Is using an Matrix account from matrix.org private and secure enough to talk with my family members and people in general?
-
[email protected]replied to [email protected] last edited by
I am really concerned about the dominance of the central instance on Matrix. It has visibility into pretty much every groupchat - if not in content because of encryption, then in all the metadata. I'd rather use another public homeserver.
-
[email protected]replied to [email protected] last edited by
You can also set up MollySockets for notifications via unified push!
-
[email protected]replied to [email protected] last edited by
It uses phone numbers and is centralized. I personally dont use it cus of those reasons. Also wouldnt switch cus my folk already use matrix so im nt making a bunch of people get another app lol
-
[email protected]replied to [email protected] last edited by
you don't need to use matrix.org. there are several open homeservers, like chat.mozilla.org, but also there are people who host services for others to use. you may have a look at current lemmy hosts, and their other services if they have them.
-
[email protected]replied to [email protected] last edited by
Signal is most likely a fed honeypot.
They are super shady, blocked some important security researchers that found a vulnerability from them on all platforms, and they offer no explanation on why using a phone number is MANDATORY for signup.
No reason to trust signal IMO.
-
[email protected]replied to [email protected] last edited by
Matrix is great, you can use another instance though.
-
[email protected]replied to [email protected] last edited by
In signal, You can turn off phone number visibility and make it so that you are only searchable by username or qr code. Yes, it's centralized, but signal is a nonprofit project with generally good guiding ideals. I use matrix for some things and signal for everything else.
-
[email protected]replied to [email protected] last edited by
FUD is FUD
-
[email protected]replied to [email protected] last edited by
When signal publishes their client source, you'll need to explain how E2EE on open source clients can be a honeypot
-
[email protected]replied to [email protected] last edited by
Basically Matrix is to Xmpp, what Bluesky is to ActivityPub. Which all the various issues both technically and related to VC and crypto-currency funding.
In addition Matrix uses a federation model that is extremely inefficient, making it hard to run your own server once you have a few users that join larger rooms. And as a side effect of this inefficient federation model that replicates the database onto all participating servers, it tends to centralize all the metadata on the servers (run on AWS under UK jurisdiction) hosted by the for-profit company that is behind Matrix.
And last but not least they rugpulled everyone very recently and made the only fully functional server implementation open-core to upsell larger servers to their proprietary hosted offering.
-
[email protected]replied to [email protected] last edited by
Interesting, and I didn't know matrix itself into that much short (though they always had a lifeless corpo feeling..)
I've always wanted to create an account but never was able to figure out how (for my chosen servers at least) but know i want to try again. thanks for the info
-
[email protected]replied to [email protected] last edited by
Why is it in your opinion better?
It's an open protocol, unlike 99% of chat protocols. It's self-hostable and federated.
It's IRC's successor and been around a long time, first popularized by Jabber. Snikket made it even easier to use.
It was also EEEed by Meta and Google to lure users at a given point. -
[email protected]replied to [email protected] last edited by
Suggestion accepted, looks nice.
-
[email protected]replied to [email protected] last edited by
Right, but how does that make it better than matrix? it is also an open protocol, and most spaces that i use are on matrix anyway.
attempted to be EEEed is a good sign i guess, since it implies it's a threat to meta and google though.
-
[email protected]replied to [email protected] last edited by
They succeded in a way, XMPP lost a lot of users back then in the era when communications where migrating from group-focussed IRC to individual-focused Whatsapp (or their respective walled-gardened messengers).
Better than matrix in the ways [email protected] listed above. -
[email protected]replied to [email protected] last edited by
Sounds good, thanks for the info
-
[email protected]replied to [email protected] last edited by
If it's low privacy needs (ie you don't have a state threat model), Signal is completely fine. I use it to talk to my friends. I also use Matrix, though federated Matrix isn't the best for privacy either due to the amount of metadata that leaks through federation. But federated Matrix is also fine for the kinds of things you would use eg Discord or IRC for.
If you do have a state threat model, I personally think SimpleX is ideal for that, but it doesn't have as much of a userbase so you probably need people who care enough (eg people actively under threat) to switch to a new platform. Whereas most people I know are already on either Signal or Matrix, and I'm not having particularly sensitive conversations with them either so both work fine.
-
[email protected]replied to [email protected] last edited by
That isn't what that document says. It says that they can impersonate you in non-E2EE scenarios. The clients I use warn me when a message isn't properly encrypted so someone without E2EE keys can't impersonate someone in an E2EE room.
That being said the general concept is a problem. I would love to see progress where all events from a user are signed by a device key and non-forgable. There is some thinking about this with portable identities (such as MSC2787) where you server is basically just storing and forwarding events but the root of trust is your identity and keys that you control. But none of this will land soon, not for many years.
-
[email protected]replied to [email protected] last edited by
Servers are always going to be owned by someone. But the data is encrypted with keys not available to the server. Signal isn't perfect, and I don't like some stuff they do, but it's the best design out there that is also relatively user friendly and doesn't have holes that are easy to exploit by the server owner.
-
[email protected]replied to [email protected] last edited by
Matrix isn't more secure/private than Signal. Both have advantages and disadvantages. Signal has a centralized server, but has no access to the keys to decrypt any of the data flowing through them. Matrix chat rooms live on servers that would theoretically be able to access the data in the rooms, so you need to trust the server owners. Advantage is that multiple servers are involved so no one sever can kill your chat room. With Signal, the disadvantage is if you join a chat room, you can't see any past messages because those are encrypted with keys you don't have access to. Similarly if you move to a new device, that device won't have any of your past conversations because the new device doesn't have the keys for those messages. (though migration is now somewhat possible but done poorly IMHO).
So, they address different concerns. Is your concern keeping your conversations private, or keeping your conversations from being censored? Signal is more secure and private, but more centralized and easier or to fail. Matrix can be secure if you host your own server or explicitly trust the owners of all servers that house your chatrooms to keep them secure and to not sell their servers in the future. Matrix is more distributed, so more difficult to be censored or have your data lost by a single point of failure.
Is it "secure enough" depends on what your concerns are. If you host your own, then it's as secure as you are technically able to keep them secure yourself. Otherwise it depends on the server owner.
