And if so, why exactly? It says it’s end-to-end encrypted. The metadata isn’t. But what is metadata and is it bad that it’s not? Are there any other problematic things?
I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.
They don’t really need the actual contents of your messages if they have the associated metadata, since it is not encrypted, and provides them with plenty of information.
So idk, I honestly don’t see why I shouldn’t believe them. Don’t get me wrong though, I fully support the scepticism.
All they need is the encryption key for the message, and it’s not the message itself.
If they keys are held by them, they have access.
When you log into another device, if all your chat history shows up, then their servers have your encryption key.
It can be fully end to end encrypted and still drop keyword-based metadata into the envelope. But also, I am pretty sure that the feds can access the keys if they need to. It’s e2e encrypted, but that doesn’t mean the key stays on your device.
That too, yeah. Actually, look at Matrix Bridges. Any one of your contacts can give access to this third-party to decrypt your chats, so… yeah.