[vetinari]

Secret chat with multiple devices or with group has the key distribution problem - what's good to receive the message, if you cannot read it? When there are exactly two devices, you avoid that problem.

That's why it is not on by default and why it doesn't work for groups. Most users favor convenience over strict e2e.

[kitkat_new]

> Secret chat with multiple devices or with group has the key distribution problem

which is solvable

Signal and Matrix have two distinct approaches to this

[vetinari]

Sure, it is. But it has its own problem.

Signal, for example, copies the received messages into per-device queues that belong to the same identity. The problem for the user is that the user has no visibility into what is really assigned to his identity and where copies of his messages are routed encrypted by which keys; it could be used to implement anything between CALEA to Prism access.

I'm not familiar with the Matrix approach, so I won't comment on it.