypt the data in the same place where the data is (I.e. the server) is a security flaw since anyone with access to the server (if it’s compromised, for instance) would have access to all encrypted data. That’s why the keys are stored in the client only. | 19:11:38 |
 Emelie | I don't think that's right. I can't claim to know the specifics, but my understanding is that when you use online key backup, the keys are encrypted client-side and then stored on the homeserver | 19:17:59 |
| Emelie | Hence the long passphrase you're prompted to save during the bootstrap process | 19:18:54 |
| NoName | In previous version Fluffy would display the status of the keys backup, and since a while ago it was moved to Chat Backup toggle. Isn’t it how it works? | 19:20:20 |
| NoName | * In previous versions, Fluffy would display the status of the keys backup, and since a while ago it was moved to Chat Backup toggle. Isn’t it how it works? | 19:20:54 |
| NoName | In reply to @emelie:graven.dev
I don't think that's right. I can't claim to know the specifics, but my understanding is that when you use online key backup, the keys are encrypted client-side and then stored on the homeserver I think you are right. It was announced last month:
https://matrix.org/blog/2020/05/06/cross-signing-and-end-to-end-encryption-by-default-is-here
So you can backup the keys online encrypted. | 19:35:13 |
| Emelie | This blog post is from three years ago, not last month :D | 19:36:38 |
 wombat | Close enough. 🤫 | 19:37:41 |
| NoName | In reply to @emelie:graven.dev
This blog post is from three years ago, not last month :D Ooops, yeah. Brave search showed 02-2023 as the date for some reason… | 19:37:42 |
| NoName | 
Download ima_c1035f5.png | 19:38:16 |
| Emelie | That's a Friday, i guess it took the date from a TWIM post? | 19:40:05 |
| Emelie | Weird! | 19:40:12 |
| NoName | * You can setup a client as the backup keys holder. <del>This way you can transfers these keys to another client after verifying the new client, or export them so you can restore them later even if you lose access to all clients. What’s not possible, as far as I know, is to save those keys on the same server where you have an account. Having the keys used to encrypt the data in the same place where the data is (I.e. the server) is a security flaw since anyone with access to the server (if it’s compromised, for instance) would have access to all encrypted data. That’s why the keys are stored in the client only.</del> You can also backup the keys online on the server using a passphrase to encrypt it. | 19:44:37 |
| NoName | * You can setup a client as the backup keys holder. <del>This way you can transfers these keys to another client after verifying the new client, or export them so you can restore them later even if you lose access to all clients. What’s not possible, as far as I know, is to save those keys on the same server where you have an account. Having the keys used to encrypt the data in the same place where the data is (I.e. the server) is a security flaw since anyone with access to the server (if it’s compromised, for instance) would have access to all encrypted data. That’s why the keys are stored in the client only.</del> You can also backup the keys online on the server using a passphrase to encrypt it. | 19:44:58 |
| NoName | * You can setup a client as the backup keys holder. <del>This way you can transfers these keys to another client after verifying the new client, or export them so you can restore them later even if you lose access to all clients. What’s not possible, as far as I know, is to save those keys on the same server where you have an account. Having the keys used to encrypt the data in the same place where the data is (I.e. the server) is a security flaw since anyone with access to the server (if it’s compromised, for instance) would have access to all encrypted data. That’s why the keys are stored in the client only.<del> You can also backup the keys online on the server using a passphrase to encrypt it. | 19:45:27 |
| NoName | * You can setup a client as the backup keys holder. This way you can transfers these keys to another client after verifying the new client, or export them so you can restore them later even if you lose access to all clients. What’s not possible, as far as I know, is to save those keys on the same server where you have an account. Having the keys used to encrypt the data in the same place where the data is (I.e. the server) is a security flaw since anyone with access to the server (if it’s compromised, for instance) would have access to all encrypted data. That’s why the keys are stored in the client only. | 19:47:01 |
| NoName | In reply to @emelie:graven.dev
This blog post is from three years ago, not last month :D * Ooops, yeah. Brave search showed 02-2023 as the date for some reason… And I didn’t pay attention to the URL. 😰 | 19:50:52 |
| @mikeg80122:matrix.org left the room. | 19:58:27 |
|  Martin Mayer joined the room. | 21:09:44 |
|  sandra0 joined the room. | 21:18:36 |
