top | item 44178927

(no title)

8-prime | 9 months ago

When the message you push out through that websocket are something that server knows about intrinsically, as in, the message contents are produced by the server there is nothing wrong with the approach.

When your server facilitates a communication between two clients and just acts as the infrastructure E2EE can become relevant. If the clients want to be able to exchange information withouth the server being able to snoop in on what is being sent, then you'd want to use E2EE. With that the server won't be able to read what is being sent.

discuss

tonyhart7|9 months ago

- I have public chat that user can chatting in public room (seems like I dont need for this one)

- then notification service is probably something I want to E2EE then, but Idk about performance hit cost would be

0xFEE1DEAD|9 months ago

A public chat - like one that anyone can join at any time without needing an invitation?

If so, then you really don't need any extra encryption.

If not, then it depends on who's using your chat, how they use it, and for what purpose. Are the users of the chat room a small group with occasional users joining or leaving, or are many users expected to join and leave at any given moment?

That being said, encrypting the notifications won't bring any real benefits. A bad actor would simply focus on trying to compromise your server.

If you do decide that full e2ee would benefit your users, then look for someone who can help you implement it.

Implementing real e2ee for a 2 party chat is hard for someone without experience.

Implementing e2ee for a group chat is hard even for someone with experience.