If it’s decrypted in the middle, it’s not end to end encrypted. I guess you could invent a term like end to end to end encrypted for a trusted middle server, but Matrix bridges do drop the security E2EE provides. Now you’re back to “all of my messages can be stolen if a server gets hacked” again, which real E2EE should prevent.
If MLS and MIMI make it to chat messengers, we could see real E2EE across chat services. Until every service speaks the same protocol, we simply won’t have cross service E2EE.
The WhatsApp bridge has access to the messages it has sent over Matrix, at least in the standard bridge setup. Plus, a hacked server can leak the messages in real time (the most common WhatsApp bridge even logs the messages it forwards to the server log by default).
The Matrix (Beeper) server stores the messages even if the bridge doesn’t. Plus, the bridge has a valid authentication token for the app on your phone, so it can pull down your entire chat history straight from your device if it wants to.
Beeper’s security is done about as well as you can with a bridge setup, but there are certain risks that can’t be mitigated given the limitations of the bridging system.
If it’s decrypted in the middle, it’s not end to end encrypted. I guess you could invent a term like end to end to end encrypted for a trusted middle server, but Matrix bridges do drop the security E2EE provides. Now you’re back to “all of my messages can be stolen if a server gets hacked” again, which real E2EE should prevent.
If MLS and MIMI make it to chat messengers, we could see real E2EE across chat services. Until every service speaks the same protocol, we simply won’t have cross service E2EE.
deleted by creator
The WhatsApp bridge has access to the messages it has sent over Matrix, at least in the standard bridge setup. Plus, a hacked server can leak the messages in real time (the most common WhatsApp bridge even logs the messages it forwards to the server log by default).
The Matrix (Beeper) server stores the messages even if the bridge doesn’t. Plus, the bridge has a valid authentication token for the app on your phone, so it can pull down your entire chat history straight from your device if it wants to.
Beeper’s security is done about as well as you can with a bridge setup, but there are certain risks that can’t be mitigated given the limitations of the bridging system.
deleted by creator