As I noted within my post #9955859@lemm.ee (alternate link), I found that thumbnail generation in Element is an enourmous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server.
Can’t the admins just edit it and sign with a new key? Either way there won’t be a way to know for sure who edited the comment, you could know if the original poster did it, but well they can just tell you that.
Of course, but if the signature were to change, it would no longer match the public key.
The goal is only to know if the OP edited it or not. It doesn’t really matter who edited it if it wasn’t the OP. The only important information would be that it wasn’t the OP.
Verifying with the user’s public key accomplishes the same, and is independent of a direct audit from the user.
How can I find your public key without going through a channel that could also have been manipulated by the admins, though? That seems problematic to me
This is indeed an obstacle in practicality. You are absolutely right in that any channel under control by the admin could be used as a means to orchestrate a MITM attack and replace my public key with theirs. The only way for this to work is for me to personally provide my public key in a separate, and secure channel like Matrix.
I would like to emphasize that this is all just an experiment for my own interest. I would certainly not recommend what I am doing to anyone else.
content-signature:nHszcVqN6q4R+QXnem7w42nxw58kNPNV3UGVK/rxBP5QBWNjoHX5WstdcuLWiiuuky0ZwXVR6zif2/+oWwRcmDtbv+FNlBOKSIVfcW1lSOQNQeBddbmBNIfP7hBjtTSVbszIZPXNzJQykEFdxh9hJVaC3eEqxYnN4oIOdxWjj+MejQ2zpG3l/BdnTLqWX3rf4HK4VPD8OMYyxTbqhtTMMje+tfCrf/EtRfgY3gd0Clm6oWw6WeD6QgQdJHgbRlDrZwIVE8F5zdtnooFcIptlo4ovJl9VX7FdBCExRW9MQJUU+3AZv5gVCZ4pZ9zZaXihGmhdNRDbAX9XQVUSSRc+1w==
Makes sense, thanks for clarifying!
OP can edit comment, sign with a different key and claim his comment was edited by the admins.
So we can’t know who really edited the comment unless in the default boring situation: it was OP and he signed it with the correct key which is the same as him just telling “yeah, it was me” or not saying anything at all since it’s the default.
Dang, that is a scenario that I hadn’t considered. I’m not sure that there’s anything that can be done about it.
Why not just host your own lemmy instance on a cheap vps and be satisfied you’re the only admin heh