End-to-end (e2e) encryption support
This would require major architectural changes for the Mattermost server, but adding some use cases to gather feedback from the community.
Server admins wouldn't be able to read the content of conversations because they don't hold the keys to decrypt, which means users wouldn't have to worry about
- Server admins spying on their private conversations
- Governments subpoening server admins into handing over conversations
- Hackers taking control of the server being able to read the conversations
The e2e feature would be very useful for our project, some of our users need this security level for their channels.
Could be achieved by adding this: ➡️ https://mattermost.uservoice.com/forums/306457-general/suggestions/12818799-off-the-record-messaging
Adding End to end encryption would make Mattermost much more useful. Right now the best options for security and privacy messing and calling would be XMPP + Mumble. If E2EE was added Mattermost would immediately be the replacement for XMPP.
Reminding that users that self-host services, do it with privacy in mind. I'm my opinion MM shouldn't be shipped without end to end encryption.
If you're interested in a Proof-of-Concept, check out https://git.estate/scitor/webchat-end2end
No need to change anything on the server, it can be used as a bookmarklet.
You can demo it here https://oss.mattermost.com/space-motors/channels/encrypted
This would also be a huge game changer for companies and other organisations running mattermost. Workers would be able to share information with each other about organising and unionising without fear of admins penalising them for it.
Raphael Mimoun commented
This feature would be a game-changer for a whole range of organizations working on sensitive issues (democracy groups, human rights defenders, election monitoring, international organizations, etc). For these organizations, it is paramount that ***nobody*** can read conversations except for the conversation participants, not even server admins.
Currently, the options for an end-to-end encrypted alternative to Slack are WickrPro (very expensive and not particularly usable) and Wire (decent but nowhere near Slack). Which is why many groups are stuck on Signal, which is incredibly inconvenient for actual work communication.
Clearly, this would be a major change to the Mattermost infrastructure, and require a large amount of work. In particular, all the cool features (reply, tag, search, etc) would be hard to implement. But it's doable (Wire has done it).