I just read this post https://lemmy.world/post/1041399 And I wonder if messages here are end to end encrypted, or readable by admins or semi- public like voting? Thanks

  • taladar@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    Can you elaborate how there is any integration between Lemmy and Matrix? I haven’t noticed any feature related to Matrix in Lemmy so far.

      • taladar@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        I see. I have honestly ignored those “Give us all your other accounts” parts in sign up and profile settings on so many websites for so long I barely even see them any more.

        It is a bit of a surprise to see actual functionality attached to that.

        How does it authenticate you and prevent the instance admin from sending Matrix messages in your name though? Or for that matter, how does it prevent the instance admin from reading your messages before encryption or after decryption?

        • ninjan@lemmy.mildgrim.com
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          It doesn’t go through Lemmy at all, it sends you through Matrix if you chose that option. Just carries in the receiver nothing more. The integration is asking you if you want to send securely when that option is available by both of you having Matrix accounts and told Lemmy about them.

          • taladar@sh.itjust.works
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            I see, so it basically generates the Matrix equivalent to a mailto: link?

            Sounds like in that case the worst an admin could do is essentially a downgrade or MITM ttack by blocking or modifying the message that tells you about the Matrix address of the other person or the fact that they have Matrix.

            • ninjan@lemmy.mildgrim.com
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Yeah, but anytime you use an instance on Lemmy you need to trust those admins. With this being open source its fairly trivial to change it for nefarious purposes while still maintaining the core functionality. Changing links to point to whatever. JavaScript changes to steal the password entered (since so many reuse passwords) etc.