Differences

This shows you the differences between two versions of the page.

--- security [2026/03/30 02:14] – admin
+++ security [2026/03/30 02:34] (current) – admin
@@ Line 17: / Line 17: @@
         * Enable End To End Encryption (E2EE) for sensitive rooms.
       * Security And Privacy Notes:
-        * Metadata leaks are possible, as all metadata is not encrypted. This includes usernames of who are in encrypted chat rooms, as along with their name.
+        * While messages are encrypted in E2EE rooms, privacy leaks are possible. Metadata is not encrypted and currently not supported by the protocol, although it' being worked on.This includes usernames of who are in encrypted chat rooms, who created the room, and the title of the room.
-        * Homeserver owners can join encrypted chats and impersonate users by adding their own device key to the target users account.  This is a bug that is being mitigated in 2026 by requiring clients to confirm device keys of other users. https://element.io/blog/verifying-your-devices-is-becoming-mandatory-2/.
+        * Homeserver owners can join encrypted chats technically. They would have to impersonate users by adding their own device key to the targeted user account.  This is a bug that is being mitigated in 2026 by requiring users to confirm new devices added to their account https://element.io/blog/verifying-your-devices-is-becoming-mandatory-2/. Note users will be notified that a new device was added, and they should not validate it to avoid having messages sent to it.
         * A stolen domain for homeserver can gain rights as any user that has joined the room from the homeserver, This is due to Matrix stores permissions as user@homeserverDomain.com for rooms.
         * Fluffychat client is recommended, as it supports multiple profiles.
         * Users joining E2EE encrypted rooms can not see past messages. This is being worked on currently (https://github.com/matrix-org/matrix-spec-proposals/pull/4268).