Your Input Needed: End-to-End Encryption (E2EE) in Mattermost

Feedback
1

Your Input Needed: End-to-End Encryption (E2EE) in Mattermost

Considering End-to-End Encryption

Mattermost is considering adding an end-to-end encryption (E2EE) solution for specific use cases. We need your thoughts on this exceptional security measure.

What is End-to-End Encryption?

E2EE is a special form of security where only the participants can read messages. Not even system administrators can access message content.

Why not do End-to-End Encryption all the time?

Most organizations wouldn’t want E2EE in Mattermost. Here’s why:

  • It prevents administrators from archiving and enabling audits
  • It limits AI-powered features and the effectiveness of searching
  • It complicates compliance with data retention and eDiscovery requirements

It’s strong security, but there are important trade offs to consider.

How we’re balancing security and functionality

We’re exploring ways to offer E2EE for unique situations while preserving essential features:

  • Key Escrow: Allows message recovery in specific enterprise-defined circumstances
  • Client-Side Search: Enables users to search their own E2EE messages

Help us understand if and how E2EE fits with your Enterprise needs:

  • Do you have use cases that require E2EE?
  • Is Key Escrow a useful option for your compliance needs?
  • Would Client-Side Search be sufficient for your E2EE messages?

Share Your Thoughts

  1. Comment below with your feedback
  2. Email fastfutures@mattermost.com for detailed discussions
  3. Express interest in testing our future E2EE prototype

Your insights will help us decide if and how to implement this specialized feature.

1 Like
2

Yes, this is an essential feature not just for large enterprises but also for smaller companies. A system admin shouldn’t be able to snoop into the conversations of the CXO group even if he wanted to. Right now we keep sensitive conversations to other channels and use Mattermost for everything else.

3 Likes
3

For my use case it is also important. For my users it is essential that their private messages will be private, and ability to create private channels also. But I understand that this can be hard to implement.

2 Likes
4

This is really exciting. For us e2ee is essential and it almost made us go for another competitor that enables it. It also makes some of our conversations stay in an App with e2ee, since its mandatory for some of our conversations.

Having e2ee on Mattermost would make it the product that has everything in our checklist.

1 Like