… and I can’t even continue the chat from my phone.

  • @[email protected]OP
    link
    fedilink
    English
    1
    edit-2
    5 months ago

    I don’t get it. Who is “they”? Why can’t you fetch the encrypted message from the server and then decrypt it client side?

    • @[email protected]
      link
      fedilink
      English
      8
      edit-2
      5 months ago

      “They” is the browser/browser maker. The browser, acting as the client, would have access to the keys and data. The browser maker could do whatever they want with it.

      To be clear, I’m not saying they would, only that it defeats the purpose of an E2E chat, where your goal is to minimize/eliminate the possibility of snooping.

      • @[email protected]
        link
        fedilink
        English
        25 months ago

        You realize that your kernel which loads keys into memory can also access all this right? So can anything which shares memory space on the platform.

        • Natanael
          link
          fedilink
          English
          25 months ago

          The bigger risk is browser exploits, not just who develops it. There’s more attack surface and more ways to exfiltrate data

    • @[email protected]
      link
      fedilink
      English
      25 months ago

      I think the encrypted messages are not saved in the server. You probably have to backup from phone and restore it on pc. “They” is the other programs running on browser