• n0n@kallutatud.info
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    That linked article talks about how crypto in browser is easily subverted. You don’t have to use matrix with a browser client and most people I know use standalone clients.

      • n0n@kallutatud.info
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        True, the element.io site offers the browser client first, which I find wrong. On the other hand some of Signal’s choices were justified by “helping adoption” so I guess that falls under the same category.

        Currently I can’t find a way to see which client another user is using in the Element mobile app. Not sure if that is even possible. So I guess for really sensitive matters you have to make sure your collaborators know how to stay safe. And of course if your use-case really required a web-client you could just self-host it.

          • n0n@kallutatud.info
            link
            fedilink
            arrow-up
            1
            ·
            3 years ago

            I completely agree with you. But in every field I’ve worked in getting actual good security implemented is usually diametrically opposed to end-user convenience.

            As a side note what Element did with the verification icon-strings was pretty neat.