Zelphir Kaltstahl writes: > To verify another person's device, one has to exchange information via a > second trusted channel. That information is a sequence of icons being > shown. If they are the same, that the other person sends you via the > second trusted channel, you can reasonably assume, that the device you > are communicating with is under their control. > > When it comes to the step of exchanging information about what icons are > displayed, most people will close the app and say "it's too > complicated", because they do not understand it ("Huh? How strange! Why > I have to do that? Are icons secure?") or do not want to do anything in > order to have security. They are not willing to invest as much as 5min In Freenet we have the same problem. We once had someone start an app that used tapping phones together to exchange references, but it did not get developed further. It nowadays lives under my account, but I don’t have the time to work on it (or rather: other things have higher priority for me). https://github.com/ArneBab/Icicle Maybe someone can find a tool there to ease initial setup. Also TOFU is something we desperately need more of. For example I recently had two unrelated people writing to me by email and our communication was encrypted automatically because they used enigmail with autocrypt and pretty-easy-privacy. Best wishes, Arne -- Unpolitisch sein heißt politisch sein ohne es zu merken