@amd Thanks for asking! I am curious about what is encrypted when e2ee is enabled.
I’ve been discussing the vulnerability disclosure from 2022 with others here on fedi, and was curious about the state of e2ee for user invites to rooms, but couldn’t find anything that summarized what is encrypted and what isn’t.

@amd message contents, message type and file contents in private rooms is e2ee. metadata isn’t: sender, timestamp, room id. stuff that the server needs to see to aggregate is also not e2ee: whether a msg was a reaction (& what the reaction was), whether it’s an edit or reply or thread (& to what msg). room state (room name, topic, avatar, membership) is not e2ee yet either. the plan to improve this is basically arewep2pyet.com, but stalled due to lack of $.

Thanks! Do you have any info about e2ee user invites? Specifically, that was listed as one of the ways to remedy a malicious server crafting invites to a room. I haven’t been able to find whether that has been implemented yet.

@amd i think you’re asking about github.com/matrix-org/matrix-s… which is designed but not implemented yet (stuck behind fixing UTDs in general)

One thing I'm curious but did't find the answer: Is there any reason that the particular crypto primitives was chosen at the start of libolm development? The most logical thing I can thought of is that WASM didn't exist in 2016 and there aren't any viable, safer alternatives that can be used in libolm during that time.

@ShadowRZ @angdraug @josh just because they were pure C, would compile down to asm.js via emscripten (this was 2015 and pre-wasm), and were functionally correct. and also because exploiting timing attacks remotely over Matrix is at best theoretical. however, we always knew it was (very) bad practice though, which is why we eventually solved it by switching to rust with vodozemac in 2022.