Is using an Matrix account from matrix.org private and secure enough to talk with my family members and people in general?
-
[email protected]replied to [email protected] last edited by
Matrix/Element is pretty private, but not wide spreaded. For the use with friends and Family is more realisticto use Signal or any other decentralized Chat.
-
[email protected]replied to [email protected] last edited by
Matrix.org is centralized like Signal (you can say Matrix is not centralized on paper, but in practice this isn’t remotely true). Both are stockpiling metadata in the West… what’s worse is Matrix’s eventual consistency model means syncing metadata to all servers is a by-design requirement (& also why all servers & clients are slow). There are options like Snikket to take all the hard parts of self-hosting out of the equation, but finding someone you can trust to host a server might be worthwhile. I would be wary of anything centralized.
-
[email protected]replied to [email protected] last edited by
Matrix is centralized too in practice … & syncs even more metadata than Signal so I wouldn’t call that an upgrade—especially when you see how slow the clients & servers are.
-
[email protected]replied to [email protected] last edited by
It’s worth following the project but it’s a bit too new & the funding aspect leads me to question how it will work in the long run (& being written in Haskell is neat, but boy does it have a lot of churn & maintenance issues in its ecosystem).
-
[email protected]replied to [email protected] last edited by
OMEMO is a mixed bag. Some clients are still preferring older versions that aren’t the best for security & almost every client does a bad job explaining that new keys are being used need to be verified… Gajim only recently gave a decent in-client pop-up for it, but it’s doesn’t work all the time. That said, this is basically the same issue Matrix has in the space. Both are based on
libsignalif not outright using it, except Signal gets a point of privilege in basically having just one client …one that must be on Android/iOS according to their statements… so they can do a ‘better’ job managing who, what, & how many keys are being used. Many XMPP clients will recommend blind trust by default just because it can be a real hassle to deal with multiple clients & users coming back to less-often-used devices. There have been proposals to fix it, but I haven’t seen anything really take off (meanwhile considering just using the PGP encryption option as less flaky). -
[email protected]replied to [email protected] last edited by
You’re always here to talk to sense into the folks
-
[email protected]replied to [email protected] last edited by
It is not. We are on a privacy sub on lemmy, services that require mandatory phone number are far away from been fine to use.
-
[email protected]replied to [email protected] last edited by
AFAIK, chat.mozilla.org was set up on modular.im, now element.io, which if it still using the same host, is owned by Matrix.org. So even using a different host means Matrix.org might still have your metadata.
-
[email protected]replied to [email protected] last edited by
Matrix is centralized too in practice
There are plenty of different available homeservers and you can host yours.
-
[email protected]replied to [email protected] last edited by
It takes 2 to tango. It’s like trying to send an email from a self-hosted email server without following all of Google’s rules/guidelines… which means you won’t be able to send a message to most (sadly). Most folks are either on Matrix.org or a server they host in practice… you alone self-hosting will only help if you only communicate to folks also doing similar… to which if just one user from Matrix.org (or a server they host) joins your chatroom, then literally everything that is being & has been said in that room will now be synced to Matrix.org by its protocol design. With the expense it takes to self-host Matrix for a community, almost all medium-sized communities had to drop it on RAM & storage costs alone which caused most of those users to move to Matrix.org. You can run a single-user host with some efficiency, but most users are not technical enough for this. The only option to use Matrix & keep costs down is to unfederate… at least with Matrix.org (& servers they host), but that now defeats a huge part of the argument those saying Matrix is federated/decentralized.
The accessibility to small–medium-sized communities matters if you want a healthy federated/decentralized network …but luckily there are alternatives.
-
[email protected]replied to [email protected] last edited by
It takes 2 to tango. It’s like trying to send an email from a self-hosted email server without following all of Google’s rules/guidelines…
Don't say bullshit, a chat is not mails, matrix federation works similarly to lemmy
-
[email protected]replied to [email protected] last edited by
Yeah, I agree it has some issues. Personally was fine verifying keys tho - either in-person or wherever I met them (usually IRC).
And yeah, the insistence on mobile in Signal bugs me a lot - a desktop is A LOT easier to make private (Linux runs on damn everything) while most phones won't allow making them not spy due to locked bootloader.
-
[email protected]replied to [email protected] last edited by
DeltaChat literally turns email into something more akin to chat mostly by just changing the UX. Matrix is less like chat tho & more like editing a document & syncing changes with someone but this is besides the point…
Lemmy would have the exact same issue if 90% of users were on Lemmy.ml or servers they hosted, but it is fairly distributed & not as heavy to run (nor does it have some startup mentality behind it trying to ‘disrupt’ chat by inventing new words like “bridges” instead of “gateways” & so on to put off casual users from the scent that chat has a well-worn path development for decentralization since the ’80s)
-
[email protected]replied to [email protected] last edited by
I am just thankful so far that Signal has let WhisperFish exist as an alternative—even if it goes against what they say—which gives me an alternative to the Android/iOS duopoly.
-
[email protected]replied to [email protected] last edited by
Can you please provide any data where Signal has been compromised? I'm not saying that the possibility doesn't exist, but I've certainly never seen one single instance where Signal was compromised, so please do share.
-
[email protected]replied to [email protected] last edited by
What are the biggest threats in telegram? Corporations, widespread scams or individual ppl closer to me?
-
[email protected]replied to [email protected] last edited by
telegram has a lot of illegal stuff on it. Plus the ceo has been caught and this way, the whole thing was compromised
-
[email protected]replied to [email protected] last edited by
The open source client doesn't mean jack shit dude.
Telegram also has open source client.
Your data lives on their servers not clients and also, even if the server code is open source, there are many ways for a backdoor and violations of privacy in the infrastructure. When you give up your phone number, there is no privacy. -
[email protected]replied to [email protected] last edited by
Go ahead and send me your phone number. If you don't want to do it please provide data that i'm compromised.
-
[email protected]replied to [email protected] last edited by
Okey, but I mean what are the threats to my privacy if I use telegram?
