meshtastic

244 readers

1 users here now

Meshtastic® is a project that enables you to use inexpensive LoRa radios as a long range off-grid communication platform in areas without existing or reliable communications infrastructure. This project is 100% community driven and open source!

https://meshtastic.org/

founded 2 years ago

MODERATORS

J4g2F@lemmy.ml

MeshMarauder: someone finally published a tool to demonstrate how trivial it is to defeat meshtastic's DM encryption (by replacing public keys in profile broadcasts) (partyon.xyz)

submitted 5 months ago by cypherpunks@lemmy.ml to c/meshtastic@lemmy.ml

10 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] SanctimoniousApe@lemmings.world 4 points 5 months ago* (last edited 5 months ago) (1 children)

Yeah, that's why I said they missed the point. My question, tho, is should the devs even bother encrypting at all given that it's not a primary focus for them? I'm thinking if they're only going to half-ass it, then it's better to not bother and just say "encrypt it yourself before sending" so they can just focus on efficient transmission.

[–] cypherpunks@lemmy.ml 1 points 5 months ago* (last edited 5 months ago)

should the devs even bother encrypting at all given that it’s not a primary focus for them?

Yes, imo, even doing what they're doing now (without TOFU, trivially vulnerable to active attacks) is better than not encrypting at all - they should just have been forthright with users about it having been designed to only provide confidentiality from passive adversaries.

But also, they should actually mitigate active adversaries by implementing TOFU. And then still, they should be more forthright about Meshtastic not being designed for privacy (re: enabling location tracking, etc, even absent GPS).