Please enable JavaScript for full functionality

IT Services Group D-PHYS

Security

Element is similar to email regarding security precautions you should take (see Use email with care). Anyone on the Internet can contact you, send you spam and viruses or try a phishing attack.

However, Element has advanced features to confirm your correspondent's identity, which makes it much more secure than email.

Identity

The 'displayname' is an arbitrary name that users can set as they wish. This is the name you will see in Element's message history. The 'MXID' (Matrix ID) is better suited to confirm an identity. It has the following format:

@localpart:domain

You can check it by hovering over the avatar (picture) next to the name in the message history. Click on the avatar, which will open the right sidebar with additional information about that user:

For D-PHYS users, the following rules apply:

  • 'localpart' is the D-PHYS Account name
  • 'domain' always is phys.ethz.ch

There is still the risk that the account was hijacked (guessed or stolen password). To further increase security, see user verification.

Encryption

Our server uses latest Transport Layer Security (TLS) standards. This encrypts all traffic from your client to the server. You may still see Send a message (unencrypted).... This means that the message you send will not be using end-to-end encryption (e2ee). If e2ee is enabled (the default, starting from Element version 1.6.0), your messages and files are encrypted before they leave your device, and stay encrypted until they reach the other participants' devices. End-to-end encrypted messages can only be read by the participants in the conversation.

Federation (where is my data stored?)

See how federation works. Rooms are decentralized and could be synced to other Matrix homeservers. As long as all participants in a room are on our server (domainpart of MXID = phys.ethz.ch), the message history is on our server only. If D-PHYS external participants (from other domains) join the room, the message history will be synced with the homeservers that holds their account. You can control that by setting the room to invite only and carefully choose who may join.