Replying to Avatar nout

Does matrix privacy actually compare to Signal? From what I remember there was a lot of metadata leak in matrix...
85
web2-enjoyer 2y ago

Yeah it’d be terrible until P2P Matrix is done https://arewep2pyet.com/

Reply to this note

Please Login to reply.

Discussion

Avatar
Nuh 2y ago

Almost all of the metadata leak is in the centralized identity server, I am proposing using no identity server at all and relying on public keys ans local contact lists.

Also, there is no alternative, Signal is not an open protocol or a federated network that you can integrate in Nostr clients, it is either Matrix or reinvent your own.

85
web2-enjoyer 2y ago

The current metadata leaks in Matrix are due to an architecture that makes every participants’ homeserver store events that reveal chat participants.

Avatar
Nuh 2y ago

If you are concerned about metadata, run your own server, p2p won't help you here because simply put: you still need a hosted highly available homeserver, otherwise the UX and reliability will be unacceptable to most people.

Anyways, this is overstated and exaggerated a lot, people leak metadata to their ISP and their favorite cafe's wifi router all the time.

If anything that can be done it will be added to Matrix, in the meantime, it is the best there is.

85
web2-enjoyer 2y ago

All the chat participants should also have their own homeservers, which would be P2P.

Regarding UX, I believe onion-routed store-and-forward is in the works.

Avatar
Nuh 2y ago

I am all for client side embedded servers/nodes, but you didn't solve much if you still need a store and forward server.

The only difference here is then, users will be custodial of the signing keys instead of the server offering availability. Is that a good thing? Depends, it comes with its pains.

Regardless, metada will still leak, that's the nature of relaying data in a performant way, as in non-onion-routing

Avatar
Nuh 2y ago

Don't get me wrong, all of that effort and work is great, it's by no means a must have and telling people that Matrix has unacceptable privacy issues, while they are using Telelgram and Twitter DM, is a bit unwise.

85
web2-enjoyer 2y ago

Oh definitely. I intended to contrast it with Signal.

85
web2-enjoyer 2y ago

IM metadata hasn’t been leaked to network operators ever since the wide adoption of HTTPS.

Avatar
Nuh 2y ago

Sir routers can see what IPs you are visiting, regardless of Https, so unless you are using Tor you are leaking metadata, even a VPN is just changing who you are leaking to.

85
web2-enjoyer 2y ago

Sorry, I should’ve phrased that differently…

Thanks to HTTPS, metadata leaks don’t happen with:

- centralized IM

- onion routed IM

Avatar
Nuh 2y ago

If you make VoIP chat using webrtc you are leaking your IP to your contact, even in Signal, hell, you are leaking your IP to signal server all the time, it is all tradeoffs.

There is no such thing as perfect privacy.