That blog post is not about Element and doesn’t include any of the ways Element stores data and sets up encryption. Basically they’re just saying ‘there’s no sane defaults and websites want to spy on you’, which I totally agree to, but which still misses the point. It is doable, it’s just not done well. To just send everything in plaintext is definitely not the solution here.
I guess very few people self-host their email or Matrix or XMPP.
You don’t need to self host email, Matrix or XMPP to use E2EE. I meant self hosting the web clients.
And it still doesn’t protect you against someone breaking the TLS connection between you and your server.
HSTS, Certificate Pinning, …
Every communication method suffers from this, it’s not exclusive to web-based communication.
proprietary, windows only apps are not generally designed with security as the number 1 concern
Yeah, Open Source software down to the OS itself is important for security. But even then, who audits their own software? It’s probably 0.01% of the 0.01% of the general population you mentioned.
deleted by creator
Matrix/Element does it pretty okay. Not perfect, but better than no E2EE.
deleted by creator
That blog post is not about Element and doesn’t include any of the ways Element stores data and sets up encryption. Basically they’re just saying ‘there’s no sane defaults and websites want to spy on you’, which I totally agree to, but which still misses the point. It is doable, it’s just not done well. To just send everything in plaintext is definitely not the solution here.
deleted by creator
deleted by creator
Ah, yes, makes sense. Solutions to this may be to use client applications, local storage in browsers or checksumming.
deleted by creator
deleted by creator
deleted by creator
You don’t need to self host email, Matrix or XMPP to use E2EE. I meant self hosting the web clients.
HSTS, Certificate Pinning, …
Every communication method suffers from this, it’s not exclusive to web-based communication.
Yeah, Open Source software down to the OS itself is important for security. But even then, who audits their own software? It’s probably 0.01% of the 0.01% of the general population you mentioned.
deleted by creator
So, like Element? scnr
deleted by creator