users [can] retain access to messages even after logging out of the platform
This sounds great. Nothing bad could happen here. I’m sure the people developing this are competent.
the article says:
Further, if users want to retain access to messages even after logging out of the platform, they must set up a recovery key, which the installation manual suggests storing in a password manager.
this is standard matrix thing. if you log out of matrix and don’t do that, you’re greeted with Unable to decrypt message after next login. this is because it’s on-prem matrix instance (or instances) with mandatory 2fa (freeotp is an option) and registration process tying matrix identity to national id, and it’s intended only for public administration internal use. you can’t just walk up and register you have to work there, and as their threat model is about phishing, this does make sense
the article says:
this is standard matrix thing. if you log out of matrix and don’t do that, you’re greeted with Unable to decrypt message after next login. this is because it’s on-prem matrix instance (or instances) with mandatory 2fa (freeotp is an option) and registration process tying matrix identity to national id, and it’s intended only for public administration internal use. you can’t just walk up and register you have to work there, and as their threat model is about phishing, this does make sense