FBXL Social

OMEMO is crap

@Hyolobrika
Come to the Matrix side! We have "Unable to decrypt message"… too! Yeah, we have that one too 🤣

I have heard of some vulnerabilities in their encryption that I haven't looked too deeply into.
Also, every client for Linux seems to require Flatpak or otherwise can't be updated conveniently on QubesOS.
replies
2
announces
0
likes
0

@Hyolobrika
You can use Element in Firefox, I think you can also use Fluffy Chat and there's a desktop version of Schildi, but you need Node.js to host it, so I've never tried it myself.
If you want chats only and are fine with TUI, there's gomuks — you only need go and libolm to build it, I think you can even build it without cloning the source using "go install github.com/tulir/gomuks" — should work, but I haven't tried that myself in ages.

Isn't E2EE in a browser insecure?

@Hyolobrika
Why would it be? TLS is only the first layer — some metadata probably still gets transferred over it, it's what is considered unencrypted, but on top of it at least Element and Schildi have proper cryptography module in WAsm, it works mostly the same as desktop SW would. I'm not sure how Fluffy works, but it's probably the same.
Although browser cryptography is a classic "bad idea": https://tonyarcieri.com/whats-wrong-with-webcrypto , it's not the worst of what we have to deal with now daily😅

Because the server can serve malicious JS or WASM at any time.
I remember reading a blog post about it that I can't find anymore.

@Hyolobrika
This is a very valid concern! But has more to do with centralised systems and has little to do with Element, which you can self host — you can wrap it in Electron, I think they even provide you with it themselves and call it a desktop app. You can never update it (unless it stops working with your Matrix server of course 😆).

@Hyolobrika
Or you can even bring up the local Node.js infrastructure and use it in Firefox.
You can do the same with Schildi and probably Fluffy too.