I wrote [1] (Thanks for the reference) , and i skipped encryption for the sake of simplicity.
I'm enabling encryption as we speak.
If you host the server yourself, on a controlled setting (VPS), it should allow for a fairly secure way of communication if TLS is used. The communication channel would resemble this rough ASCII drawing:
In the end you always have to trust the person hosting the service. Host things yourself.
I don't see this channel of communication as being truly secure, without audits where and how its deployed. Web apps are riddled with vulnerabilities, how much of the attack surface from a website would compromise the live chat embedded is a guess until it happens.
I should point out that my "solution" is intended for personal websites, people who enjoy Matrix a lot :) . Not for corporations at all.
TLS for browser communication should work great; if the website can't control its scripts, then there's no reason to trust its execution anyway. The main problem space, in my opinion, is encryption support between your service and the Matrix server, as messages get stored long-term in that space, which comes with possible privacy risks. Your solution would probably mitigate that problem perfectly!
I wrote [1] (Thanks for the reference) , and i skipped encryption for the sake of simplicity.
I'm enabling encryption as we speak.
If you host the server yourself, on a controlled setting (VPS), it should allow for a fairly secure way of communication if TLS is used. The communication channel would resemble this rough ASCII drawing:
[Browser] <---TLS---> [livematrix] <---e2ee---> [Matrix homeserver]
In the end you always have to trust the person hosting the service. Host things yourself.
I don't see this channel of communication as being truly secure, without audits where and how its deployed. Web apps are riddled with vulnerabilities, how much of the attack surface from a website would compromise the live chat embedded is a guess until it happens.
I should point out that my "solution" is intended for personal websites, people who enjoy Matrix a lot :) . Not for corporations at all.