Just wanted to separate this out as a feature request: implementing end-to-end encryption in the new chat feature.
I think this could be a game-changer, in terms of me as an admin not wanting to have access to people’s personal chat messages, me as a member not wanting other admins to have access to my personal chats, and also in how Discord, Slack, and most others don’t offer this as an option.
I imagine it may not be a first priority, and yet hope it’ll come in the next 7 months Thank you for all you do with Discourse and the new chat function.
I can confirm the encrypt plugin makes private messages between users impossible to read without decryption keys. No admin snooping is possible.
Matrix, Signal, Rocket.chat, Wire offer e2e and are open source. Then there is Whatsapp and Telegram. Just to be clear for anyone else reading this.
Be sure to try out Discourse Encrypt. Works great! Full encryption you add to your session in order to access your encrypted messages between you and x other people. No dependence on categories or other functionality, which is how the chat works. Zero complaints!!!
Ah yes, I could have been more clear: I love that it exists for private messages (topics) and I also want it to exist for the new real-time private chat messages.
I also could have more clear on this. What I meant was that I don’t think private message e2e exists much in the more community-/forum-oriented platforms: Discord, Circle, Slack, Teams, Guilded, Zulip, etc. Yes many primarily 1-1 or group chat platforms have it, as you mentioned. Maybe Matrix, Rocket.chat, and Wire are used similarly for community management but I don’t think they have as many community features.
Anyways, I also love it for private topics and am excited for it in private chats as well
I would love end-to-end encryption in real time chat!
But here’s the thing: encryption for private messages drastically reduces the uses for those messages.
It isn’t always obvious at first. You can add and remove people from private messages, you can use them in your editorial workflow (I use them to capture notes, before sharing them more broadly!), all kinds of things. Encrypt them and suddenly a lot of what we can do is not longer appropriate, given the nature of the encryption involved.
Okay, so now apply that to real time chat.
Uh oh! We are suddenly going to lose a lot of not only what makes a chat channel interesting, but we’re also going to lose what makes Discourse chat interesting: advanced features that are developing as we figure out how to integrate chat into the knowledge capture processes folks already use Discourse for; adding encryption to that will drastically reduce the usefulness of chat, in this case.
I’m a supporter of encrypt-all-the-things! I use OMEMO for all my personal chats, on a server I control. But there are trade-offs, and they are not what I’d want to apply to Discourse Chat. What we’ve got is going to be something very cool on its own.
Also, encrypted PMs are like, already real time chat channels, so there’s that!
Public—“Topic” (with default category security settings of “everyone”, fully public if the site is not login required)
Semi-public—“Topic” (with category security settings restricted to groups)
Private—“Personal Message” (restricted to invited individuals only, I believe)
Public—“Channels” (open to registration but hidden by default, not fully public because not available to non-logged-in users)
Semi-public—“Channels” (with category security settings restricted to groups, I think)
Private—“Personal Chat” (restricted to invited individuals only, I believe)
As you mentioned, I can see such downsides of using encryption for private topics (personal messages), as I see them very similar to sending a private email: sometimes they’re used for drafts, sometimes we want to cc people to bring them into the loop, sometimes we want to forward it, turn it into a public discussion, etc. I still like the benefits of knowing that something is labeled personal is not readable by an admin, but can see some of the tradeoffs.
I also can see the downsides of encryption for public and semi-public chats (channels), as it would make it hard to quote chats into a topic, and even the old, maybe-new-again feature to move chat messages to topics. I like those abilities and wouldn’t want to hinder them; plus, with them being public and semi-public, I have more of an expectation that an admin should be able to read them all.
I strongly still desire e2ee for private chat (personal chat). I rarely if ever will bring another person into a specific chat, instead starting a new group chat. I rarely will use them as drafts or want to convert them into something in a public/semi-public chat channel. I guess I see them as the most intimate form of communication we have online and FB and other platforms don’t have default e2ee on their private chats and many people don’t mind, I think the risk is much higher on smaller communities, as it’s harder to hide in the crowd of millions/billions of people.
I do work with emotions, helping people deal with conflict and say how they’re feeling, and I’ve turned on encryption for private topics and will probably try to turn off the ability for people to send private chats to anyone but me until e2ee exists for it, because I want them to be fully aware that any chat they send, I can see.
So yes, I can see why it may limit other functions on private topics and public/semi-public chat channels, I just really want the most private space on the platform to be as private as it can be.
Perhaps Discourse chat could consider supporting Matrix federation and e2e encryption (based on Signal). See this post about Rocket.chat formally announcing they will support Matrix standards moving forward.
Personally, I find Matrix fantastic. So, certainly worth considering a possible path; at least it makes for interesting conversation.
Ah, I’m really bummed to hear that. I was really excited for this feature because as a user, I rarely use chat platforms that don’t have e2ee because I don’t want the company having access to one of the most intimate conversation formats, and as the admin, I really don’t want to see what people are sending each other or be legally responsible for it.
If it won’t be something in the near term, I probably see myself disabling personal chat for all the forums I manage, unless I specifically start the personal chat with a person or people so they are fully aware that I’m always privy to the conversation.
Ah OK, then I think I’ll still turn off direct messages (personal chats), as if I set retention really low, I think some people might get really annoyed that their personal chats keep disappearing and have no control over it as they do on other chat platforms.
Also, I’m really curious about the development of the chat plugin, is there anywhere I could go to learn what features are high on the list for development? Is there any type of public roadmap, even if buried in GitHub?
We should be updating the topic for the next release in the next month or so to better reflect our high level plans for the next release of Discourse as a whole, but we haven’t been maintaining a public roadmap for chat or other particular features.
You may be able to make some sense of what’s getting attention by lurking on the discourse/discourse repo and the chat tag here.
Happy to share more informally about what our current priorities are for chat in a separate topic.
I’ll check those three places you mentioned, thank you!
Also, I’ll start a separate topic focused on the current priorities for chat.
Lastly, regarding e2ee for chat, any suggestions on how one might go about building a plugin to do it and in theory, how difficult or expensive it might be to build and maintain? Would the suggestion be to adapt the Discourse Encrypt plugin or some other plugin/library?