> In terms of Real Soon Now stuff: - End to end encryption will be landing in a couple of weeks
Will this be based on Axolotl? If so, and you want to avoid the Signal problem of there being a log of messages being passed between users, how are you dealing with that? Or is the idea that to make that type of security guarantee you have to self-host conversations? If so, surely there's still a log of messages being sent there. Maybe you could employ a rubberhose-like setup where you send fake messages that mask the real ones?
Yes, it's using a Double Ratchet implementation - an independent implementation we wrote in C/C++ called Olm (https://matrix.org/git/olm/about). We've also added a new group ratchet called Megolm which lets users in the room share the same ratchet to decrypt the group messages.
The actual ratchet itself does nothing to protect metadata - it's just encrypting the payload of the messages in the room, and providing a 1:1 ratchet to exchange the details of the group ratchet for the room.
Obfuscating metadata is a Hard Problem, and if you don't want your server admins to be able to see who's talking to who, you'll need to look at something like Vuvuzela or Ricochet or Pond. In future we may go down the metadata protecting rabbit-hole, so to speak: https://matrix.org/~matthew/2015-06-26%20Matrix%20Jardin%20E... has the details.
Will this be based on Axolotl? If so, and you want to avoid the Signal problem of there being a log of messages being passed between users, how are you dealing with that? Or is the idea that to make that type of security guarantee you have to self-host conversations? If so, surely there's still a log of messages being sent there. Maybe you could employ a rubberhose-like setup where you send fake messages that mask the real ones?