… and I can’t even continue the chat from my phone.

  • alyth@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    5 months ago

    I don’t get it. Who is “they”? Why can’t you fetch the encrypted message from the server and then decrypt it client side?

    • JoeyJoeJoeJr@lemmy.ml
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      edit-2
      5 months ago

      “They” is the browser/browser maker. The browser, acting as the client, would have access to the keys and data. The browser maker could do whatever they want with it.

      To be clear, I’m not saying they would, only that it defeats the purpose of an E2E chat, where your goal is to minimize/eliminate the possibility of snooping.

      • Socsa
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        You realize that your kernel which loads keys into memory can also access all this right? So can anything which shares memory space on the platform.

        • Natanael@slrpnk.net
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          The bigger risk is browser exploits, not just who develops it. There’s more attack surface and more ways to exfiltrate data

    • mexicancartel@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      I think the encrypted messages are not saved in the server. You probably have to backup from phone and restore it on pc. “They” is the other programs running on browser