Not sure how to do that though
Copy the content, delete the post, and repost it to the other community in the same way that you posted it here? Technically, you could use the repost button, but that's under the assumption that your post is within the scope of this community in the first place -- which it is not.
This post is off topic for this community -- it would be more appropriate to post it somewhere like the Fediverse Community .
Y'all don't update your services?
That's a fine recommendation! Thank you!
Your account data is also not protected
Do you just mean that your messages, for example, are stored on the server, and can thus be deleted by the server admin? Would you mind elaborating?
Would you mind elaborating?
It’s wrong to say matrix is only the protocol.
Matrix is only the protocol. Synapse is the name of the server software. "matrix.org" is just the URL of the main homeserver.
From Matrix's About section:
Matrix is an open protocol for decentralised, secure communications.
Here, you can find Synapse.
Homeserver admins (...) can see who (...) you’ve talked to and when it happened.
I'm assuming that since it is federeated, even if one server was very diligent with not keeping such metatadata, the issue would still remain with the other server if it did not follow the same practices?
matrix stores your profile info
group membership
ongoing conversation in plaintext
As I am not exactly sure what you are referring to.
In addition to metadata that matrix doesn’t encrypt
I'm assuming that this statement is referring to what was said here:
On the other hand, matrix stores your profile info, group membership, and ongoing conversation in plaintext, some of them replicated across homeservers
Hm, I have trouble trusting any information on that site for a number of reasons:
- There have been no code audit and an independent security analysis, and hence we must take Element’s word. No one can mark his own homework.
- Matrix has had at least one embarrassing security breach, indicating that their infrastructure security is lacking.
They seem to be referring to "Matrix", and "Element" interchangeably which doesn't make any logical sense as "Matrix" describes the underlying federation protocol, and "Element" one of many clients that exist. This line of thinking can also be seen in the comparison table; the column title is "Element/Riot", and yet much of the data contained in the table is referring to things related to the protocol.
There have been no code audit and an independent security analysis, and hence we must take Element’s word. No one can mark his own homework.
Ignoring that they say "Element", and, instead, assuming that they intended to say "Matrix", from what I can see, there are at least two independent audits that have been done -- their respective information can be found on the blog posts here, and here. and secondly,
Matrix has had at least one embarrassing security breach, indicating that their infrastructure security is lacking.
Ignoring the fact that this statement makes no logical sense since "Matrix" is a protocol, and therefore the idea of a "security" breach does not even apply, I'm going to instead assume that they are referring to the home-server "matrix.org". The security breach I'm assuming that they are referring to is described in the blog post here:
TL;DR: An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens.
I'm not entirely sure what the author was insinuating, since this is just something that affected the matrix.org homeserver and no one else, and has absolutely nothing to do with the security of the protocol on the whole. The only important thing with this is whether or not the retrived unencrypted data (ignoring the messages) has any affect of compromising the security of the user -- this author, unfortunately, makes no effort to explore this idea, and just moves on.
There are plenty of other discontinuties that can be picked apart from this person's site, but these were the most immediately glaring.
Of course, few things in life are truly free -- presumably, such a service would be run by donations, and the community.
I feel like it's rather pointless to try and contort discord to be something that it's not. If you are truly concerned about your privacy, then your best move is to just use something else. An example of an alternative would be Matrix.