About matrix and riot

IRC does not scale well. Servers are arranged in the spanning tree with only one path between any two of them. This causes frequent network splits once the number of servers grows beyond a handful. All users are known to all servers and any user can get a list of them (at list protocol sais so, in practice this has been disabled for efficiency reasons, once the userbase on average IRC network got to ten thousand or so). Than again, this is my knowledge from 1997, perhaps IRC protocol has undergone major changes since then.

2 Likes

I don’t really understand why a company selling itself on maximum privacy and security should trust a relatively unknown organisation like matrix to do what everyone is trying to avoid Google doing, ie storing and controlling all their private data, whether it is peertopeer, encrypted or whatever. I want all my data stored locally or totally under my control and I don’t want a junk of unnecessary and dubious matrix software embedded in the browser/OS.

Then why don’t you start your own matrix server under your control?

It is like saying that my organization should never had run a sendmail service because someone else relatively unknown invented it, and stay with …AOL.

The phrase “a relatively unknown organization” is an argument against avoiding the “well known and established Google”. It means avoid the unknown and stay with the good known ones. Viva Apple and Google.

Are you sure you want a place in purisms forum?

6 Likes

You misunderstand. I don’t want matrix at all. I don’t want social networking. I don’t want WebRTC in the browser. ( I have been unable to find out if Purebrowser avoids the usual IP leak problems).
The Librem phone is obviously only going to provide very basic features for a long time. This is all I want to start - a basic secure browser, email (maybe Protonmail), conventional phone and text to talk to the real world.
It is obvious that complexity enables bugs and hackability, whether we are talking Open Source or not, PureOs core should be minimalist.

You can chose not to use said functionality, but I prefer a encrypted calling/chat solution over convential insecure cellular networks for my uses.

2 Likes

The devastating Notes on privacy and data collection of Matrix.org (that where posted above) seem to have lead to a fork!

They left github for https://gitlab.com/thegridprotocol/home.
Strangely https://www.gridify.org seems cloudflared.

4 Likes

The issue depend on server or is about the protocol? I mean if i made my own server i’m ok or there is still privacy problems?

Seems to be the protocol.

Data sent on a potential regular basis based on a common web/desktop+smartphone usage even with a self-hosted client and Homeserver:

The Matrix ID of users, usually including their username.
Email addresses, phone numbers of the user and their contacts.
Associations of Email, phone numbers with Matrix IDs.
Usage patterns of the user.
IP address of the user, which can give more or less precise geographical location information.
The user's devices and system information.
The other servers that users talks to.
Room IDs, potentially identifying the Direct chat ones and the other user/server.
1 Like

I think the first 3 points are resonable i mean people must find you, what usage pattern means? About ip addresses i hope will be holded by your home server without the need to be spread over matrix.org or other federated server
Users devices and sys info… Why???

@matthew could we have some clarification?

2 Likes

okaaaay… that’s a LOT of metadata, and many are critical… now I start to understand why Librem Chat is still not on F-Droid, while Librem Social and Librem Mail are there :

To me, there is no need at all to track metadata in a discussion. If they want to improve the app, why just do not put an option in the menu linked to the git in order to open an issue ?

Can somebody explain this, really?

Was matrix produced with, and by, a privacy attack vector against instant messaging?

Is what they tell not what they mean, and sell to some other end?

So that finally it had to lead to a riot, making a fork? Transforming “matrix” into “grid”, to actually allow for decentral, federated, separation of concerns?

That’s the official response


https://matrix.org/blog/2019/06/30/tightening-up-privacy-in-matrix

What do you think?

1 Like

Does not sound like they disable the call-home address book upload anti-feature by default, and would only do opt-in for specific queries, instead of bulk data uploads.

Is this their “solution”?: Continuing to let all installed clients contact their servers, but now enforcing personal authentication for their central vector services, requiring acceptance of their “privacy policies”?

Could the PR matierial not sound like PR material, if the goal would be to develop a protocol that would not require to accept any external privacy breaching policy?

Could another protocol, instead, promote a default no-data-collection policy for clients and homeservers?
Maybe requiring something like some form of “tainted” flag if a home server or client wants to do data-collection that requires to be accepted to comply with the GDPR?

Maybe a way to implement this might be some form of a GPL+data-sufficiency copyright?

EDIT: Or is the GDPR already sufficient?

Any comments on the quote below, like in the pdf response from matrix? To avoid it from falling under marketing gibberish for promoting a larger privacy impact vector.

It is (is it?) right that not-allowing something does not-necessarily mean not doing so, but still keeps the option for rating freedom and privacy equally high (as – any low to negative number)?

Reading this now, could be revealing a different kind of accuracy depth, possibly including but not limiting the spreading of some FUD regarding own homeservers and other apps?

and as mentioned in #matrix:matrix.org:

“basically, there’s some stuff we could do better; we’ve almost finished a project to do so as per that post. much of the other stuff in the original gist is alarmist BS - mixing together innocuous stuff with a few legit issues in order to scare people and promote a hostile fork.”

1 Like

Let’s see, clients and servers that contact central servers and require the acceptance of privacy policies will speak for themselves.

Just to clarify: The blog post says, enforced agreement to the policy was a means to make everybody AWARE of the defaults, not to hinder anybody to change them. It also says that it’s unfortunate that those on other instances are NOT necessarily aware of said defaults (as they don’t see that policy).

This is also not a protocol thing. It’s the defaults of clients and servers. All of those things can be changed and improved. For example, I’d expect Purism to use different defaults.

However, I also understand the point that for adoption beyond the geek circle this kind of convenience can be viewed as important. I just don’t assume they do it with bad intentions.

1 Like

But who is assuming something? It just became obvious that there is no intention at Vector inc. to change the global out of the box default, to stop shipping a central data collection system, in favor of a decentral network that might still allow for some hosts catering to the “I publish the private contact data of my friends” type of people.

The question is if “Jami encrypted message chat and video call” 's current implementation of an optional name server service is already better or can still be improved.

2 Likes

Does the sentence have a spin conveying something that is not said?

Truth is, only they can change the default, so pure privacy respecting companies will have to support a fork that does not require accepting server “privacy” policies, and to use the fixed system instead.

It’s time to ask the question “how does Vector make money, what is his business model?”.
This topic seems to show that they are not trying to delete tracers (in order to clearly remove the suspicions), but to change a privacy policy that the end user must accept.

I reached a point where I was sure of Purism’s good intentions. But between this problem (concerning Vector), but also the Librem Chat which depends on this protocol, I’m starting to wonder if Librem 5 will really respect privacy by default or if it should be diverted (ex: Firefox instead of Pure Browser, a private instant messaging instead of Librem Chat, Silence instead of SMS by default, etc.).

I’m not accusing anything, but I’m not a fanboy either: I’m wondering.

1 Like