During this year's Google Summer of Code, Anmol will implement optional real-time texting in Dino. Real-time text means that text is transmitted and displayed to the receiver while it is being typed. Anmol will write about his progress here:

2 questions:

1. What measurements will be taken to mitigate identification through typing rhythm/pattern by an adversary

2. Why is this chosen for the GSoC instead of a adding an additional option for e2e encryption by default? (or something similar that supports e2e encryption that is not accidentally turned off)


@syster @dino

1. The feature will have to be enabled for each conversation, it is expected to be only enabled with contacts you trust.

@larma @dino
> it is expected to be only enabled with contacts you trust.

what about network sniffing?
what about the server listening to it?

@syster @dino

RTT can be encrypted using omemo:1 (and should be if you want to protect against malicious servers).

RTT instructions are batched into messages of fixed intervals (something like 1s), making it impossible for servers to see any pattern (other than ongoing communication between the two users).

If you don't want to leak that you are currently typing to a user, you need to turn off RTT. Dino allows you to turn off the "is typing"-notification for the same reason.

@larma @dino
>instructions are batched into messages of fixed intervals (something like 1s),

Ok. That was the part I was hoping for.

Even so I wished the resources would be used for something that is improving Dino's security, that feature doesn't seem to be as bad as I feared in the beginning.

thank you for your explanation.

@syster @dino

2. GSoC is for students that are new to open-source contributions and work on a project for 3 months straight. Students propose their project, with some suggestions provided by the project maintainers (which act as mentors throughout the summer).

Depending on what you include in the goal of enabling e2ee by default, it's either far less than 3 months of work or requires deep understanding of crypto which you can hardly expect from most students.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.