Cool, thanks! That's interesting to know. Do you know how they deal with FOI and auditable communications in this case?
PS: I talked about the seemingly unexploitable IND-CCA vulnerability because it means Matrix can't give you some security guarantees: It should be fine - we don't have an exploit, only a vulnerability - but it is not clear how to reason to arrive at "there cannot be an exploit". If you care about security guarantees, you care about it.
Good question about FOI and audit; unsure for their deployment. In general we use audit bots when needed (which are visible in the member list), and even in a client-controlled-membership world, they would complain bitterly if they saw traffic which they didn’t have the keys for.
Fair enough on IND-CCA; as you know, we are fixing it anyway.
PS: I talked about the seemingly unexploitable IND-CCA vulnerability because it means Matrix can't give you some security guarantees: It should be fine - we don't have an exploit, only a vulnerability - but it is not clear how to reason to arrive at "there cannot be an exploit". If you care about security guarantees, you care about it.