What do you mean? Matrix supports E2EE.
Its not used with e2ee, is it though? At least it’s not the default and I doubt it can even be enabled.
So what is the security flaw assuming we weren’t using e2ee to begin with?
Unless you mean that the simple client should still provide other people that have non-simple clients URL previews, which would only be accomplished if the server generated them.
Yes, like RSS bots, bridges, webhook-bots etc all can produce links the recipient might want to see previews for.
Another thing is that e.g. spammers might choose to use a misleading preview. Though I suppose that’s a minor point, probably server-side previews can be tricked as well.
It doesn’t actually detect moved code, though, like
git diff
can? I gave it a shot and also there’s a couple issues open about it, e.g. https://github.com/Wilfred/difftastic/issues/520 .Other than that, difftastic is quite nice.