scoop
Is E2EE encryption a foolish idea for a LiveView app?
Dear community ![]()
I’ve got a few applications in mind for an industry that, like many other, tends to collect tremendously “juicy” (sensitive) data.
There is a strong case to be made for applying end-to-end encryption for both customers and the vendor.
Would such an architecture, in your opinion, invalidate many of the nice things you get with LiveView to the point where a React SPA would make more sense?
Side quest: To make things spicier, the industry in question requires high availability of records and documents. Would E2EE be incompatible with CRDT:s?
Asking for a friend, only wrong answers etc.
![]()
Thanks in advance for any insights and reflections!
Most Liked
Schultzer
Whatsapp is a good example of an end to end encrypted chat app that is powered by the BEAM, the Erlang VM that Elixir runs us, so I don’t see any issue in building an end to end encrypted application in Elixir.
soup
If your records are all encrypted blobs, you can basically ignore anything to do with forms, possibly any kind of “delete child record” actions too depending. You will have to either write custom hooks to decode and encode the (“dead”) form data before transport, or write the form in vue/react/svelt/whatever (and still decode/encode). Hydrating/dehydrating data into and out of the form wont be hard, but rapidly you’ll need some validations etc, which you’d end up building yourself vs using a framework.
It also depends on how sensitive your data is. Can you store the list of vendor clients, and render those via liveview only loading your whateveract-form when editing some records, or is the existence of a client alone sensitive? If everything is sensitive then like you say, you wont get much from liveview when your state is opaque_blob_a → opaque_blob_b, but maybe most of the time your just writing liveviews and only have a few select black boxes around the place.
So disregarding any sensitive interactions, what do you have left? Do you want to push notifications around? Still use a websocket for transport speed? Is it better to just have a/many regular phoenix channels for these? Do you just prefer heex over jsx? If most of your elements are phx-update="ignore" then you wont get much quick dom diffing.
You can embed js frameworks inside LV and use hooks as an adapter layer, but you will hit some friction vs using one ecosystem alone.
mayel
see @jstimps’s implementation for an example: GitHub - jessestimpson/livesecret: Share end-to-end-encrypted data · GitHub
Popular in Discussions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








