fix privacyguides#50 by extending notes on Element

Signed-off-by: Stephen L. <lrq3000@gmail.com>
lrq3000 · Dec 3, 2021 · 4c499b0 · 4c499b0
1 parent 42f4c4d
commit 4c499b0
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/_data/software/messengers/2_element.yml b/_data/software/messengers/2_element.yml
@@ -6,8 +6,14 @@ description: |
   <strong>Element</strong> (formerly <a href="https://element.io/blog/welcome-to-element/">Riot</a>) is the reference client for the <a href="https://matrix.org/docs/guides/introduction">Matrix</a> network. The <a href="https://matrix.org/docs/spec">Matrix open standard</a> is an open-source standard for secure decentralized real-time communication.
   
   <h4>Notes</h4>
-  Voice and video calls use the Jitsi library (not Jitsi Meet). Hence, 1-on-1 voice and video calls are end-to-end encrypted, but not group calls.
-  <a href="https://en.wikipedia.org/wiki/Forward_secrecy">Forward secrecy</a> can be enabled by the channel's creator.
+    <p>There are a few gotchas and missing features at the moment that need to be kept in mind to avoid unforeseen privacy breaches:</p>
+    <ul>
+        <li>Voice and video calls use the Jitsi library (not Jitsi Meet). Hence, 1-on-1 voice and video calls are end-to-end encrypted, but not group calls.</li>
+        <li><a href="https://en.wikipedia.org/wiki/Forward_secrecy">Forward secrecy</a> can be enabled by the channel's creator (option: new users cannot access past history).</li>
+        <li>Deleting <a href="https://github.com/matrix-org/synapse/issues/1263">messages and media attachments</a> does not actually delete them from servers but just hide them along with the user stated reason, so that direct links still work. However, if room encryption was enabled, the messages cannot be decrypted by anyone but the intended users. Self-hosting does not resolve this <a href="https://github.com/privacyguides/privacyguides.org/issues/50">issue</a>, since the messages are propagated to other federated servers and sometimes to bridged networks (IRC, Discord, ...), which may or may not choose to keep deleted messages.</li>
+        <li>Reactions are not encrypted (<a href="https://github.com/matrix-org/matrix-doc/issues/2678">link to issue</a>).</li>
+        <li>Nicknames and avatars may leak even in private room (<a href="https://github.com/matrix-org/synapse/issues/5677">link to issue</a>).</li>
+    </ul>
   
   <h4>Audit</h4>
   The protocol was independently <a href="https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last">audited</a>.