[woojoo666]

The user has to trust the business no matter what. Even if the chat was e2e encrypted, the business could just choose to share the messages with somebody else.

This use case is more for the business, who knows that the chat is hosted by a 3rd party, but is reassured that the 3rd party wont have access to messages.

[eis]

The point is that the host can modify the code at will and can therefore access the messages if they wanted to. It defeats the idea of e2ee which is to make it impossible for a middleman to access the messages.

With e2ee you have to trust the client. But a client that is running as a website hosted by someone else can't be trusted as the host can modify it and you'd never known because browsers don't have a way to alert you when a site changed.

The only way this makes sense is if you (or your business) self-hosts.

[woojoo666]

Another option is for the business to host the (open source) chatbox themselves, but the messages are stores and routed through a 3rd party. The chatbox is probably just a plug and play component that can be embedded in any page, and hosted statically by the business. Much easier than self hosting the entire messaging infrastructure.

This is one of the major benefits of having an open protocol like Matrix. The clients are separate from the servers. People with more resources and more expertise can host the servers, while regular users just need to download an open source client, and they can rest assured that the messages are secure.