I wrote [1] (Thanks for the reference) , and i skipped encryption for the sake of simplicity.
I'm enabling encryption as we speak.
If you host the server yourself, on a controlled setting (VPS), it should allow for a fairly secure way of communication if TLS is used. The communication channel would resemble this rough ASCII drawing:
In the end you always have to trust the person hosting the service. Host things yourself.
I don't see this channel of communication as being truly secure, without audits where and how its deployed. Web apps are riddled with vulnerabilities, how much of the attack surface from a website would compromise the live chat embedded is a guess until it happens.
I should point out that my "solution" is intended for personal websites, people who enjoy Matrix a lot :) . Not for corporations at all.
I wrote [1] (Thanks for the reference) , and i skipped encryption for the sake of simplicity.
I'm enabling encryption as we speak.
If you host the server yourself, on a controlled setting (VPS), it should allow for a fairly secure way of communication if TLS is used. The communication channel would resemble this rough ASCII drawing:
[Browser] <---TLS---> [livematrix] <---e2ee---> [Matrix homeserver]
In the end you always have to trust the person hosting the service. Host things yourself.
I don't see this channel of communication as being truly secure, without audits where and how its deployed. Web apps are riddled with vulnerabilities, how much of the attack surface from a website would compromise the live chat embedded is a guess until it happens.
I should point out that my "solution" is intended for personal websites, people who enjoy Matrix a lot :) . Not for corporations at all.