@velartrill if signal isn't a complete honeypot run by spooks, it at least is "tolerated" because said spooks might be very well able to just do timing attacks etc. at the borders of their network.
remember that there were cryptographic curves weakened "by accident". that's the level of sophistication one has to think about.
why signal is tolerated, but tor isn't and node operators are constantly harassed. maybe one of them works and the other doesn't.
@TheFuzzStone@fosstodon.org
@velartrill @TheFuzzStone@fosstodon.org @bonifartius at this point I use signal because I dragged my friends there and they'll throw a fit if i try to drag them somewhere else
(tbh I'm not even sure what credible alternatives there are, telegram seems even worse)
at least the CIA/FBI is a smaller set than everyone that zuckerberg sells whatsapp data to
@velartrill @TheFuzzStone@fosstodon.org @bonifartius
thanks for the recommends, will check them out
as i say, for day to day comms, at least signal isn't known to indiscriminately sell data to corporate as a revenue stream
@velartrill just my 2 cents, i don't want a heated discussion: matrix is open source and you can host your own element and turn off integrations support. or just use a different client like fluffychat. or just build your own. server side dendrite seems to be running quite well.
there is quite valid criticism of some parts of the matrix ecosystem, but the protocol is just git on speed in the end. libolm is reviewed crypto, having well designed multi device group chat crypto is really a killer feature.
@TheFuzzStone@fosstodon.org @skells
@velartrill
iirc it was the "integrations" stuff of element and not "matrix". it is is kind of obvious that if you load stuff from another server it will be loaded from another server. i think this behavior was noted somewhere, because i disabled integrations for my element nee riot installation back then.
it also might have been the 3rd party id stuff, where it is also kind of obvious that you need a centralized registry if you want to map things like phone numbers or mail addresses to usernames. again, nobody is forced to use that and it was noted in the manuals.
it's just interesting that everyone repeats what that one "revealing" blog post by someone said. "leaked metadata" which every admin knew about because it's clearly noted in the manuals, and "OMG THEY WORKED FOR AN ISREALI COMPANY", as if this would still mean anything in this world. could as well been a US company. or german. everything is shady.
if i stopped using anything by anyone who worked with anyone shady, i could stop using computers. if i want to still use computers i can only try to rely on open source and selfhosting (and reading the manuals of the software i use).
i used the "alternatives". i tried hard with xmpp, but it was just shit for 10 years. file transfers never worked. e2ee never worked. it's a burning wreck of XEPs. if i got nobody to talk with on a protocol, it's worthless, that's what happened to xmpp for me.
like i've said, i don't force anyone to use matrix, and i'll mute this thread now. i'm really not in the mood for this discussion (as i wrote a few posts back).
@TheFuzzStone@fosstodon.org @skells
Data sent on a potential regular basis based on a common web/desktop+smartphone usage even with a self-hosted client and Homeserver: The Matrix ID of users, usually including their username. Email addresses, phone numbers of the user and their contacts. Associations of Email, phone numbers with Matrix IDs. Usage patterns of the user. IP address of the user, which can give more or less precise geographical location information. The user’s devices and system information. The other servers that users talks to. Room IDs, potentially identifying the Direct chat ones and the other user/server. With default settings, they allow unrestricted, non-obfuscated public access to the following potentially personal data/info: Matrix IDs mapped to Email addresses/phone numbers added to a user’s settings. Every file, image, video, audio that is uploaded to the Homeserver. Profile name and avatar of users. https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0
no one (well, maybe ideologically committed antisemites, but i doubt that describes the author of the essay i think you're talking about, who talks like an sjw) is saying that Amdocs is bad because it's israeli, people are saying it's untrustworthy because it is connected with the notorious israeli intelligence service, which is affiliated with numerous local spyware corporations. it would be just as concerning if Amdocs had ties to CIA, GCHQ, BND, or the Saudi royal family. i agree unreservedly that xmpp is shit, but that's a poor reason to send your data to mossad. > i'm really not in the mood for this discussion (as i wrote a few posts back). 🤷 then i'm not sure why you said anything in the first place. mischaracterizing peoples' arguments (not to mention calling them "retarded" without offering any justification) and then expecting nobody to disagree with you is kind of unreasonable, and it's uncharacteristic of you. i understand having strong reactions to certain subjects that are personal sore points, but at that point it may be better for your own sake to just keyword-mute them. nobody is attacking you for any decisions you have made in terms of what software to use, obviously understanding the tradeoffs better than anyone else will in your particular use cases; those of us who criticize matrix's security flaws and sketchy behavior are trying to warn other people away from making choices that may unknowingly cause them substantial personal harm, or at the very least making sure they have more information available for their own decision-making processes than simply the "matrix is totally secure you guys" propaganda from the corporation and its boosters.@velartrill
tl;dr: i just don't like the _way_ (which is kind of panicy) this is discussed, not that it _is_ discussed.
@TheFuzzStone@fosstodon.org @skells