-
alexkurisu
>> but he's right, omemo mitm is possible > that's an entirely different threat vector then what we are talking about. > and only possible with tofu Which is exactly why people *must not* blindly trust keys but verify them over 3rd-party channels instead
-
menel
*if they care enough to bother x which they generally don't.
-
erebion
It all depends on threat models. My mother sending me links to news articles and recommending vegetables to buy that currently are cheaper seasonally is not something I need to protect that much, but being unable to communicate because she logs into a new phone and then encryption does not 'work' is a serious issue. For almost all other contacts I'd verify keys, though.