Privacy

34127 readers

700 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Opinion on the Matrix protocol (lemmy.ml)

submitted 1 week ago by foremanguy92_@lemmy.ml to c/privacy@lemmy.ml

41 comments fedilink hide all child comments

Is matrix good to use, seen a lot of drama around it. For example hackliberty.org left it because of lacking of security and moderation, do you still recommended it?

you are viewing a single comment's thread
view the rest of the comments

[–] toastal@lemmy.ml 26 points 1 week ago (10 children)

Matrix literally syncs the entire data/metadata history to all other servers where someone pops in; chat is meant to have an ephemeral aspect to it. The whole network is de facto centralized on Matrix.org or the servers they host for others which means one org has access to almost everything—like the issue with Signal.

What’s scary to me is how expensive it is to run this eventual consistency model, which should not be a protocol requirement for this style of communication. It sucks so much RAM, so much storage, so wasteful—which causes medium-sized servers to shutdown on maintenance costs alone which causes more users to leave for the Matrix.org. These are not the characteristics of a revolutionary protocol—revolutionary is users & collectives to reasonably be self-hosting this stuff for their privacy & autonomy.

[–] eru@mouse.chitanda.moe 5 points 1 week ago* (last edited 1 week ago) (4 children)

tbf there is not really a good solution to the 'ephemeral aspect' problem

the only way to truly not sync metadata to or btwn servers at all is to use a p2p model, in which you cant send anything if one of the parties is offline

simplex might be a bit better in this regard, but still relies on servers for syncing. at least it doesnt extensively replicate metadata like matrix does though

so it depends on your threat model whether this is a compromise or not

[–] drwho@beehaw.org 2 points 1 week ago (1 children)

Sure there is: Don't store everything in a database.

[–] eru@mouse.chitanda.moe 3 points 1 week ago* (last edited 1 week ago) (1 children)

what alternative do you propose for saving messages when the recipient is offline?

[–] poVoq@slrpnk.net 8 points 1 week ago* (last edited 1 week ago) (1 children)

This is not either or. You can store things only until the recipient comes online and then delete it (but Matrix specifically doesn't do this and conceptually can't due to its design).

[–] eru@mouse.chitanda.moe 3 points 1 week ago* (last edited 1 week ago)

sure that is how pop3 does it

but metadata is still replicated to the server, so this does not solve the metadata replication issue

even if you dont explicitly store metadata or encrypt it in some way, the server still necessarily knows stuff like timestamps of when the messages are sent for example.

sure, you can delete it later, but you also have to trust the server to actually do that, and there is no way to guarantee this in any protocol

load more comments (2 replies)

load more comments (7 replies)