Anyone else wondering?

You are viewing a single thread.
View all comments
21 points
*
Deleted by creator
permalink
report
reply
15 points
*

Only if the signal crew collectively fell down, hit their heads and forgot about their whole mission of protecting metadata privacy. Matrix is a privacy nightmare (compared to signal). It offers optional encryption for the actual text of the messages sent, but everything else from room membership lists to reactions are unencrypted and stored forever by the server. The end to end encrypted message feature was bolted on after the rest of the thing was built, and it shows.

We’ve seen https://signal.org/bigbrother/ where signal proudly shows that they don’t have any metadata about their users to turn over. There’s a reason we don’t see anything like this for matrix.

Matrix is good at federating, but fucking horrible at keeping your information safe.

permalink
report
parent
reply
3 points
*

I don’t think you understand why current servers operate the way they do.

Matrix server implementations function on the idea that your data lives in the server, so of course it needs that information (who is here, who is talking to whom) - or else, as an example, if you lost your devices you wouldn’t be able to recover your info (like on Signal).

I don’t want Signal’s Peer-to-Peer solution. I own my server, so I’m okay with keeping my own metadata. I want my communications with others to be encrypted, but recoverable if I lose access to my devices.

I think what you want is a Peer to Peer encrypted solution, which Matrix is working on, but isn’t available yet.

Follow this site for info on Matrix’s progress in that space: https://arewep2pyet.com/ What you’re looking for is info on Pinecone.

TLDR: poop wants a peer-to-peer encrypted network, Matrix is not that (yet).


Further reading:

Matrix’s architecture today means that the servers can see who their users are talking to, and when - but not what (assuming it’s end-to-end encrypted). Just like a PGP mail service like Protonmail. Because Matrix stores conversation history on the server (unlike Signal) so you can get at it when from multiple logins, you end up with that metadata stored on the server.

We’re fixing this by working on P2P Matrix (as per the blog post - it’s one of the main initiatives that the funding is going towards). https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix explains how P2P addresses the metadata problem.

(…)

permalink
report
parent
reply
2 points

Not sure why you think I don’t understand why matrix operates the way it does and I’m especially not sure why you think you know what I want. To help clear it up: I want a secure, decentralized encrypted messaging system that doesn’t let anyone but the participants access any information about their conversations, just like everyone else. What I DONT want is people misrepresenting the current landscape, as many in this thread are doing. End to end encryption of the actual text of the messages is not at all good enough, and Signal has made enormous strides in demonstrating alternative options. I’m not a fan of the usual things people don’t like about signal (phone numbers, centralized server architecture, mixed feelings on removing SMS from Android). Matrix addresses almost all of these, and does a lot of other cool things, but does so at the cost of a lot of privacy. I want people to stop acting like matrix and signal offer the same level of privacy. I get it, decentralization is good, but can we please not misrepresent the offerings of current decentralized solutions compared to current centralized ones just because we like the architecture of one more?

I’ve operated matrix servers and I’ve looked at the database to see what it knows. It knows a lot, and if a service provider was compelled to turn that over, it could be bad. We should be honest about what the server knows so people can make rational decisions.

permalink
report
parent
reply
0 points

Genuine question: where are you guys on Beeper, privacy-wise?

permalink
report
parent
reply
2 points

Curious about this as well. Since Beeper uses bridges to communicate with other networks, (Signal, Whatsapp, Facebook, etc) and it needs to decrypt the messages before sending them over these bridges it is inherently less secure than using something like signal directly.

permalink
report
parent
reply
1 point

Beeper is just matrix with a bunch of preconfigured bridges for you. I’ve deployed a few of their bridges (as they’re open source) for my own matrix server and can confirm they work perfectly.

Haven’t had whatsapp installed on my phone for over 2 years. I even support the devs via github sponsors, I’m that happy with their bridges.

If you’re not technical but want the benefits of bridging other networks into Matrix, Beeper is a great choice.

permalink
report
parent
reply

I’m not super familiar with matrix, is it end to end encrypted likesignall?

permalink
report
parent
reply
10 points
*

Yes it is. But there are also unencrypted chats/rooms

permalink
report
parent
reply

Fediverse

!fediverse@lemmy.world

Create post

A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

  • Posts must be on topic.
  • Be respectful of others.
  • Cite the sources used for graphs and other statistics.
  • Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

Community stats

  • 5.1K

    Monthly active users

  • 1.8K

    Posts

  • 62K

    Comments