this post was submitted on 24 Sep 2024
29 points (100.0% liked)

Privacy

32120 readers
817 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi,

Trying to move group chat from telegram to a more private option, but the key feature is its web interface which is so convenient...

I've checked SimpleX, Session, Briar & Element-Matrix, but the first 3 do not have a web version and the latest only has a free version for self-hosting and I haven't looked into self-hosting yet.

I'd completely understand if what I'm looking for doesn't exist for free, but if anyone has a suggestion here, I'm interested!

Cheers

you are viewing a single comment's thread
view the rest of the comments
[–] JubilantJaguar -5 points 1 month ago (1 children)

E2EE with a server web interface is a technical impossibility. The ends are the clients. By definition the server is only there to pass encrypted data from client to client. Presumably you can make this work with a web client using the browser's local storage, but at that point you're not actually looking at a web site and you might as well just use the official app. This is one reason why Telegram doesn't do encryption by default: group chats are particularly hard to do with EE2E.

[–] [email protected] 5 points 1 month ago (2 children)

JavaScript runs on the client. It's fairly easy to do the encryption there.

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago) (1 children)

But the JS is served to the browser each time the page loads, you can't be sure it stays the same between loads. Sure, this is the same problem as malicious updates, but still exaggerated - the opportunity to slip in altered code is "every time you open the page" rather than "every update". Plus much more convenient to do targeting.

[–] [email protected] 2 points 1 month ago

you don't have to load the code every time, you can save it and run locally, this is exactly what the Element desktop app does, it's just an electron loader for a local copy of the website, and you can choose to update it whenever you want

[–] JubilantJaguar 2 points 1 month ago

That's why I emphasized the word "server"