this post was submitted on 05 Jul 2023
10 points (85.7% liked)

Asklemmy

43989 readers
788 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

I just read this post https://lemmy.world/post/1041399 And I wonder if messages here are end to end encrypted, or readable by admins or semi- public like voting? Thanks

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 1 year ago (1 children)

It doesn't go through Lemmy at all, it sends you through Matrix if you chose that option. Just carries in the receiver nothing more. The integration is asking you if you want to send securely when that option is available by both of you having Matrix accounts and told Lemmy about them.

[โ€“] taladar 1 points 1 year ago (1 children)

I see, so it basically generates the Matrix equivalent to a mailto: link?

Sounds like in that case the worst an admin could do is essentially a downgrade or MITM ttack by blocking or modifying the message that tells you about the Matrix address of the other person or the fact that they have Matrix.

[โ€“] [email protected] 1 points 1 year ago (1 children)

Yeah, but anytime you use an instance on Lemmy you need to trust those admins. With this being open source its fairly trivial to change it for nefarious purposes while still maintaining the core functionality. Changing links to point to whatever. JavaScript changes to steal the password entered (since so many reuse passwords) etc.

[โ€“] taladar 1 points 1 year ago

Of course, but it is always good to know what they could do in the worst case.