Agreed, many people would like to use what they call "integrations" aka "bots" for those coming from Discord, which wouldn't be unencrypted, and as you mentioned stickers. Signal/XMPP is my messenger of choice at the moment.
CHEFKOCH@lemmy.ml 2 years ago
I feel the same, Telegram and Matrix got hyped and whatnot but same like Signal they got millions of dollars and are light years behind the competition. Which makes me wonder what they do with the money and why they do not hire competent people, which I would do in such case to address all concerns and design flaws.
Matrix encryption is flawed too, avatars, reactions etc. are NOT encrypted. Matrix might be an alternative until all flaws are fixed, but that might take years from now.
coconuteclair@lemmy.ml 2 years ago
poVoq@lemmy.ml 2 years ago
Most messengers only encrypt the text body. There is some work underway to improve this in XMPP with a new version of the OMEMO standard, but this is not yet implemented in most client.
IMHO the bigger problem with Matrix's OLM e2ee is that they weakened key exchange to be per account and not per device (mainly to make it more scalable in group-chats) and this requires devices to exchange the shared private key which is inherently risky.
BridgeBum@lemmy.ml 2 years ago
There is some risk, sure. I don't see how this would be any more risky than a TLS exchange. Obviously the exchange can be implemented badly, but if done correctly it seems like it would work with certs and send the key encrypted.
I think the bigger risk is the key sitting at rest on multiple devices, some of which are easily lost (cell phones) and could then compromise an account.
poVoq@lemmy.ml 2 years ago
You seem to have a misunderstanding of what public and private keys are. Private keys should never leave the device they were created on, and yes of course having the same key on multiple devices is also a problem.