• 93 Posts
  • 966 Comments
Joined 1 year ago
cake
Cake day: February 10th, 2024

help-circle

  • mox@lemmy.sdf.orgtoPrivacy@lemmy.mlOpinion on the Matrix protocol
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    edit-2
    16 hours ago

    Matrix literally syncs the entire data/metadata history to all other servers where someone pops in

    How else would you expect a decentralized and persistent chat room to work? If that stuff wasn’t synced among the servers that were invited to participate in a room, then it wouldn’t be decentralized; one server going down would kill the room (or at least lose data).

    The only way I can think of is not to use servers at all, but go fully peer-to-peer. Matrix has done some proof-of-concept work toward this, but I’m not aware of any service that does it successfully while being practical for most people, yet.

    chat is meant to have an ephemeral aspect to it.

    There are use cases where that makes sense, but for general use? No thanks. When I lose my account password or my phone breaks, I want to be able to sign in on another device and still have my message history.

    It sucks so much RAM, so much storage,

    Synapse is indeed a heavy server implementation. Several lighter ones are in development, some of which people are using already.


  • encryption regularly breaks in weird ways, usually you see a message that you can’t read

    This was once common, but it’s somewhat rare now in my experience, and the upcoming Matrix 2.0 apparently addresses most (all?) of the remaining causes.

    if you enable encryption in a chat room you cannot disable it

    I consider this a good thing, for the sake of the people who joined or wrote in the chat with the understanding that what they write is and will remain encrypted. If you want to abandon encryption, you can always create a new room.

    we now have two official clients for Android (Element and Element X) in the first one encryption breaks in weird ways, in the later there is no way to use Spaces properly

    No, there is one officially released client for android: Element. Element X is in beta. When it leaves beta, it will take over as the one officially released client.

    direct messages between people don’t work well - it is like they are a room with the two people

    It works well for me. How is it a problem for you? It looks just like the person-to-person chats on other platforms I use, including SMS.

    privacy wise matrix is weak,

    Privacy of message content is not weak at all.

    leaks metadata,

    It’s true that some metadata can be read by admins of the servers that have been invited into a chat. Given all the features that Matrix uniquely offers, that’s an acceptable tradeoff for many of us. Also, the developers have stated that moving most of that metadata to the encrypted channel is planned.

    attachments are not encrypted, etc.

    This is just plain false.

    https://spec.matrix.org/latest/client-server-api/#sending-encrypted-attachments


  • Matrix is good for private general messaging. The fact that it’s decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.

    Two things to be aware of:

    • Some non-message bits (e.g. room topic text and membership) have not yet been moved to the encrypted channel, so those could be read by the administrator of a homeserver that participates in your chat room. Since most people care primarily about keeping the message content private, this is an acceptable trade-off to get all the things that Matrix offers.
    • The upcoming Matrix 2.0 features and design choices simplify the UI and fix some occasional errors. It might be worth waiting until this stuff officially lands in the client apps before bringing your contacts to Matrix, for a better experience all around.



  • Indeed. Tucked away in a corner of their web site, where it isn’t easy to find unless someone else guides you to it, below a large bold warning that discourages people from actually using it:

    Danger zone

    Advanced users with special needs can download the Signal APK directly. Most users should not do this under normal circumstances.

    This ensures that nearly nobody uses that build. Consequently, almost all chats on Signal will have an app store build running on at least one endpoint.


  • It’s not false.

    Signal’s default, well-supported installations use Google services, so unless you’re an extremely atypical user, those services are present on most of your contacts’ devices. You might have the knowledge, skill, and motivation to remove those services from your own device, but since they’re still present at the other end of most chats, you haven’t escaped them.

    Let’s also remember that E2EE doesn’t protect the endpionts, and that Google Play Services run with system-level privileges.



  • It’s been recently added to FDroid.

    No, it has not. A third party published it in an f-droid compatible repository. That might be convenient for someone who happens to trust that third party and manually add it to their F-Droid client, but it is not at all like it being added it to F-Droid.

    You can use NTFY with Molly (which has been on FDroid for some time).

    This does not refute what I wrote. Unless you only communicate with people who get their Signal app from some non-Google source and they all rig up alternative push notification channels, or every one of them uses Signal exclusively on iOS, your conversations are still tied to Google. Perhaps you have so few contacts that you could achieve that, but most people are not in that position.

    network-level metadata monitoring by anyone with sufficient access/influence at Signal or their data center provider (such as a government who doesn’t like encrypted messaging).

    This one is just a straight-up lie. Everything on the server is encrypted and no one has the keys except the participants.

    Encryption doesn’t hide network traffic. Signal’s centralised design means there is a single point where that traffic can be monitored and traced to reveal which endpoints are talking to each other, and where, and when.

    What I wrote is not a lie, which you would know if you actually understood these issues. Please stop making baseless accusations. You are wrong, and you are being very rude.

    If you’re interested in correcting your ignorance, I suggest starting with this paper, which touches on some of the issues:

    https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/

    If the paper is too much for you, the linked video does a pretty good job of explaining.


  • Thankfully, it’s not that simple.

    A centralised service is an easy target for a government. (This is where Signal stands.) A decentralised one is significantly harder, because the government would have to be constantly discovering and processing every node in the network as new ones appear. (This is where Matrix stands, although it doesn’t have many public servers yet.) Fully peer-to-peer decentralisation makes it harder still, because there are as many nodes as there are users, with network addresses that often change. (Some of these exist today, but are mostly experimental with few users. Matrix has done some proof-of-concept work in this area as well.)

    On top of decentralisation, tunnels like VPN and Tor can be helpful in avoiding ISP-imposed blocks.




  • Signal is easier to use, more private, and faster.

    Unfortunately, it is also effectively tied to Google services due its app distribution and push notification channels on Android (which most people on Signal use), and as a centralised service, it is vulnerable to shutdown or network-level metadata monitoring by anyone with sufficient access/influence at Signal or their data center provider (such as a government who doesn’t like encrypted messaging).

    (Edit: rephrased for clarity)


  • Matrix is good for private general messaging. The fact that it’s decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.

    Two things to be aware of:

    • Some non-message bits (e.g. room topic text and membership) have not yet been moved to the encrypted channel, so those could be read by the administrator of a homeserver that participates in your chat room. Since most people care primarily about keeping the message content private, this is an acceptable trade-off to get all the things that Matrix offers.
    • The upcoming Matrix 2.0 features and design choices simplify the UI and fix some occasional errors. It might be worth waiting until this stuff officially lands in the client apps before bringing your contacts to Matrix, for a better experience all around.