Is it really that surprising that the act of reacting to a message with an emoji isn't E2EE, given the server needs to count the number of reactions? One could encrypt the emoji itself, but it doesn't seem like a massively sensitive datapoint in its own right. (That said, we will encrypt them eventually, but it's just not very high priority given the fact it doesn't practically feel very high impact, relative to all the other things we could be doing to improve Matrix).
> Is it really that surprising that the act of reacting to a message with an emoji isn't E2EE, given the server needs to count the number of reactions?
Why couldn't the client simply count the number of reactions?
I can't imagine it'd be a performance issue. After all, if you didn't have reactions you'd have a bunch of in-band "+ 1" comments; if such a thing would bring down the server then I'd assume you'd have much bigger problems.
Just chiming in as a plus one updoot etc. here. I understand the balance of complexity and resources needed to make essentially meaningless data encrypted, and I fall firmly on the side of "do it anyway". I can explain to users that things take longer because they're encrypted, I can't explain to them why they have general sentiment analysis derived from emojis used over time intercepted by <X> in a room they thought was secured.
If communications are generally encrypted then that absolutely is surprising. In that example all the clients could be counting the emoji bs or whatever individually without any server even being aware of the message content.
