> It’s a surprise to most people that the majority of embedded chat is not end-to-end encrypted (E2EE).
I don’t know about the general populace, but I would instead be surprised to encounter E2EE in embedded chat.
I also go to what I keep on saying in cases like this: first-party end-to-end encryption is broken by design. To have any semblance of real security, you need to self-host the client software, preferably also obtaining it from a different party from the transport provider. Self-hosting of the entire chat system is the only truly dependable solution here, and in that context for this application, end-to-end encryption adds no value at all, being equivalent to transport encryption.
I don’t know about the general populace, but I would instead be surprised to encounter E2EE in embedded chat.
I also go to what I keep on saying in cases like this: first-party end-to-end encryption is broken by design. To have any semblance of real security, you need to self-host the client software, preferably also obtaining it from a different party from the transport provider. Self-hosting of the entire chat system is the only truly dependable solution here, and in that context for this application, end-to-end encryption adds no value at all, being equivalent to transport encryption.