[randomhodler84]

Oh no. No. “You have nothing to share.” E2e by default or GTFO. This isn’t about your secrets. It’s about making your regular discourse indistinguishable from secrets. There is no con to e2e, and many cons for snake oil/plaintext.

[AnyTimeTraveler]

Actually, there are many cons to e2e, especially with bigger groups. I've read a lot about Signal's and Matrix's development and there are many problems that don't exist when sending data over a simple SSL connectiom to a server.

For example: You have a group with 100 Members, do you encrtpy each message you send 99 times for each recipient? Not likely. So you use a send key that everyone else can decrypt.

But then what if the group changes? Does everyone has to replace their send-keys, because the party that left can still decrypt all those messages otherwise.

That means you have to do n-1 key exchanges whenever a party leaves or joins. Otherwise it wouldn't be secure anymore.

There are some clever ideas about key exchanges, but so far the messengers that implement them are not widely used and since there is no profit in it, no one is in a hurry to compete.

[bsaul]

From what i’ve read, whatsapp is doing just what youdescribed for group chat, and it’s working fine... now maybe you’re talking about groups with hundreds of people ?

[afiori]

telegram groups allow for thousands of users.

[xorcist]

> There is no con to e2e,

No multi device support.

No transcoding for video.

No shared history for group chats.

Scaling get progressively harder with increasing participants.

[rakoo]

> No multi device support.

That's an issue with your client and protocol, not with e2e

> No shared history for group chats.

Same

> Scaling get progressively harder with increasing participants.

Same

> No transcoding for video.

Now that's a more palpable issue. Also no size reduction of photos which is probably more used as a media.

[vetinari]

> That's an issue with your client and protocol, not with e2e

That's issue with distributing the keys among multiple parties.

> No shared history for group chats.

> Same

Exactly. What's e2e good for, if you give keys to the entity that does the archiving?

[rakoo]

If you have 2 devices, one device can send messages to the other, all e2e encrypted. It's the same for group chats: if you are part of a chat, any participant can send you the history of the chat.

All those issues are protocol-related. E2E only stipulates that the message can't be read between the two ends, it doesn't say you can't send a technical message for making a better UX.

[vetinari]

> if you are part of a chat, any participant can send you the history of the chat.

Re-sending parts of the chat kind of removes the guarantees of the secret chat (just like backups defeat the purpose of e2e). These apps have also expiring and non-screenshotable messages, you don't want to resend that.

Ideally, all messages sent should be only decryptable by given set of keys (i.e. one key for each device used by each party of the chat; or, depending on the size of the message, ephemeral key used for message encryption, decryptable by each device that is supposed to receive it). Now the key distribution is the non-solved part.

[rakoo]

"Secret chat" is something only Telegram and pseudo-private messengers have. No application can ever provide assurance that messages aren't backed up. When it's sent, it's sent; you don't control it anymore. Re-sending the message is something you can only assume can be done. The experience given with expiring messages is just that: an experience.

Now, secret chats don't necessarily mean "this message can only be read by one device". To answer your second paragrah I disagree: a message shouldn't be sent to a given set of keys but to a given set of participants. Each participant may have one or more devices and should be able to read messages whatever way they want.

Also key distribution is "solved" by not counting on the user to do it but doing it for them: see what Matrix, Signal, Deltachat, XMPP (OMEMO) and probably others are doing.

[est31]

Doesn't even have to send the full history of the chat, it can only send you the encryption key while the history is stored on the server.

[rakoo]

Indeed, and you can go even further: with e2ee there is no need for central server beyond dumb distribution of opaque blobs. So the history can be exchanged by the whole network and the encryption keys shared recipient by recipient on a need-to-know basis. That's what bitmessage is doing, for example

[vetinari]

(At least Threema does it this way): Server doesn't really store the messages long term; only until the receiver picks it up. With just two devices - sender and receiver - you have a guarantee that once the single receiver picks it up, there's none else to do the same and can be safely dropped.

[parhamn]

> There is no con to e2e, and many cons for snake oil/plaintext.

Is this true? From anecdata every e2e encrypted platform I used is much lower quality than the alternatives (iMessage, Signal, etc). Things like multi-device sync don’t work that well. Is this really just a coincidence? Telegram claims they can’t provide the same quality chat (and snappy cross platform crispness is really their competitive advantage) with e2e. Is this just a fake limitation?

[newscracker]

Technically, E2E increases the complexity of the applications and servers, but it shouldn't really affect quality of chats or messages. One area where this will be a problem is in search. Telegram claims that is can search chats faster because those are on its servers, and anecdotally, I have seen Telegram's search being better and faster than the other platforms I use or have tried (they have to search only on the local device, which then has an impact on battery life for phones and tablets).

The other bigger drawback with E2E is that the servers of those platforms don't store the chats permanently (they store it for about 30 days or so to deliver the messages to devices when they come online, depending on the platform). So syncing chat history across devices gets affected by this choice (it could still be done, but the complexity and speed of syncing grows a lot).

Wire does E2E for all chats and syncs all chats across devices. But it too doesn't sync chat history on newer linked devices. It also took the (what I consider as inferior) choice of using Electron for its desktop apps, which makes it quite sluggish.

[kitkat_new]

> he other bigger drawback with E2E is that the servers of those platforms don't store the chats permanently (they store it for about 30 days or so to deliver the messages to devices when they come online, depending on the platform).

Not true: Matrix is fine with storing messages permanently