this post was submitted on 20 Sep 2024
306 points (98.7% liked)
Open Source
31371 readers
41 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Is everything encrypted yet? Or do they still allow users to send unencrypted messages?
Unencrypted messages are useful for very large rooms, where encryption doesn't provide meaningful more privacy since public rooms have to be considered public space anyway. Encryption does have overhead, so it makes sense to disable it.
Private rooms are E2EE by default and can't be created unencrypted (at least in the Element X mobile UI). This is a good way to handle it IMO.
Encryption is, what, a 10% hit? I (and most companies) would gladly take that tax to ensure that it wasn't possible for me or anyone in my org to accidentally send an unencrypted message.
10% of what? keys are regularly rotated, per-member, and it would soon cost a lot of storage to store historical keys for very large rooms (by their member count)
Sounds like a design flaw. How does this work with other messengers that don't allow users to send unencrypted messages, like Wire, Signal, and WhatsApp?
probably the same way, and probably with an upper limit on group chat member count
Groups have an encryption key that I guess you receive from other members upon joining.
(part 2) it doesn't seem that signal has such a limit. maybe they're just fine with using relatively a large part of their data for key storage
They still allow it