Just wanted to separate this out as a feature request: implementing end-to-end encryption in the new chat feature.
I think this could be a game-changer, in terms of me as an admin not wanting to have access to people’s personal chat messages, me as a member not wanting other admins to have access to my personal chats, and also in how Discord, Slack, and most others don’t offer this as an option.
I imagine it may not be a first priority, and yet hope it’ll come in the next 7 months Thank you for all you do with Discourse and the new chat function.
I can confirm the encrypt plugin makes private messages between users impossible to read without decryption keys. No admin snooping is possible.
Matrix, Signal, Rocket.chat, Wire offer e2e and are open source. Then there is Whatsapp and Telegram. Just to be clear for anyone else reading this.
Be sure to try out Discourse Encrypt. Works great! Full encryption you add to your session in order to access your encrypted messages between you and x other people. No dependence on categories or other functionality, which is how the chat works. Zero complaints!!!
Ah yes, I could have been more clear: I love that it exists for private messages (topics) and I also want it to exist for the new real-time private chat messages.
I also could have more clear on this. What I meant was that I don’t think private message e2e exists much in the more community-/forum-oriented platforms: Discord, Circle, Slack, Teams, Guilded, Zulip, etc. Yes many primarily 1-1 or group chat platforms have it, as you mentioned. Maybe Matrix, Rocket.chat, and Wire are used similarly for community management but I don’t think they have as many community features.
Anyways, I also love it for private topics and am excited for it in private chats as well
I would love end-to-end encryption in real time chat!
But here’s the thing: encryption for private messages drastically reduces the uses for those messages.
It isn’t always obvious at first. You can add and remove people from private messages, you can use them in your editorial workflow (I use them to capture notes, before sharing them more broadly!), all kinds of things. Encrypt them and suddenly a lot of what we can do is not longer appropriate, given the nature of the encryption involved.
Okay, so now apply that to real time chat.
Uh oh! We are suddenly going to lose a lot of not only what makes a chat channel interesting, but we’re also going to lose what makes Discourse chat interesting: advanced features that are developing as we figure out how to integrate chat into the knowledge capture processes folks already use Discourse for; adding encryption to that will drastically reduce the usefulness of chat, in this case.
I’m a supporter of encrypt-all-the-things! I use OMEMO for all my personal chats, on a server I control. But there are trade-offs, and they are not what I’d want to apply to Discourse Chat. What we’ve got is going to be something very cool on its own.
Also, encrypted PMs are like, already real time chat channels, so there’s that!
Public—“Topic” (with default category security settings of “everyone”, fully public if the site is not login required)
Semi-public—“Topic” (with category security settings restricted to groups)
Private—“Personal Message” (restricted to invited individuals only, I believe)
Public—“Channels” (open to registration but hidden by default, not fully public because not available to non-logged-in users)
Semi-public—“Channels” (with category security settings restricted to groups, I think)
Private—“Personal Chat” (restricted to invited individuals only, I believe)
As you mentioned, I can see such downsides of using encryption for private topics (personal messages), as I see them very similar to sending a private email: sometimes they’re used for drafts, sometimes we want to cc people to bring them into the loop, sometimes we want to forward it, turn it into a public discussion, etc. I still like the benefits of knowing that something is labeled personal is not readable by an admin, but can see some of the tradeoffs.
I also can see the downsides of encryption for public and semi-public chats (channels), as it would make it hard to quote chats into a topic, and even the old, maybe-new-again feature to move chat messages to topics. I like those abilities and wouldn’t want to hinder them; plus, with them being public and semi-public, I have more of an expectation that an admin should be able to read them all.
I strongly still desire e2ee for private chat (personal chat). I rarely if ever will bring another person into a specific chat, instead starting a new group chat. I rarely will use them as drafts or want to convert them into something in a public/semi-public chat channel. I guess I see them as the most intimate form of communication we have online and FB and other platforms don’t have default e2ee on their private chats and many people don’t mind, I think the risk is much higher on smaller communities, as it’s harder to hide in the crowd of millions/billions of people.
I do work with emotions, helping people deal with conflict and say how they’re feeling, and I’ve turned on encryption for private topics and will probably try to turn off the ability for people to send private chats to anyone but me until e2ee exists for it, because I want them to be fully aware that any chat they send, I can see.
So yes, I can see why it may limit other functions on private topics and public/semi-public chat channels, I just really want the most private space on the platform to be as private as it can be.
Perhaps Discourse chat could consider supporting Matrix federation and e2e encryption (based on Signal). See this post about Rocket.chat formally announcing they will support Matrix standards moving forward.
Personally, I find Matrix fantastic. So, certainly worth considering a possible path; at least it makes for interesting conversation.