… and I can’t even continue the chat from my phone.

  • @[email protected]
    link
    fedilink
    English
    65 months ago

    Using an E2E chat app in your browser necessarily makes the keys and decrypted messages available to your browser. They would have the ability to read messages, impersonate users, alter messages, etc. It would defeat the purpose of a secure messaging platform.

    • @alythOP
      link
      English
      1
      edit-2
      5 months ago

      I don’t get it. Who is “they”? Why can’t you fetch the encrypted message from the server and then decrypt it client side?

      • @[email protected]
        link
        fedilink
        English
        7
        edit-2
        5 months ago

        “They” is the browser/browser maker. The browser, acting as the client, would have access to the keys and data. The browser maker could do whatever they want with it.

        To be clear, I’m not saying they would, only that it defeats the purpose of an E2E chat, where your goal is to minimize/eliminate the possibility of snooping.

        • @[email protected]
          link
          fedilink
          English
          25 months ago

          You realize that your kernel which loads keys into memory can also access all this right? So can anything which shares memory space on the platform.

          • Natanael
            link
            fedilink
            English
            25 months ago

            The bigger risk is browser exploits, not just who develops it. There’s more attack surface and more ways to exfiltrate data

      • @[email protected]
        link
        fedilink
        English
        25 months ago

        I think the encrypted messages are not saved in the server. You probably have to backup from phone and restore it on pc. “They” is the other programs running on browser