• @Spedwell
      link
      English
      71 year ago

      Sticking two E2EE tunnels together with a plaintext middleman doesn’t result in a single E2EE tunnel.

      The reason the distinction is important is because the security profile is vastly different—a compromised server leads to a compromised message—which isn’t true for actual E2EE services like a pure Matrix link.

      Side note: the first thing you should ask of a “end-to-end encrypted” product to you is “which ‘ends’ do you mean?” I’ve seen TLS advertised as E2EE before.

      • @Spedwell
        link
        English
        1
        edit-2
        1 year ago

        Adding: TLS is actually a pretty apt analogy here.

        You could make a chat server that just accepts plain text messages over a TLS link, and that’s basically the same security topology as with this Beeper bridge.

        But no one would call that a E2EE chat.