Our great sponsors
-
Zulip
Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Although this bug report [0] states the difficulties facing them, zulip doesn't do e2e, which is a deal breaker for many communities. So, a title as you suggest should be "Why your Zulip data will stand the test of time, provided no one steals it".
Aren't we a long way down the road of understanding that all server systems should be regarded as an "untrust" environment? I feel this way about my own self hosted systems. If your critical data leaks, you're hosed.
If corporate needs to have audit trails then there needs to be a system that deliberately breaks e2e, something that all clients posting on that system know about and display messages about, rather than the current implementation.
About server side search... that's a different issue, but couldn't it be done with hashing keywords on the client and a disclaimer on how this may reduce security?
So, all in all, I get why e2e is hard for zulip, but standing the test of time without it could be difficult.
[0] https://github.com/zulip/zulip/issues/6096
> complicated to deploy. Not just a simple docker container or anything.
Huh? https://github.com/zulip/docker-zulip