Open ghost opened 5 years ago
Anyone can access a public channel, so the messages there are public and do not need to be encrypted from Rocket.Chat's point of view. But from a hosting point of view this can make sense, e.g. if the service is operated in a cloud. Because even then you don't want these messages to be read by the cloud operator, but by all Rocket.Chat users. In this respect I think that there are also cases in which public channels should be encrypted.
Yeah, E2E encryption for public channels would be really awesome.
Public only means its accessible by all users of the server, it has nothing to do with security. If we want security for all users and all conversations, then E2E should be used for everything by default, like Whatsapp and Signal do. Encryption should be as much invisible to the users as possible.
This seems to be done on purpose, shown here: https://github.com/RocketChat/Rocket.Chat/blob/develop/packages/rocketchat-channel-settings/server/methods/saveRoomSettings.js#L76
...why? There's not that large of a difference between a private and public channel.