Community chat — encryption & devices

This page explains how private messages work in Moinho Novo community chat, how to verify your device, and how to use Element Web as an alternative client.

If you only use the shared #community room and never send direct messages (DMs), you can skip most of this. The community room itself is not end-to-end encrypted, so its history is readable on any device where you are signed in.

If you do use DMs — or plan to — read this before you need it.

Quick summary

Topic	What you need to know
Community room	Not encrypted. Works on any browser after Moinho ID sign-in.
Direct messages (DMs)	Encrypted end-to-end by default when started in Cinny. Only your devices can read them.
Verified device	Required to decrypt DMs on a browser or computer. Without verification, messages show as “Unable to decrypt”.
Recovery passphrase	A memorable backup password that lets you verify a new device when no other verified device is available.
Recovery key	A long one-time code (starts with E…) generated alongside the passphrase. Store it somewhere safe.
Element Web	Alternative client at element.moinho-novo.com — same account, useful for mobile linking and some verification flows.
Mobile apps	Element X (recommended) via QR login from Element Web; FluffyChat via direct OIDC sign-in. Same #community room and DMs.

---

1. How DMs are encrypted

Moinho Novo community chat runs on Matrix. The web client embedded in the portal is Cinny (chat.moinho-novo.com).

Community room vs direct messages

• #community — the shared members’ room — is intentionally not encrypted. When you open Community in the portal you land here. History is stored on the server in a form the server can read, so you do not need device verification to participate.
• Direct messages (DMs) — private one-to-one chats you start from Cinny — are end-to-end encrypted (E2EE) by default. The server only stores ciphertext; it cannot read the content.

What “end-to-end encrypted” means in practice

When you send a DM:

1. Cinny encrypts the message on your device using keys that never leave your browser (stored in local storage / IndexedDB).
2. The encrypted payload is sent to the Matrix homeserver and delivered to the recipient.
3. Only devices that hold the correct decryption keys can read it.

This is strong privacy, but it comes with responsibility:

• Each browser or computer is a separate “device”. Signing in on a new laptop does not automatically give it your old encryption keys.
• You need at least one verified device (or your recovery passphrase / recovery key) to unlock encrypted history on a new login.
• If you sign in somewhere new and skip verification, DMs may show “Unable to decrypt” — the messages are still there, but that device does not yet have the keys.
• We cannot recover your DMs for you. Neither Moinho Novo staff nor the server operator can read encrypted DMs or reset your encryption keys. If you lose every verified device and your recovery passphrase/key, encrypted DM history is permanently unreadable.

Why verify?

“Device verification” (sometimes called cross-signing) ties your devices together under one identity. Once verified:

• New devices can receive encryption keys from devices you already trust.
• Your key backup on the server (encrypted with your recovery passphrase) can be restored.
• Other members can optionally restrict sending encrypted content to verified devices only.

Do this on your first login on the device you expect to use most often, before you rely on DMs.

---

2. Verify your device and set up a recovery passphrase (Cinny)

These steps use Cinny at chat.moinho-novo.com. Open it in a dedicated tab (from the Open … in a dedicated tab link on the Community page) so settings are easier to use than inside the portal iframe.

Open Settings → Devices

1. Sign in with Continue with Moinho ID if prompted.
2. Open Settings from your profile area (avatar / account menu).
3. Select Devices in the settings sidebar.

You should see a Security section, your Current device, and any Other devices.

First-time setup — enable device verification

If device verification is not set up yet:

1. In Security, click Enable.
2. Cinny opens Setup Device Verification.
3. Enter a Recovery Passphrase — a long, memorable password you will not forget. This is optional in the UI but strongly recommended; it is how you recover access without another device.
4. Click Continue.
5. Cinny generates a Recovery Key — a long code starting with E. Copy or download it and store it somewhere safe (password manager, printed copy in a secure place). You need this if you lose all devices and forget the passphrase.
6. Confirm and finish setup. Your current device should show as Verified.

Keep both the recovery passphrase and recovery key safe. Treat them like a backup password for your private messages.

Check key backup is connected

Still in Settings → Devices, look for the backup / restore section:

• Connected — encrypted keys are being backed up to the server (good).
• Disconnected or No backup present on server — complete device verification setup above, or use Restore Backup if you are on a new device (see section 3).

Cinny may also offer Local Backup (export/import a file). That is optional; the recovery passphrase + server backup is usually enough.

---

3. Verify a new device using an existing verified session

You added Cinny on a second browser, a new computer, or cleared site data — and DMs show Unable to decrypt. Use one of the methods below.

Method A — Verify from a device that is already verified (recommended)

This transfers trust and encryption keys from an old verified session to the new one.

On the new (unverified) device:

1. Sign in to chat.moinho-novo.com.
2. Open Settings → Devices. The current device shows Unverified.
3. Leave this screen open. Cinny may show: “Start verification from other device or verify manually.”

On your existing verified device (same account, already set up in section 2):

1. Open Settings → Devices.
2. Under Other devices, find the new session (browser name / “Cinny on …”).
3. Click Verify next to it.

Back on the new device:

1. Accept the verification request when prompted.
2. Compare the emoji shown on both screens — they must match in the same order.
3. Click They Match on both sides.
4. Wait for Your device is verified. The backup should restore in the background; older messages may take a few seconds (or occasionally longer in busy rooms) to decrypt.

If verification completes but some messages stay encrypted, stay on Settings → Devices and check that backup shows Connected, or choose Restore Backup manually. Reloading the page after verification often helps.

Method B — Verify manually with recovery passphrase or recovery key

Use this when you do not have access to any verified device — for example, you only have your phone’s browser and your main laptop was reset.

On the new device:

1. Sign in to Cinny.
2. Open Settings → Devices.
3. On the unverified current device, click Verify Manually.
4. Choose Recovery Passphrase (if you set one) or Recovery Key (the E… code you saved).
5. Enter it and confirm. Cinny verifies the device and restores the key backup.

After success, encrypted DMs should decrypt as keys sync. Give it a minute on slow connections.

If verification gets stuck

• Make sure you are comparing the same session on both devices (session IDs should match in Settings → Devices).
• Try Verify Manually with the recovery key even if emoji verification appeared to succeed — some users report Cinny only shows Verified after entering the recovery key.
• As a last resort, sign out the stuck session from Settings → Devices on a working device, sign in again on the new browser, and repeat Method A.

Do not use Reset Device Verification unless you have lost every device and both recovery passphrase and recovery key. Resetting breaks trust with other people’s clients and wipes your server-side key backup.

---

4. Using Element Web instead

We also host Element Web at element.moinho-novo.com.

It talks to the same Matrix account as Cinny (same @username:matrix.moinho-novo.com ID, same #community room, same DMs). Sign in with Moinho ID the same way. Element is not embedded in the customer portal — open it directly in your browser.

When Element is useful

Use case	Why Element
Element X on your phone	Sign in at Element Web → Link new device → scan the QR code with Element X. The phone is logged in and verified for E2EE.
You prefer Element’s UI	Some people find Security & Privacy settings clearer in Element.
Cinny verification trouble	Element implements the same Matrix E2EE standards; verifying in Element often fixes access on Cinny too (and vice versa), because keys are account-wide.
Voice/video calls	Both clients can use Matrix calling when enabled; either works.

Element equivalents for encryption setup

In Element Web:

1. Open Settings (gear icon) → Encryption (or Security & Privacy depending on version).
2. Set up recovery — create a Recovery key and optional Recovery passphrase (same concept as Cinny).
3. Verify this session — use another verified device, or enter recovery key/passphrase.
4. Verify other sessions — under Sessions, verify new logins from a trusted device.

You only need one recovery setup per account. If you already configured recovery in Cinny, use the same recovery passphrase or key in Element — do not create a second backup unless you intentionally reset verification.

Which client should I use?

• Day-to-day chat in the portal — Cinny (embedded Community tab).
• Mobile app, QR login, or encryption troubleshooting — Element Web + Element X.
• Private DMs — either client, but set up verification once on whichever device you use first, then verify additional devices from there.

---

5. Mobile apps (Element X, FluffyChat)

You can use community chat on your phone with a Matrix client app. It is the same account as Cinny and Element Web — same @username:matrix.moinho-novo.com ID, same #community room, same DMs.

Sign in with the same Moinho ID email you use for the customer portal. You do not create a separate chat account; our systems link your member account to Matrix the first time you sign in on the web.

Before you start

Requirement	Why
Active member account	Chat is for Moinho Novo members. Open Community in the portal or sign in on the web at least once before trying mobile, so your Matrix user exists and is in #community.
Homeserver matrix.moinho-novo.com	Our chat does not use matrix.org or other public servers. Always pick or enter matrix.moinho-novo.com.
Recovery set up (if you use DMs)	If you already use encrypted DMs on the web, set up a recovery passphrase on a verified browser session first (section 2). Mobile can then verify against that backup.

Element X (recommended)

Element X is the mobile client we test with. It supports our QR device linking flow, which logs your phone in and transfers encryption keys — the smoothest option if you use DMs.

Link Element X with a QR code (recommended)

You need a desktop or laptop browser for the first step. Element X scans a code shown in Element Web after you sign in there.

1. On your computer, open element.moinho-novo.com and sign in with Moinho ID (same email as the portal).
2. In Element Web, open your user menu → Link new device (wording may vary slightly by version). A QR code appears.
3. On your phone, install Element X from the App Store, Google Play, or F-Droid.
4. Open Element X and choose Sign in with QR code (or Scan QR code), then scan the code on screen.
5. Confirm on both devices if prompted. Element X should land in your account, with device verification and key backup handled as part of the link flow.

After linking, search for #community or open matrix.to/#/#community:matrix.moinho-novo.com on the phone to jump into the members’ room.

If QR linking is unavailable

Some browser or app versions show “Your account provider doesn’t support signing into a new device with a QR code” if the link step fails. Try:

• Use Element Web at element.moinho-novo.com (not the generic app.element.io site).
• Update Element X and Element Web to the latest version.
• If it still fails, use FluffyChat (below) or stay on Cinny/Element Web in the phone browser.

Encryption on Element X

• Community room — readable immediately after sign-in (not E2EE).
• DMs — if you linked via QR from an already-verified Element Web session, keys usually transfer automatically. If DMs show Unable to decrypt, open Settings → Encryption in Element X and enter your recovery passphrase, or verify the phone from a trusted device (section 3 — same steps, different client).

FluffyChat (alternative)

FluffyChat is an open-source Matrix client for iOS, Android, and desktop. It can sign in directly with OIDC (Moinho ID) without the Element Web QR step. We support it as an alternative, but Element X + QR is the path we recommend for the fewest sign-in surprises.

Sign in with FluffyChat

1. Install FluffyChat from the App Store, Google Play, F-Droid, or fluffychat.im.

2. Start Log in (not “Register” — your account is already provisioned as a member).

3. When asked for a homeserver, enter:

   matrix.moinho-novo.com

4. FluffyChat should detect OIDC / SSO login. Tap Continue (or similar). Your browser opens the Moinho ID sign-in page.

5. Sign in with the same email you use for the customer portal.

6. When the browser finishes, it should return to FluffyChat. Allow the redirect if your phone asks whether to open the app.

You should see the same rooms as on the web, including #community.

FluffyChat tips and limitations

Issue	What to try
Browser does not return to the app after Moinho ID	Disable “block app links” / “ask before opening external apps” in Brave or similar browsers. Retry sign-in; you may need to use Safari or Chrome as the default browser for the OIDC step.
Only username/password login appears	Confirm the homeserver is exactly matrix.moinho-novo.com. Check FluffyChat’s ⋮ menu on the login screen for other sign-in options.
“Registration” or empty account	Use Log in, not register. You must already be a Moinho Novo member with portal access.
DMs won’t decrypt	Complete device verification in FluffyChat’s security settings, or enter your recovery passphrase from section 2. You can also verify the phone from Cinny/Element Web (Settings → Devices → Verify on the new session).

FluffyChat does not use Element Web’s QR linker. If OIDC sign-in is problematic on your device, use Element X instead.

After installing any mobile app

1. Open #community — search for community in the room list, or use the matrix.to link.
2. Enable notifications — in the app’s settings, allow push notifications if you want alerts (optional).
3. Verify the new device — if you use DMs and did not link via Element QR, treat the phone as a new device (section 3).
4. Same clients, same keys — verifying or restoring backup on any client (Cinny, Element, FluffyChat) applies to your whole account.

Which mobile client should I use?

Client	Best for
Element X	Recommended. QR login from Element Web; best tested with our Moinho ID + encryption setup.
FluffyChat	Open-source alternative; direct OIDC login without a computer, if the browser hand-off works on your phone.
Mobile browser + Cinny	Quick access without installing an app — open chat.moinho-novo.com from the Community page’s Open … in a dedicated tab link.

We do not support signing in through generic matrix.org accounts or third-party servers — only matrix.moinho-novo.com with your member Moinho ID.

---

Troubleshooting encrypted messages

Symptom	What to try
DMs show Unable to decrypt on a new browser	Settings → Devices → verify this device (section 3).
Verified, but old messages still encrypted	Wait a minute; use Restore Backup in Settings → Devices; reload the page.
No verified device and no recovery passphrase/key	Encrypted history cannot be recovered. Set up verification on your next login and store recovery details safely.
Someone else’s messages to you won’t decrypt	Ask them to verify their device; they may be sending from an unverified session.
Community room works but DMs do not	Expected — community is not E2EE; DMs require device verification.
Mobile app login fails or loops	Confirm homeserver matrix.moinho-novo.com; use Moinho ID email; for Element X try QR via Element Web; for FluffyChat allow browser → app redirect — see section 5.

For other chat issues (sign-in, loading), see Community chat. For polls and the Spotify playlist, see Community.

Related

• Community — polls, playlist, and page layout
• Community chat — opening chat and troubleshooting
• Profile — profile photo syncs to chat