@velartrill @TheFuzzStone@fosstodon.org @bonifartius at this point I use signal because I dragged my friends there and they'll throw a fit if i try to drag them somewhere else

(tbh I'm not even sure what credible alternatives there are, telegram seems even worse)

at least the CIA/FBI is a smaller set than everyone that zuckerberg sells whatsapp data to

@skells @TheFuzzStone @bonifartius > credible alternatives

what are you trying to accomplish? what is your threat model? why are your messages sensitive, who are you concerned about spying on them, what are the possible consequences if they are disclosed? what non-security-related features do you need, like file transfer or inline images? (these are rhetorical questions, obviously don't answer them)

there are various decentralized privacy-respecting messenger apps like briar, as well as protocols like IRC (kinda sorta but not really federated) or tox (decentralized, privacy-focused). they all have different properties and use various different technologies -- IRC is ephemeral and can be protected with TLS, but you need to trust the server not to log shit so it's best to run your own. tox and briar have perfect forward secrecy and use modern crypto based on keypairs, but there's no multi-device support, which makes it a pain to use (although you really shouldn't be using cell phones for sensitive comms in the first place). XMPP has various security plugins but the protocol itself is a mess and hard to get working; i don't generally recommend it to anyone. then there's matrix ofc, but i think that's just as suspect as signal, and nobody should be using it for anything sensitive.

anything that uses a single corporate-controlled server or network (zoom, facetime, until recently matrix, disord) should be completely out of the question as far as secure comms is concerned. if you can't easily host your own isolated server, assume it's compromised.

signal is pushed as a "silver bullet" one-size-fits-all solution to privacy and security, and this is just another way you can tell it's bullshit, because there is never any such thing. most people would be better off just using SMS for non-sensitive comms simply because it doesn't put themselves and their friends in extra danger by getting their names on government lists.

@velartrill @TheFuzzStone@fosstodon.org @bonifartius

thanks for the recommends, will check them out

as i say, for day to day comms, at least signal isn't known to indiscriminately sell data to corporate as a revenue stream

@skells @TheFuzzStone @bonifartius just to be clear, i'm not "recommending" ANY of those apps or protocols at all, altho i do use several of them myself at time. i'm just listing them as examples that may work better than signal for certain people in certain contexts. the same software that saves one activist or operator's life could get another killed (e.g. signal itself is probably fine if you're working with CIA-funded terrorists overseas to try and undermine the chinese government, less so if you're organizing protests of vax mandates in a blue state). you have to weigh the tradeoffs for each individual use case. infosec is nothing without opsec

@skells @TheFuzzStone @bonifartius *myself at times

@velartrill just my 2 cents, i don't want a heated discussion: matrix is open source and you can host your own element and turn off integrations support. or just use a different client like fluffychat. or just build your own. server side dendrite seems to be running quite well.
there is quite valid criticism of some parts of the matrix ecosystem, but the protocol is just git on speed in the end. libolm is reviewed crypto, having well designed multi device group chat crypto is really a killer feature.

@TheFuzzStone@fosstodon.org @skells

@bonifartius @velartrill @TheFuzzStone @skells I think having git as your messaging protocol is a mess in itself, I mean it maybe kinda ok for rooms in which privacy isn't a focus but if it is, then it is the opposite of good design.

@Xalef .. thats why the messages are stored encrypted with forward security if the room has crypto enabled.

the git part was more of an analogy, i found the distributed synced graph idea to be a quite nice change from the "stream distribution" of xmpp/irc.

@TheFuzzStone@fosstodon.org @skells @velartrill

@bonifartius @TheFuzzStone @skells @velartrill there is no room ever with encryption because it is a mess to set up. That and the fact that it works as git means the messages or the room exists and is duplicated in every server that is in, matrix in this sense and with its bridges works as the ultimate metadata collector because that is not encrypted, yet it is advertised like a privacy and security oriented message protocol which at a base level isn't.

@Xalef
public encrypted rooms aren't scaling as you would have giant cyphertext messages if you have really many people in a room.
in the default setting, encrypted rooms are invite only. messages are forwarded to the servers involved, not "everybody". additionally it's kind of braindead to use crypto without invites, you get the same security as irc with tls.
it really isn't hard to understand, but somehow people like to scream devil.
if you don't like it, don't use it. i don't force anyone.
@TheFuzzStone@fosstodon.org @skells @velartrill

@bonifartius @TheFuzzStone @skells matrix was sending vast amounts of metadata to the name-brand homeserver for years (yes, even if you "hosted your own"). and this from a project that bragged on its security. on its own, that evidence is enough to make it utterly irrational to *ever* trust matrix with anything sensitive ever again. there are plenty of tools available that don't have histories of such obvious and shocking bad behavior (and aren't involved with sketchy people), and using matrix instead of those is simply not a security-conscious decision.

sure, an unrelated team could fork matrix and try to make a trustworthy spinoff - but why bother, we already *have* better tools and that effort could go into improving them instead!

imagine a secret agent hiring a dual citizen who's been to prison for high treason twice to carry highly sensitive messages overseas -- you wouldn't do that no matter how much he swore he had changed or how many rehabilitation programs he had completed with flying colors, simply because there is no earthly reason to ever take such a risk.

@velartrill
iirc it was the "integrations" stuff of element and not "matrix". it is is kind of obvious that if you load stuff from another server it will be loaded from another server. i think this behavior was noted somewhere, because i disabled integrations for my element nee riot installation back then.

it also might have been the 3rd party id stuff, where it is also kind of obvious that you need a centralized registry if you want to map things like phone numbers or mail addresses to usernames. again, nobody is forced to use that and it was noted in the manuals.

it's just interesting that everyone repeats what that one "revealing" blog post by someone said. "leaked metadata" which every admin knew about because it's clearly noted in the manuals, and "OMG THEY WORKED FOR AN ISREALI COMPANY", as if this would still mean anything in this world. could as well been a US company. or german. everything is shady.

if i stopped using anything by anyone who worked with anyone shady, i could stop using computers. if i want to still use computers i can only try to rely on open source and selfhosting (and reading the manuals of the software i use).

i used the "alternatives". i tried hard with xmpp, but it was just shit for 10 years. file transfers never worked. e2ee never worked. it's a burning wreck of XEPs. if i got nobody to talk with on a protocol, it's worthless, that's what happened to xmpp for me.

like i've said, i don't force anyone to use matrix, and i'll mute this thread now. i'm really not in the mood for this discussion (as i wrote a few posts back).
@TheFuzzStone@fosstodon.org @skells

@bonifartius @velartrill @TheFuzzStone@fosstodon.org infosec hellthreads are custom af

@bonifartius @TheFuzzStone @skells > it is is kind of obvious that if you load stuff from another server it will be loaded from another server i'm not sure if i was unclear but the problem had nothing to do with federation. it would load things from the matrix.org server regardless of who you were talking to or what server they were on

Data sent on a potential regular basis based on a common web/desktop+smartphone usage even with a self-hosted client and Homeserver: The Matrix ID of users, usually including their username. Email addresses, phone numbers of the user and their contacts. Associations of Email, phone numbers with Matrix IDs. Usage patterns of the user. IP address of the user, which can give more or less precise geographical location information. The user’s devices and system information. The other servers that users talks to. Room IDs, potentially identifying the Direct chat ones and the other user/server. With default settings, they allow unrestricted, non-obfuscated public access to the following potentially personal data/info: Matrix IDs mapped to Email addresses/phone numbers added to a user’s settings. Every file, image, video, audio that is uploaded to the Homeserver. Profile name and avatar of users. https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0

no one (well, maybe ideologically committed antisemites, but i doubt that describes the author of the essay i think you're talking about, who talks like an sjw) is saying that Amdocs is bad because it's israeli, people are saying it's untrustworthy because it is connected with the notorious israeli intelligence service, which is affiliated with numerous local spyware corporations. it would be just as concerning if Amdocs had ties to CIA, GCHQ, BND, or the Saudi royal family. i agree unreservedly that xmpp is shit, but that's a poor reason to send your data to mossad. > i'm really not in the mood for this discussion (as i wrote a few posts back). 🤷 then i'm not sure why you said anything in the first place. mischaracterizing peoples' arguments (not to mention calling them "retarded" without offering any justification) and then expecting nobody to disagree with you is kind of unreasonable, and it's uncharacteristic of you. i understand having strong reactions to certain subjects that are personal sore points, but at that point it may be better for your own sake to just keyword-mute them. nobody is attacking you for any decisions you have made in terms of what software to use, obviously understanding the tradeoffs better than anyone else will in your particular use cases; those of us who criticize matrix's security flaws and sketchy behavior are trying to warn other people away from making choices that may unknowingly cause them substantial personal harm, or at the very least making sure they have more information available for their own decision-making processes than simply the "matrix is totally secure you guys" propaganda from the corporation and its boosters.

@velartrill
i think this is most of the stuff you referred to with some commentary from Matthew Hodgson:
https://matrix.org/~matthew/Response_to_-_Notes_on_privacy_and_data_collection_of_Matrix.pdf

seems pretty.. unspectacular. surely some fuckups, but i'd really assume that spooks would be a bit more subtle. if anything, their heavy usage of webshit is really something worthy of critique.

> then i'm not sure why you said anything in the first place. mischaracterizing peoples' arguments (not to mention calling them "retarded" without offering any justification) and then expecting nobody to disagree with you is kind of unreasonable, and it's uncharacteristic of you. i understand having strong reactions to certain subjects that are personal sore points, but at that point it may be better for your own sake to just keyword-mute them. nobody is attacking you for any decisions you have made in terms of what software to use, obviously understanding the tradeoffs better than anyone else will in your particular use cases; those of us who criticize matrix's security flaws and sketchy behavior are trying to warn other people away from making choices that may unknowingly cause them substantial personal harm, or at the very least making sure they have more information available for their own decision-making processes than simply the "matrix is totally secure you guys" propaganda from the corporation and its boosters.

i called the blog post i have seen some time ago "retarded", because it was full of technical misunderstandings/wrong simplifications. if anyone thought i called him directly a retard, it wasn't my intention.

the point with the reported issues is: if one wants to declare something absolutely b0rken, it's a requirement that said person _understands_ the technology. the stuff above is more or less a critique of the default configuration. if it would be voiced like this, it'd be _perfectly_ fine by me (remember that i have disabled integrations stuff from the config manually). the devs of matrix have chosen the "out of the box" approach, which isn't optimal. another point is that i've seen no sketchy behavior, i follow the matrix development for a few years now. if there was an issue it got communicated timely and quite well, imho. i know other messenging projects who are much more shitty with this stuff.
i can follow the line of thought that said default configuration of things isn't good if you say something is "totally secure" (whatever that might be ;). i also require people who set up servers to use their brain and review the configuration for anything with unintended effects. that's just due diligence if you want to setup something secure.
i'm a bit tired of the "matrix is spyware" meme where the same points get iterated over and over again when the alternatives (with roughly the same set of functionality) are centralized and closed source. concerning the (old, if one can believe wikipedia) amdocs connection, i've already argued it's hard to use any computer where no shady company was involved (intel management engine etc.).
i at least haven't seen suspicious activity on my server.

@TheFuzzStone@fosstodon.org @skells

@velartrill
tl;dr: i just don't like the _way_ (which is kind of panicy) this is discussed, not that it _is_ discussed.
@TheFuzzStone@fosstodon.org @skells