• Spedwell@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Sticking two E2EE tunnels together with a plaintext middleman doesn’t result in a single E2EE tunnel.

    The reason the distinction is important is because the security profile is vastly different—a compromised server leads to a compromised message—which isn’t true for actual E2EE services like a pure Matrix link.

    Side note: the first thing you should ask of a “end-to-end encrypted” product to you is “which ‘ends’ do you mean?” I’ve seen TLS advertised as E2EE before.

    • Spedwell@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Adding: TLS is actually a pretty apt analogy here.

      You could make a chat server that just accepts plain text messages over a TLS link, and that’s basically the same security topology as with this Beeper bridge.

      But no one would call that a E2EE chat.