as far as i can see, client-side e2e encryption in the browser requires *a bunch* of changes to browser tech?
we can't do it with cookies holding the private keys, since many people block cookie usage & cookies are readable by anyone. we'd need to have local storage that the server authenticates for, otherwise any server would be able to read out the private key from storage via js & send it to the attacking server…
but maybe there's some obscure way to route around those concerns?
but in that case, I'd worry about bugs in the obscure implementation of that feature.
how do whatsapp/signal/telegram desktop clients work? you'd basically either need to transfer the private key (in which case the encryption isn't e2e anymore?), or generate new keys for every device.
cursed cryptography
@niplav You could probably use homomorphic cryptography to encode the private key and send the key used for that encoding to the server. When you need to decode something the server would send you an encoded program for decoding the message. This normally ends up with the "decoded" message still encoded with the server key, but I'm pretty sure this could be worked around.
I'm much more sure there is a better and simpler method for doing this tho. If you are interested in this kind of stuff I would suggest checking out Matrix docs.
