That linked article talks about how crypto in browser is easily subverted. You don’t have to use matrix with a browser client and most people I know use standalone clients.
True, the element.io site offers the browser client first, which I find wrong.
On the other hand some of Signal’s choices were justified by “helping adoption” so I guess that falls under the same category.
Currently I can’t find a way to see which client another user is using in the Element mobile app. Not sure if that is even possible. So I guess for really sensitive matters you have to make sure your collaborators know how to stay safe.
And of course if your use-case really required a web-client you could just self-host it.
I completely agree with you.
But in every field I’ve worked in getting actual good security implemented is usually diametrically opposed to end-user convenience.
As a side note what Element did with the verification icon-strings was pretty neat.
That linked article talks about how crypto in browser is easily subverted. You don’t have to use matrix with a browser client and most people I know use standalone clients.
deleted by creator
True, the element.io site offers the browser client first, which I find wrong. On the other hand some of Signal’s choices were justified by “helping adoption” so I guess that falls under the same category.
Currently I can’t find a way to see which client another user is using in the Element mobile app. Not sure if that is even possible. So I guess for really sensitive matters you have to make sure your collaborators know how to stay safe. And of course if your use-case really required a web-client you could just self-host it.
deleted by creator
I completely agree with you. But in every field I’ve worked in getting actual good security implemented is usually diametrically opposed to end-user convenience.
As a side note what Element did with the verification icon-strings was pretty neat.