You’ve helped enough :)
Hmmm I see.
We have an app in the making, so I guess we will eventually implement proper e2ee there and then just try our best in the browser.
You’ve helped enough :)
Hmmm I see.
We have an app in the making, so I guess we will eventually implement proper e2ee there and then just try our best in the browser.
I’m not saying that a single bot hasn’t gotten through, but probably you’re referring to the auto filled profiles? It’s just a way for them to be non-empty.
The sanest option in terms of user practicality to me appears to be storing the private key on the server, maybe encrypted with the user’s password, and sending it to the user on successful login where it would be decrypted client side.
That does seem reasonable, but it doesn’t solve the trust issue. The server might always send a modified script that just uploads the plaintext private key.
That said it would still be useful in other ways. Like in a breach the data would be secure.
Or it might encourage someone to learn a new paradigm :)
Thanks for the tip!
I have somewhat of a grasp on how Signal does it, but that’s very client oriented. How to go about it a web app is a mystery to me.
That’s true. It’s due to lack of implementation.
Getting e2ee right is tricky business. Any help or insight would be appreciated.
I can’t take too much credit myself, but yes, effort has been put. 😄😌
Noted, thanks!