this post was submitted on 24 Jul 2023
127 points (97.0% liked)

Privacy

32156 readers
957 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I'm not sure if it is entirely accurate to compare them in this way, as "Matrix" refers to simply the protocol, whereas "Signal" could refer to the applications, server, and protocol. That being said, is there any fundamental difference in how the Matrix ecosystem of federated servers, and independently developed applications compares to that of Signal that would make it less secure, overall, to use?

The most obvious security vulnerability that I can think of is that the person you are communicating with (or, conceivably, oneself, as well) is using an insecure/compromised application that may be leaking information. I would assume that the underlying encryption of the data is rather trustworthy, and the added censorship resistance of federating the servers is a big plus. However, I do wonder if there are any issues with extra metadata generation, or usage tracking that could be seen as an opsec vulnerability for an individual. Signal, somewhat famously, when subpoenaed to hand over data, can only hand over the date that the account was created, and the last time it was used. What would happen if the authorities go after a Matrix user? What information about that user would they be able to gather?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 53 points 1 year ago* (last edited 1 year ago) (2 children)

Key points off the top of my head:

  • Both Signal and Matrix have solid cryptography. (In fact, the Matrix Megolm protocol is built upon Signal's Olm protocol.)
  • Signal's client is open-source, but not its server. Matrix clients and servers are open-source. (Note that open server code is less important than open client code when end-to-end encryption is used.)
  • Both have had security audits, and presumably will have more in the future.
  • Both have cross-platform support. Matrix has a greater variety of clients, and last time I checked, the desktop clients were better than Signal's.
  • Signal prides itself on minimizing metadata exposure. Matrix started later, and hasn't yet moved all metadata (e.g. reactions, group membership?) to an encrypted channel. (Note that metadata protection can't ever be complete for either one of them, because an attacker that can gain access to the servers could just as well gain access to the routers, and correlate packets at the network level.)
  • Signal is a centralized service (hosted by Amazon last time I checked), meaning all traffic flows through one place and can be shut down or monitored there. Matrix is federated, much like Lemmy.
  • Signal does not offer self-hosting. Matrix does. (One might do this to be sure they always have a copy of their past messages, or to be independent of public server outages, or to be the sole keeper of data and metadata in conversations between local users.)
  • Signal requires a phone number, which makes having an anonymous account challenging for many people. Matrix doesn't require anything, but some Matrix servers require an email address for account recovery purposes.
  • Signal apparently integrates cryptocurrency payments. Matrix does not.

The most obvious security vulnerability that I can think of is that the person you are communicating with (or, conceivably, oneself, as well) is using an insecure/compromised application that may be leaking information.

Indeed, end-to-end encryption is unable to protect the endpoints. That's true of both messengers.

Since you brought it up, note that smartphones generally run system-level software that is controlled by the OS maker, meaning that Google or Apple have the ability to monitor those endpoints. Signal's approach to addressing this is to offer a Google-free build of their app, if you can find it, buried on their web site and with a scary-looking warning against using it. Matrix publishes their apps on F-Droid, so there's an easy Google-free option. Of course, most of the people using either messenger will have downloaded from the big app stores, so even if your phone and app are Google-free, it's likely that most of your contacts' phones are not. I believe Matrix has an advantage here, simply because their Google-free builds are easier to find and keep updated, and are therefore probably in use by more people.

[–] [email protected] 17 points 1 year ago

Until now, Matrix federation isn’t great in practice, because most accounts are on the main server Matrix.org. This may (and hopefully will) change in the next years.

[–] [email protected] 14 points 1 year ago* (last edited 1 year ago) (2 children)

In general I agree, but with one caveat: Matrix has two e2e encryption algorithms: OLM and MegOLM. OLM is indeed comparable to Signal's however it isn't used by default. MegOLM on the other hand is a severely watered down version that offers much weaker protection compared to Signal's algorithm (or OMEMO used by XMPP). It's a trade-off Matrix did to make some things more user-friendly at the expense of message security.

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago) (1 children)

In what way is it watered down and what are the benefits?

[–] [email protected] 6 points 1 year ago (1 children)

Two ways mainly: the private key is no longer device specific but rather account specific and the ratchet required for perfect forward secrecy is not forwarded on every message AFAIK.

The benefits are better scalability in larger group chats and generally less key exchange hassles. But this comes at a significant downgrade in security.

Basically MegOLM is only slightly better than OpenPGP / OTR or similar older generation e2ee systems.

[–] [email protected] 6 points 1 year ago (2 children)

Not to downplay the security of OLM, but if MegOLM is as cryptographically sound as OpenPGP, then that's already very secure.

As long as my private key is safe, it would be computationally impossible for anyone to decrypt messages intended for me.

[–] [email protected] 4 points 1 year ago

Yes, the problem with MegOLM however is that the private key is automatically exchanged between devices using the same account. I think 2-3 years ago there was an exploit allowing malicious home-server admins to add additional devices under their control and thus listen in on what appeared to be e2ee conversations to the user. This specific exploit was fixed, but the principal problems of potentially insecure exchange of private keys remains in MegOLM to this day.

[–] [email protected] 1 points 1 year ago

OpenPGP is not very secure, by modern standards.

[–] [email protected] 1 points 1 year ago

Olm is used to secure sending keys to sessions while megolm is used to encrypt messages in rooms

[–] teolan 27 points 1 year ago* (last edited 1 year ago) (3 children)

Signal goes very far to protect even the tiniest bits of metadata.

For example see sealed sender, private contact discovery and group v2.

On the other hand, matrix stores your profile info, group membership, and ongoing conversation metadata in plaintext, some of them replicated across homeservers. In addition to metadata that matrix doesn't encrypt, they also do not encrypt some actual data like emoji reactions.

Edit: clarified that conversations are not in plaintext. My wording what confusing as hell sorry.

[–] [email protected] 8 points 1 year ago (1 children)

Matrix doesn't store your ongoing conversation in plaintext. It's encrypted by default.

[–] teolan 7 points 1 year ago

What I meant by that is not the actual message content, but who you're talking to and when is stored on the home server.

[–] Kalcifer 4 points 1 year ago* (last edited 1 year ago) (1 children)
  1. Would you be able to ellaborate on the following

matrix stores your profile info

group membership

ongoing conversation in plaintext

As I am not exactly sure what you are referring to.

  1. In addition to metadata that matrix doesn’t encrypt

I'm assuming that this statement is referring to what was said here:

On the other hand, matrix stores your profile info, group membership, and ongoing conversation in plaintext, some of them replicated across homeservers

[–] teolan 3 points 1 year ago

ongoing conversation in plaintext

This one is incorrect, wording was confusing as hell.

matrix stores your profile info

Profile picture and usernames are public, no way to make them private in anyway.

group membership

Your home server and the home servers of every other member of the group can tell exactly who is part of the group

ongoing conversation in plaintext

I actually meant who and when you send message to and receive messages from.

[–] [email protected] 4 points 1 year ago (1 children)

your profile info,

Matrix doesn't have profiles. It has usernames, and it has avatars if you choose to upload one.

group membership

I believe this was true when I last checked. They plan to fix it.

and ongoing conversation in plaintext

That's just plain false. Please stop spreading misinformation.

[–] teolan 4 points 1 year ago

Matrix doesn’t have profiles. It has usernames, and it has avatars if you choose to upload one.

That's what I call a "profile".

I believe this was true when I last checked. They plan to fix it.

Call me when it's fixed.

That’s just plain false. Please stop spreading misinformation.

Yeah my wording was incorrect, see edit.

[–] [email protected] 14 points 1 year ago (1 children)

Matrix is less secure than Signal. While Signal and Matrix use the same encryption, Matrix doesn't encrypt everything. This includes: message sender, message timestamps, reactions, members, read receipts, etc. All of this data can be accessed by the homeserver admin. On Matrix, you should assume that only the message content itself (text and attachments) is encrypted. Your account data is also not protected, you have to trust your homeserver admin. Signal is designed not to trust the server. It's important to consider your threat model. Matrix doesn't require a phone number, which makes it better for anonymity, but Signal has better security.

This is a good explanation of Matrix's metadata leaks: https://web.archive.org/web/20210618055112/http://serpentsec.1337.cx/matrix

[–] Kalcifer 2 points 1 year ago (1 children)

Your account data is also not protected

Do you just mean that your messages, for example, are stored on the server, and can thus be deleted by the server admin? Would you mind elaborating?

[–] [email protected] 1 points 1 year ago

Account data means your profile picture, display name, rooms, contacts. Signal never reveals this to the server, unlike Matrix where this is visible to the server admin.

[–] [email protected] 13 points 1 year ago (1 children)

Matrix can't be forced to put backdoors into their software because they are not s company. Signal can.

[–] fkn 10 points 1 year ago (1 children)

Individual servers absolutely can be forced.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Not if they're outside the country's jurisdiction. The point is that a company that has a business entity in the UK is required to follow UK laws. This is why signal is shutting down in the UK.

A disorganisation run by volunteers in Japan can ignore the UK's silly backdoor encryption laws; the UK has no legal authority over their servers.

[–] fkn 4 points 1 year ago (1 children)

And the Japanese government can force a backdoor into a server hosted in Japan. I don't know what your point is or how it differs from what I said.

Governments can absolutely force backdoors into individual servers. The point you are making about the UK is true for any matrix servers hosted in or by a UK entity. It's not isolated to Signal. It's debatable if matrix clients will be legal to distribute in the UK after their law goes into effect.

[–] [email protected] 0 points 1 year ago (1 children)

So the community then moves the servet to Iceland.

The point is that they can't shutdown a community-run disorganization's sever because it can just move. Companies that profit from a region are beholdent to that region's laws.

[–] fkn 1 points 1 year ago (1 children)

I don't know what you are arguing. You are talking about things I haven't said or claimed... And you refuse to address the points I do bring up.

What's the point in talking to you if you arent going to participate?

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I'm arguing that a disorganisation (eg community-run Matrix server) isn't beholdent to the laws of a few silly countries, unlike a corporation (eg Signal)

And I've addressed all your points.

[–] fkn 2 points 1 year ago

But that doesn't have anything to do with what I said?

You haven't addressed any of them? How does the fact that servers can be spun up in different countries affect those countries ability to inject backdoors into servers hosted in their country? When did I ever say block or remove communities? How does restricted legal access to third party clients like element confound the situation?

It's like you have some strawman argument setup and you are shouting at the void...

Literally nothing you have posted on this thread is relevant to what I have posted.

[–] fkn 11 points 1 year ago

There are several different questions here that run the gamut of security related questions, not just privacy.

If you want a lay persons answer, the gist of it is both are secure enough for the vast majority of situations. If you don't have nation states after you, use what is most convenient for your primary use case.

If you are worried about nation states... You need to do your own technical analysis, and if you are incapable of doing so... You should not be trusting random idiots on the web.

That said... The biggest difference is that signal is more secure by default, forcing end to end encryption on all communications but you have to trust a closed source private organization. Arguable the signal protocol is probably provably more secure with perfect forward secrecy (the double ratchet algorithm is legit).

Matrix has a significantly larger public surface area for non nation state level actors to observe and Messaging is arguably slower... But you have much more freedom with how much trust you give entities. Unfortunately, more of the security is up to you and your contacts which makes it less secure. (We on average are terrible at security). Matrix is probably also more resilient as a network.

Finally, Signal does not provide any anonymity whatsoever. I'm fact, it directly ties your messaging to other highly personal information. (But nobody other than you and the other participants can read any of the messages). Provide you know your contacts in real life, you can prove message authorship (you know for a fact that the message was written on their device and nobody other than the intended recipients read it).

Matrix does provide anonymous access. If this is something you need... This is the answer.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 7 points 1 year ago

for decentralyzed private and anonymous messaging, try Session. its like cross between matrix and signal. it is supposed to hide metadata, not just message content. #notsponsored

[–] [email protected] 5 points 1 year ago (2 children)

Threema is very security focused at the expense of user experience. You lost your private key? Tough luck, here's a new account and everyone will have to verify your new account again. I have had conversations with friends over five or six of their accounts because they use threema just like WhatsApp. I stopped recommending threema to folks without a basic technical understanding. Signal is more than good enough for their needs.

[–] [email protected] 3 points 1 year ago

Lol and here's me running a rolling backup with everything in it. Haven't had to redo it ever really.

The only thing is it's a paid app. Although, I don't mind buying licenses for people I want to talk to.

[–] [email protected] 1 points 1 year ago

Signal is a smartphone app, so you can trust it as much as you trust smartphones. :) It is more reliable and user friendly however, which is important too.

[–] zephyr 0 points 1 year ago (3 children)
[–] Kalcifer 16 points 1 year ago* (last edited 1 year ago) (1 children)

Hm, I have trouble trusting any information on that site for a number of reasons:

  1. They don't seem to grasp the concept of a federated service, and how that plays a role with "Matrix". As stated on this page, under "Riot/Element":
  • There have been no code audit and an independent security analysis, and hence we must take Element’s word. No one can mark his own homework.
  • Matrix has had at least one embarrassing security breach, indicating that their infrastructure security is lacking.

They seem to be referring to "Matrix", and "Element" interchangeably which doesn't make any logical sense as "Matrix" describes the underlying federation protocol, and "Element" one of many clients that exist. This line of thinking can also be seen in the comparison table; the column title is "Element/Riot", and yet much of the data contained in the table is referring to things related to the protocol.

  1. Furthermore, it should also be noted that the quote in point #1 is complete misinformation, and blatantly false (it should also be noted that this information is repeated elswhere, including the comparison table). Firstly,

There have been no code audit and an independent security analysis, and hence we must take Element’s word. No one can mark his own homework.

Ignoring that they say "Element", and, instead, assuming that they intended to say "Matrix", from what I can see, there are at least two independent audits that have been done -- their respective information can be found on the blog posts here, and here. and secondly,

Matrix has had at least one embarrassing security breach, indicating that their infrastructure security is lacking.

Ignoring the fact that this statement makes no logical sense since "Matrix" is a protocol, and therefore the idea of a "security" breach does not even apply, I'm going to instead assume that they are referring to the home-server "matrix.org". The security breach I'm assuming that they are referring to is described in the blog post here:

TL;DR: An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens.

I'm not entirely sure what the author was insinuating, since this is just something that affected the matrix.org homeserver and no one else, and has absolutely nothing to do with the security of the protocol on the whole. The only important thing with this is whether or not the retrived unencrypted data (ignoring the messages) has any affect of compromising the security of the user -- this author, unfortunately, makes no effort to explore this idea, and just moves on.

There are plenty of other discontinuties that can be picked apart from this person's site, but these were the most immediately glaring.

[–] fkn 0 points 1 year ago (1 children)

It's wrong to say matrix is only the protocol.

Matrix.org is the server that element defaults to and the vast majority of people use.

It is true that element hasn't had a security audit, but the matrix.org servers have.

The protocol is separate from the server.

[–] Kalcifer 2 points 1 year ago* (last edited 1 year ago) (1 children)

It’s wrong to say matrix is only the protocol.

Matrix is only the protocol. Synapse is the name of the server software. "matrix.org" is just the URL of the main homeserver.

From Matrix's About section:

Matrix is an open protocol for decentralised, secure communications.

Here, you can find Synapse.

[–] fkn -1 points 1 year ago (1 children)

This is a poor take and ignores the proper level of abstraction when discussing the situation.

[–] Kalcifer 1 points 1 year ago (1 children)

Would you mind elaborating?

[–] fkn -1 points 1 year ago

In context, disambiguating "matrix" the protocol, "matrix.org" the server and "element" the application obviously implies that "matrix.org" is not being referred to as the domain name.

"Matrix.org" in this case should be abstracted to mean the service as a whole providing the matrix.org website, matrix protocol endpoints, hosting solutions, business and other accoutrements.

The original question was in relation to signal vs matrix. "Signal" in this context refers to more than just the dns entry, business, protocol, frontend application or other elements. It should be obvious that referring to "Signal" implies all of these elements. Which is where my reply comes into effect.

You made the mistake of mistaking the organization (and all related services) of "element" and "matrix.org" and the matrix protocol. These are not the same thing. In the context of using the name of the thing to refer to the organization, servers and other errata; "Element" refers to a single independent organization and application that provides a single implementation of a client side portion of the matrix protocol. "Matrix.org" is a separate, independent organization that is providing a server implementation of the matrix protocol.

Your guess that "matrix" and "element" are interchangeable in the original article is incorrect. "Matrix.org" is a separate organization from "element".

From this point of view, coming back with the statement "matrix.org is a domain name" is frankly insulting.

[–] [email protected] 10 points 1 year ago

That chart is full of outdated information and outright falsehoods. What a mountain of misleading bias.

[–] Nioxic 7 points 1 year ago (1 children)

Matrix isnt mentioned on that site?

[–] qaz 5 points 1 year ago

Element is a matrix client

load more comments
view more: next ›