Damn already working on an app? That’s so cool! Starting E2EE there is definitely a good idea then!

MeroChat is such a nice project, thank you for working on it <3

The server might always send a modified script that just uploads the plaintext private key.

Yeah, you’d need a way to validate the client code before it’s executed to solve that issue

Section “2. Client application security” of MEGA’s Security Whitepaper discusses this exact problem. Their best solution to that issue is to just cram the whole frontend in a signed web extension and not serve any code to the user when the extension is active, which is not very user friendly but works for those who want an extra layer of protection

I just can’t find a good user-friendly implementation, sorry for not being of more help. The web just isn’t E2EE-friendly ig :/

Yeah, I’m not used to E2EE in the browser either and StackExchange seems to agree that there’s no nice solution :/

The sanest option in terms of user practicality to me appears to be storing the private key on the server, maybe encrypted with the user’s password, and sending it to the user on successful login where it would be decrypted client side. It seems like it’s more or less what MEGA is doing since they have a similar issue

If the server having temporary access to the user’s password is an issue maybe the password could be partially pre-hashed before being sent?

It’s be interesting to talk about it with someone with more experience, especially since implementing all of that will be a pain so it can’t be redone every Thursday

I know Matrix has E2EE with some public documentation on its implementation. Maybe it could help you? Idk how familiar you’re with E2EE or what kind of implementation you’d want, anything will have drawbacks :/

Yup! In that case, this is not an answer that can be solved “mathematically” as you asked: convincing a large group of total strangers to do something for you is within the realm of crowd psychology.

If r/place showed us anything, it’s that you can get people to work hard together if you make them feel part of a community. Maybe creating a Lemmy community whose goal is to keep all posts within that community at 69% would work?

Not sure if that’s the answer you wanted but that’s how I’ve understood your question so don’t hesitate to correct me :)

Is your question “what is the probability for one of my post to have 69% upvotes”? This should be answered by a binomial distribution!

According to this website, for p=0.5; n=100; and x=69 the probability should be ~0.005%.

This means that if 100 people vote your post perfectly randomly, the chance of getting 69% upvotes is ~0.005%. This number will also become smaller if more people start voting since given an infinite amount of votes, the ratio of upvotes should converge towards the chance that a person gives your post an upvote (aka. 50%) so we’d get even further from our 69% target.

Basically, if people vote perfectly randomly it’s unlikely to get to exactly 69%. Such is the fate of us mortals :(

It’s time to accept that with every passing second, your body irreversibly degrades. In every instant of life, death becomes closer and closer until it eventually consumes your consciousness and turns you into a lump of organic matter.

Which is like 3:45 pm. You’re welcome! :)

I mean…

"use strict"; is just a way of enabling more restrictions to make writing JS less error prone. You can find the details of what that does on MDN (or, if you don’t like long verbose technical explanations, this is a pretty good summary!)