Hacker News new | ask | show | jobs
by chme 2620 days ago
I would like for matrix protocol and implementation to be better prepared for such cases.

While I didn't loose access to the encrypted messages, since I used the 'Encrypted Messages Recovery' function of Riot.im, I guess a lot of people have. Maybe allow to store more information on the client side?
2 comments
MayeulC 2620 days ago
I do not really like the fact that this feature can only backup keys server-side, so I did not enable it.

I do however have a keys backup dating back some time, that will hopefully restore some of my encrypted messages. But basically, I understand that every encrypted message was at risk of being lost, so it's not that big of a deal.

link
cyphar 2620 days ago
The backed up keys are encrypted against a client-generated Curve25519 public key, with new session keys being added incrementally (so you don't need to provide the key after you set it up)[1]. Personally I don't see it as much more of a risk than trusting them to host the ciphertext of your messages.

People have different threat models. When chatting with my family, it's more important that we have a permanent history of our messages rather than the worry of them getting leaked. But if you're a whistleblower you have a different set of requirements.

[1]: https://github.com/uhoreg/matrix-doc/blob/e2e_backup/proposa...

link
Aaronn 2620 days ago
You have always been able to export your keys manually to a file.
link