Bundle Element Call with Element Web/Desktop

[robintown]

Your use case

What would you like to do?

Bundle Element Call with Element Web/Desktop

Why would you like to do it?

• So that group calls in Element can work in airgapped environments
• So that old versions of Element are guaranteed to use a version of Element Call that they're compatible with
• So that Element Desktop doesn't contact any "external" servers when joining group calls

How would you like to achieve it?

Add Element Call as a dependency of Element Web/Desktop, and integrate it into the build process

Have you considered any alternatives?

Not doing this to keep the implementation simple, and showing a dialog disclosing that the Element Call instance will be fetched when joining a call for the first time to address the privacy concerns

Additional context

No response

[DemiMarie]

To me, this is the only way to get proper end-to-end encryption. Otherwise the Element Call server must be trusted, which violates the end-to-end encryption threat model.

Downloading on first use might work, but only if the downloaded file was signed and the signature was checked, with proper downgrade protection.