• chebra@mstdn.io
        link
        fedilink
        arrow-up
        0
        ·
        17 hours ago

        @peregus It’s explained in other threads here. The key is in the url but behind # and that part is invisible to the server. protocol://host:port/path?query#fragment, server will only see …?query, so both participants can decrypt, but server can’t => E2EE

        • peregus@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          17 hours ago

          But it’s the server that creates the URL in the first place, so it must knows it, right? …or wrong?

            • peregus@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              17 hours ago

              Oh, ok, now I get it. So it could be checked by a third party if that code is really created by the browser and if it’s not sent to the server, correct?