Riot releases end-to-end encryption: get ready to chat securely!
End-to-end encryption gives users true privacy, preventing anyone else from eavesdropping on conversations — even the very communications services they’re using. This is incredibly important for a decentralised ecosystem like Matrix on which Riot is built, where data can span across many different servers, and users should not have to trust any of those servers.
End-to-end encryption is also a real differentiating feature from most other popular collaboration apps whose business models fundamentally rely on being able to read, analyse and profile your conversations.
So back to Riot’s specifics, it’s worth noting that few weeks back we released 0.8.4 with a bunch of bug fixes, which we failed to advertise much, sorry :/ But today it’s version 0.9.0 going out live on the web, in which admins can enable end-to-end encryption in their rooms, making servers owners unable to reading the content of your discussions!
The prrrrrrecious toggle is located in the room settings on the web, but be careful: this cannot be undone! We want to avoid race conditions if someone sends confidential info while the other deactivates crypto.
Now every room displays a padlock next to the text input area, either open or closed depending on whether the room is encrypted or not.
Once encryptedly chatting you’ll see a bunch of new indicators coming up next to the messages: padlocks and warning signs telling you whether the message came from a device you verified as belonging to your contact. Riot also provides the ability to exclude a device from the conversation if you don’t trust it or don’t want to include it. However we’re very aware that the device verification process itself still needs a lot of work and today relies mainly on out-of-band device fingerprints verification, which isn’t a very slick experience and will be fixed soon. The final goal is also to have newly joining devices be able to catch-up on history in encrypted rooms, which is not available yet, so once joining an already encrypted room users won’t have access to history. On the plus side attachments and call set up are all encrypted, on the three platforms!
So here we go, we’d love you to go ahead and play with encrypted rooms but just bear in mind that there are still a few issues that need to be fixed before we consider it completely out of beta so we don’t recommend using it for anything critical, and we encourage you to file bugs to help us improve it! All three platforms now support end-to-end encryption, you’ll just need to upgrade to the latest version on Android. The iOS will be available very shortly in the store [EDIT: the iOS app is now available in the stores!], but in the meantime you can just email us your email address at firstname.lastname@example.org and we’ll add you to the iOS beta program if you’re interested in trying it now!
And finally, check out the Matrix blog post for all the details of implementation and history of the journey getting this out of the door: we’re super excited to finally be closing the gap we had on privacy and be one of those making Matrix’s great goals of freedom, choice and privacy accessible to anyone!
— Amandine and the Riot team