One big concern I have about #MLS over something like #Signal Protocol is that it makes it so the cost of sending a message to a group of 10 is about the same as sending to a group of 1000 or more. This is the opposite of how physical social interaction works, it is much more effort to speak in front of large groups. This gives advantage to spam, disinfo, trolling, etc. as compared to protocols where the cost linearly increases as the number of users in the group increases. 2/
@eighthave
This is actually one of the most important improvements over the Signal protocol. The scalability is great, but from a pure security point of view, group integrity is the real news.
@rene_mobile In theory, it sounds great. I'm still curious to see how much it will affect real world communications. I haven't really heard about exploits to Signal's lack of Group Integrity.
@eighthave
I wonder if there would be a way to effectively detect comprises, though.
@rene_mobile I can't think of a technical measure to detect any compromise, but it would surely be possible to detect compromise using other evidence. For example, someone suspects foul play, they ask group members they trust to let their devices be forensically inspected. Then any differences between the group transcripts should be clear upon visual inspection, and probably provable based on an export of Signal history from the devices. This kind of investigation caught NSO's #Pegasus
@eighthave it is not about if it is abused or not but the ability to know if it is abused or not. Up to MLS, I could not trust any group chat...
On the other hand, #MLS includes "Group Integrity", which means that all members in a group see the same state. This means all members see the same list of members, same message transcript, same message order, etc. #Signal Protocol does not guarantee Group Integrity. I think this is an important property, but I wonder how much this was actually abused in the real world with other protocols? 3/