> where the messages are encrypted in transit, but the server has access to the messages.
So the easiest and most useless kind. There were 1000s succesful db leaks for 1 successful mitm. Last time I heard of one, I did it myself on WEP. Https everywhere trend is super annoying for me because all it does for me is make my life difficult when I want to save time and transfer by setting up local caching proxy for myself.
> the volume of messages people do in high-traffic Discord or Zulip communities.
Why do people recieve volume of messages that's too expensive for their device to decipher? Are they gonna read them all?
Decryption should happen as needed. Before render. Before building local search index.
And what's up with notifications? Can't background process of my local app notify me?
> metadata like channel membership ... so a malicious server could just add a fake user to every channel
If you post to a channel anyone can join it's by definition public message regardless of any encryption. So no encryption needed.
> For example, the server provides the source code for the web app and can freely modify that code to steal all the messages the user can still read.
We should have an abstraction that is a socket that encrypts outgoing packets with my private key and deceypts incoming with provided public key.
Such chat apps should have only the right to use such sockets but not general ones.
So the easiest and most useless kind. There were 1000s succesful db leaks for 1 successful mitm. Last time I heard of one, I did it myself on WEP. Https everywhere trend is super annoying for me because all it does for me is make my life difficult when I want to save time and transfer by setting up local caching proxy for myself.
> the volume of messages people do in high-traffic Discord or Zulip communities.
Why do people recieve volume of messages that's too expensive for their device to decipher? Are they gonna read them all?
Decryption should happen as needed. Before render. Before building local search index.
And what's up with notifications? Can't background process of my local app notify me?
> metadata like channel membership ... so a malicious server could just add a fake user to every channel
If you post to a channel anyone can join it's by definition public message regardless of any encryption. So no encryption needed.
> For example, the server provides the source code for the web app and can freely modify that code to steal all the messages the user can still read.
We should have an abstraction that is a socket that encrypts outgoing packets with my private key and deceypts incoming with provided public key.
Such chat apps should have only the right to use such sockets but not general ones.