End-to-end (e2e) encryption support
This would require major architectural changes for the Mattermost server, but adding some use cases to gather feedback from the community.
Server admins wouldn't be able to read the content of conversations because they don't hold the keys to decrypt, which means users wouldn't have to worry about
- Server admins spying on their private conversations
- Governments subpoening server admins into handing over conversations
- Hackers taking control of the server being able to read the conversations
This is a critical feature to develop first: any messenger that doesn't support E2EE will be dead.
In my organisation, we have been working with mattermost for a few weeks and are very happy with the features and the interface. But because of the lack of e2ee, we are thinking about moving to something else (maybe matrix).
Ruben Timmerman commented
Two organisations I'm in now are making the move to Matrix for this reason, but I'd like to stick to Mattermost...
Scott Larson commented
This is critical to have with online chat systems. Also I my opinion mattermost should not be shipped without channel level E2EE.
The e2e feature would be very useful for our project, some of our users need this security level for their channels.
Could be achieved by adding this: ➡️ https://mattermost.uservoice.com/forums/306457-general/suggestions/12818799-off-the-record-messaging
Adding End to end encryption would make Mattermost much more useful. Right now the best options for security and privacy messing and calling would be XMPP + Mumble. If E2EE was added Mattermost would immediately be the replacement for XMPP.
Reminding that users that self-host services, do it with privacy in mind. I'm my opinion MM shouldn't be shipped without end to end encryption.
If you're interested in a Proof-of-Concept, check out https://git.estate/scitor/webchat-end2end
No need to change anything on the server, it can be used as a bookmarklet.
You can demo it here https://oss.mattermost.com/space-motors/channels/encrypted
This would also be a huge game changer for companies and other organisations running mattermost. Workers would be able to share information with each other about organising and unionising without fear of admins penalising them for it.
Raphael Mimoun commented
This feature would be a game-changer for a whole range of organizations working on sensitive issues (democracy groups, human rights defenders, election monitoring, international organizations, etc). For these organizations, it is paramount that ***nobody*** can read conversations except for the conversation participants, not even server admins.
Currently, the options for an end-to-end encrypted alternative to Slack are WickrPro (very expensive and not particularly usable) and Wire (decent but nowhere near Slack). Which is why many groups are stuck on Signal, which is incredibly inconvenient for actual work communication.
Clearly, this would be a major change to the Mattermost infrastructure, and require a large amount of work. In particular, all the cool features (reply, tag, search, etc) would be hard to implement. But it's doable (Wire has done it).