I’m aware of what end-to-end encrypted means in a technical sense, but does the lack thereof guarantee the messages are just plaintext readable to whoever’s manning the machine?
My guess is yes but I’ve been known to have wildly incorrect guesses so I want to double-check.
Technically yes. Likely they still use Transport Layer Security that will encrypt the messages in transit, but that encryption is controlled by the company, and not the end user. What that means is that your messages are safe from randos in the cafe on the same wifi as you, but if the company wanted to, they could read them. It also means that if messages are subpoenaed then they can hand over the unencrypted messages to the authorities.
I tried looking at their documentation to see what was going on under the hood, but there were a lot of connection errors and dead ends. They seem to be open source, though, so if you are so inclined you can comb through their code to see what kind of encryption they use.
Personally, I’d stay away. It doesn’t seem like something that I could put my trust in.
Edit: Upon further inspection, I can see that they host on third party servers likely in plain text. That means that these third party hosts have access to your information, too. I’ll go ahead and take this opportunity to double down on not trusting this company with my memes.
Note: stoat is self-hostable. There’s no federation (yet?) but you can run your own server easily
Thanks for the stoat note.
…I’m sorry.
No yer not :D
Last I read about it they weren’t planning on ever implementing federation. Hope they can change their minds.
On their roadmap thingy they do have it, but from what I can see, it’s at the very bottom of their priority list. So it might be something they’ll consider far in the future, but not necessarily soon