this post was submitted on 21 Jul 2023
14 points (71.9% liked)

Fediverse

28553 readers
766 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
 

Anyone else wondering?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

I don't think you understand why current servers operate the way they do.

Matrix server implementations function on the idea that your data lives in the server, so of course it needs that information (who is here, who is talking to whom) - or else, as an example, if you lost your devices you wouldn't be able to recover your info (like on Signal).

I don't want Signal's Peer-to-Peer solution. I own my server, so I'm okay with keeping my own metadata. I want my communications with others to be encrypted, but recoverable if I lose access to my devices.

I think what you want is a Peer to Peer encrypted solution, which Matrix is working on, but isn't available yet.

Follow this site for info on Matrix's progress in that space: https://arewep2pyet.com/ What you're looking for is info on Pinecone.

TLDR: poop wants a peer-to-peer encrypted network, Matrix is not that (yet).


Further reading:

Matrix's architecture today means that the servers can see who their users are talking to, and when - but not what (assuming it's end-to-end encrypted). Just like a PGP mail service like Protonmail. Because Matrix stores conversation history on the server (unlike Signal) so you can get at it when from multiple logins, you end up with that metadata stored on the server.

We're fixing this by working on P2P Matrix (as per the blog post - it's one of the main initiatives that the funding is going towards). https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix explains how P2P addresses the metadata problem.

(...)

[–] [email protected] 2 points 1 year ago (1 children)

Not sure why you think I don’t understand why matrix operates the way it does and I’m especially not sure why you think you know what I want. To help clear it up: I want a secure, decentralized encrypted messaging system that doesn’t let anyone but the participants access any information about their conversations, just like everyone else. What I DONT want is people misrepresenting the current landscape, as many in this thread are doing. End to end encryption of the actual text of the messages is not at all good enough, and Signal has made enormous strides in demonstrating alternative options. I’m not a fan of the usual things people don’t like about signal (phone numbers, centralized server architecture, mixed feelings on removing SMS from Android). Matrix addresses almost all of these, and does a lot of other cool things, but does so at the cost of a lot of privacy. I want people to stop acting like matrix and signal offer the same level of privacy. I get it, decentralization is good, but can we please not misrepresent the offerings of current decentralized solutions compared to current centralized ones just because we like the architecture of one more?

I’ve operated matrix servers and I’ve looked at the database to see what it knows. It knows a lot, and if a service provider was compelled to turn that over, it could be bad. We should be honest about what the server knows so people can make rational decisions.

[–] [email protected] 1 points 1 year ago

I understand that end to end encryption of messages alone is not good enough... For you.

The current landscape is very exciting, and I see matrix taking the correct steps in the correct direction. I don't see that with Signal.

Signal's core design isn't great for me, bordering unusable. It's peer to peer - I want the security of a server (my server) managing my shit.

As an aside: If I have one more person message me asking what happened to their signal messages, after reading a post from someone online and switching to signal for a while, I'm going to lose it. It's a platform the prefers security over usability.

On matrix I get a new device, log in, authenticate the new session from my old one, and watch as my content comes back. That's it right there. That's the magic I want.

What I don't want is "got a new device, don't have recovery keys? Fuck you."

Your desire of a secure, decentralized encrypted messaging system is shared by me, I'm just not going to trash a system that does the majority of what I want over minor concerns regarding metadata.

And the alternatives you're touting apply to you, a person whose needs are different from mine. They are unusable to me.

I hope my tone wasn't too incendiary, I'm trying to make the point that our needs are different, not that either of us is invalid.

Honestly I feel like XMPP handles the majority of what you want, why not just use that?