Element for Android doesn’t support searching in encrypted channels and I think you can’t use E2EE in the browser at all(?), plus basically every other client has even more drawbacks when it comes to E2EE.

My team recently tried RocketChat, but E2EE is obviously an afterthought for that project as it has even more limitations than non-Element Matrix clients (no searching, no pinning, no file upload, no edit, etc.). Plus Jitsi integration seems to be buggy right now (at least on my Windows installation).

What else is out there that’s not on my radar? Is Matrix with Element really the best option right now? Is there no project that puts E2EE above all else?

Edit: Should be self-hostable and (FL)OSS.

  • MentalEdge@sopuli.xyz
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    10 months ago

    Why wouldn’t E2EE work in the browser versions of the clients? You just log in, verify from a logged in client, and then everything works. Decryption of message history can take a while, but it gets there eventually, and sending and receiving new messages should work with encryption, right away.

    Search is tricky because the client essentially has to download, decrypt, then index, your entire user history. The server can’t do the search for you, because it never sees your messages in cleartext.

    Syphon does actually do this on mobile, but it’s in alpha, and while it can do E2EE you have to export your keys from another client, then import them, to get it working. No easy emoji verification.

    You might look at schildi, which is a fork of element with implementations for a a bunch of extra stuff. You’ll have to get past the app icon, tho.

    • Lemmchen@feddit.deOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      I haven’t tried Element Web for quite some time, but I remember having some issues with E2EE rooms. Maybe this has been resolved by now or maybe it was just the search not working there as well as on Element for Android. I can’t really remember right now.

      I am aware of SchildiChat, but AFAIK it doesn’t provide search in E2EE encrypted rooms, just like Element (both on Android). On iOS they both support it (I think).

      Maybe I should check out Syphon then. How polished is the client otherwise? Can it compete with Element?

      Edit: Last Syphon release was October 3rd 2022 and the last commit six months ago: https://github.com/syphon-org/syphon/releases
      I’d say that project is unmaintained.

      • MentalEdge@sopuli.xyz
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        10 months ago

        Again, the web client, or any client, can’t have search or message history that works at 100% until it has downloaded your user history, decrypted, and indexed it.

        I’ve not had any issue sending and receiving encrypted messages in the web UI, nor accessing message history once I give it some time to catch up on decrypting it.

        Syphon is in alpha, and thereby extremely basic, last I checked.

        I think you’ll have to just try it and see what state it is in, my issues with it were UI related and subjective, but otherwise I recall it being fine.

        • Lemmchen@feddit.deOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          10 months ago

          Again, the web client, or any client, can’t have search or message history that works at 100% until it has downloaded your user history, decrypted, and indexed it.

          Doesn’t change anything from the fact that the Android client simply doesn’t have implemented that feature.

          • MentalEdge@sopuli.xyz
            link
            fedilink
            arrow-up
            1
            ·
            10 months ago

            No, but I’m not really referring to that. I’m referring to the fact that unlike an installed application, the browser version can’t just cache a bunch of data, and have it reliably stick around for the next time you open the browser, nor even rely on the browser letting it download and handle as much data as it might need to to begin with.

            So it might end up working not as well, depending on browser and settings, even though it’s literally the exact same code as the desktop application.

    • Lemmchen@feddit.deOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      MAM does not seem to be a finalized standard, plus I don’t understand how this is related to E2EE at all. I’m not terribly familiar with jabber, maybe you can enlighten me.

      • Bronco1676
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        https://wiki.xmpp.org/web/XMPP_E2E_Security

        XMPP has omemo and pgp as e2ee.

        I’ve hosted https://prosody.im/ before I went to matrix.

        You will need to enable some of the extensions, if you want to have group chats, chat history and so on. But after initial configuration prosody will just work ™ and is absolutely lightweight.

        The only reason I stopped using XMPP was, that no one uses it, which is sad, but I can’t do much about it.

        Also one important bit is, that most clients are not e2ee by default and you need to enable that you only want to send encrypted messages and not plain text.

    • Lemmchen@feddit.deOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      I can see why they haven’t implemented this on mobile phones

      I think the iOS client has that feature, but I unfortunately don’t have an iPhone to test that claim.

      XMPP

      What clients/servers are recommended on each platform (for full encryption support)?