[samat]

They have opted for user convinience on this matter. Fully searchable history of all communication synced on all your devices. A nightmare for a dissident attacked by state, but convinience 90% of the population should not be stripped of.

[slazaro]

Is it technically impossible to have end to end encryption with full history, even synced? As long as you have the decryption key, you could have synced encrypted history, the best of both worlds, right?

[shalmanese]

It's not technically impossible but it is tricky. Signal hasn't figured it out yet but a university research group has a fork of Signal that claims to support it in a privacy preserving way but it hasn't undergone a thorough security audit.

[Double_a_92]

A good encryption doesn't let you decode old messages even if you know the key. That's to prevent "the enemy" from recording everything in the hope of getting the key someday.

[samat]

Consider you’ve lost all your devices and logged in to a service. It either can decipher your history or it can’t. And if it can (which is convinient) - why have a e2e in the first place?

[drdaeman]

Revoke the key, so the lost device won't be able to read the new messages. What the device already knows - it just can't be helped.

This is irrelevant to E2E or even PFS. Basically, it's about message archive security - either it's leaked (and no amount of encryption and authentication would help) or not.

E2E systems can sync message history - by mutually verifying device keys and then propagating data across such trusted links. I mean, if someone can send you a large file there is no reason one of your devices can't send a message to another your device, with a large encrypted blob of what it knows about the past. And if all devices (including possible server-kept archive private key derivation passphrase) are lost, then message history is gone.

[niij]

>And if all devices (including possible server-kept archive private key derivation passphrase) are lost, then message history is gone.

If a server can decrypt your messages, then it's not really E2E anymore, is it?

[drdaeman]

I believe E2E means that data is encrypted and decrypted on endpoints and nothing else. It doesn't imply how the keys are produced or who else knows the keys.

But I was thinking about a scheme, where the key is encrypted with a passphrase (that user's ought to remember) and kept on server. You fetch the blob, decrypt it (server can't), get the key and thus are able to decrypt the existing data (message archive).

This lowers security, but adds a significant convenience of being able to recover history if the only device is broken or lost. Which may be important for casual users.