About matrix and riot


#42

that’s the difference. Matrix is not about communication, communication is a side effect. You cannot remove the history of conversation because in conversation (except some corner cases) there are more than one party. So in this case “removal” is effectively a blacklisting of your own access to your history. do you really want it?


#43

i wanna choose, maybe in some room is better to hold everything, and maybe in other room is better to delete

in my uses is better to delete older entry because to me matrix should be a sostitute of whatsapp/signal
i take care of security and privacy, as i think almost everyone there, i just need to communicate with others without store everything i say like the google brother


#44

I hear you and completely understand your use case. Just try to hear me. You can choose what you store on your device. You can choose whether server stores messages at your personal store. You cannot choose though what other side chooses to do. Now, server has tow possibilities - store a copy of the message at multiple buckets (personal stores). Or it may just store everything once and then partition personal-store-like access by filter/access matrix. So when you drop your store - you just filter yourself out of the central store.
I’m not saying this is how matrix works. i’m just telling you hypothetical implementation scenario. However I wouldn’t be surprised if matrix chosen this implementation strategy. I’ve chosen it to implement XMPP MAM.


#45

i got your point and i really like to be able to make my own server, and i searched for it on the web but is completly out of my understanding

that’s why i’m asking for a new kind of setting, i’m not asking to change their way, just to add a new one, where people can completly control of their data

and that’s what i call creepy, i think something like that is about facebook/google where you give to them your data and when you delete it, you just can’t see it anymore, but they can

my though is about privacy minded people and business model, i think to be one of the privacy minded people, like almost everyone there, and purism and matrix crew are the business company, a business company goal is to make money with their mission, when your business mission is to be a privacy friendly company you should also try to give something others do not have, and when you do it, you have success, just see the librem 5 campaign, i disagree with you when you write

matrix in my opinion is a communication app, and actual as i know there is no communication app completly open source who completly respect privacy with a good privacy policy, and which allow user to completly control your data, i know the exception is matrix itself if you have your own server, but is not easy for normal user, and as normal user i’m there trying to explain a point of view that is not just mine, but also real friends and people i talk with on the web, and that’s the matrix opportunity to be different from other services, not just about be federated, as everyone know have a better technology do not give you the first price, you have to be unique from normal user prospective, for example it should be really easier to use and configure, i saw the project leader wrote somewhere they know and they will work on it, and as i already wrote should be more privacy friendly with privacy policy server and give more option to user to customize their room as they wish
there is still no communication app who give to you the total control of your communication, and i really hope matrix will be that one


#46

Suppose Alice sends a message to Bob by way of Steve (server). Steve can’t decrypt the message. Neither Alice nor Bob can delete the message without the other’s cooperation. Alice can delete her own copy, but Bob can keep a copy. Bob might keep a copy with Steve and might also keep a copy at home and perhaps he has stored a copy with his friend Tom (server 2). Alice can ask Bob to delete it but it is impossible for her to be sure. Maybe Bob photographed the message, or simply has a very good memory. How can Alice possibly verify Bob can no longer produce a copy of the message? Alice can ask Steve to delete Bob’s copy of the message, but if Steve complied this would be a betrayal of Bob, and in any case it is pointless because only someone possessing Bob’s private key can read the message and also because Bob could have made many other copies.

Why is this situation “creepy”? I think it would be creepy if Steve could be asked by either Alice or Bob to delete the other’s copy of the message. Bob might be relying on Steve for keeping a copy.


#47

You are right i try to make a better example
Alice Bob need to write each other and they trust each other because they are friends and they use Steve (server) but they don t know who is steve then they can t really trust him, they can trust steve do not make malicius thigs only because he is open source. Alice write to bob so alice send to steve the message, when bob is online download the message in the client and steve do not have it anymore because when all the receivers have the message is not needet anymore fot steve to hold it.
Why is creepy to me that steve hold the message forever? Because now steve is open source and is owned by good people but, in example, a bad guy own the company or the company employ a bad guy or just an hacker a bad one take the database, all my comunications are inside and i don t really want it, even if it s all encrypted, because it s just about time and power to be able to decrypt

For example kontalk seems more privacy friendly the server delete the message after 7 days or when is delivered


#48

this is the key. If you don’t trust mediator - don’t mediate your conversation via him. Because malicious mediator may create a sham by pretending you are controlling your messages while in reality you are not.

So matrix does not pretend it gives you ability to delete your messages, because it cannot. It is fair that your removal is pointless because there’s still a copy.

In other words - either use trusted mediator or use end-to-end encryption.


#49

Even if u use e2e encryption metadata is not encrypted, and even the encrypted data could maybe decrypted in some years, thats why i dont like to use somethibg will stay on server forever.
I d like to run my own istance of matrix server but i m not able to do it, the 2 other im wich dont store conversation on servers are signal and kontalk i m asking myself if i should able to run it on librem5, should be nice to have some info about it from purism


#50

you still don’t get a point. If you run your own server - you can remove only messages for intraserver communication. You cannot influence storage of federated communication.


#51

The point is, as i already wrote i m not able to make my own server

Do matrix still keep message if i delete it? I ve tryed to delete some message and i cant see it anymore neither my friends
I d like to see a reply from mattew because i think there is some confusion


#52

I confess, I never used matrix/riot so far … but I agree, the privacy policy in deed looks pretty creepy.
I think secure and private by design looks different than that, especially when seeing the amount of non-encrypted traffic from @cgelinek post.
So nothing I would like to use, nothing which I would beg to see on a Librem 5.
I think the own server is the way I’d like to go.
Nextcloud with Spreed therefore could be an option, so I hope the announced cooperation between Puri.sm and Nextcloud may lead to a Librem 5 client, which allows a bit more, than ‘just’ File-Sync.


#53

Riot allows you to connect to any server you choose. The privacy policy is if you are using the riot.im matrix server. Don’t like it? Make your own server. Its that simple.

I think. Somebody correct me if I’m wrong.


#54

okay accepted :slightly_smiling_face: I am using only Jabber, Spreed (sometimes Signal by exception and recently trying Briar) - I guess I need to dig a bit deeper into Matrix/Riot before doing another fast posting …


#55

Simple? Teach me how make a server with riot, i m a user not a sysadmin

I have another question. When librem5 will be released and will use their own matrix server i need to make another account or can i use the one i already have and be in touch with everyone who use matrix also in the matrix/riot main server?


#56

I agree with @eagle and @o-k : it is easy just to say to switch to another server. But it is not the way to proceed. Let´s all remember that the Librem 5 is a phone for everybody who care about privacy. It means admins, geeks, programmers, but also taxi drivers, doctors, teenagers, old people, etc. If I buy a car and ask for a rear camera as an option, I don´t expect the dealer to tell me ¨If you wan´t it, just install it by yourself¨, because, you have to buy the good part model, to connect the video wire to your screen, the power wire to you rear light, to unscrew/screw panels, sometimes to make holes for the camera, etc. You see, this is not only ¨If you are not happy, then just do it yourself¨.

I mean Riot has a huge potential in terms of private communications, but it has currently 3 cons : complex design, not easy customization, and no SMS/MMS encryption (like Silence in android, because SMS/MMS are massively used in Europe).

I am sure all of these cons can be solved in the future, I trust Purism and Matrix teams to make things simple for everybody.


#57

Purism is also integrating NextCloud for file sync and share solutions. NextCloud is the same way as Matrix. You can either use somebody else’s service and share your files with them, or you can build your own server . Email is the same way. Either build an email server in your basement or use something easy like gmail and compromise your privacy. Synced messaging with history has the same tradeoffs. Perhaps we can build a “Matrix Box” like the “Nextcloud Box” to make using Matrix as easy as Nextcloud. That would be my “ideal” world.


#58

What you said could be a solution : there is a partnership with Nextcloud. It is not clear how will be the result of this project but I hope we will be able to use the Librem 5 as a kind of server through Nextcloud (possible because we never turn off the phone, and it is always connected / less possible because it means a large disk size).
If Purism and Nextcloud can do an “out of the box” server, then we can select it for Riot.

Anyway, I still insist about SMS/MMS encryption. I think about all this people in Europe/rest of the world which use this protocol : I really hope something like Silence. Today, mobile network operators can read meta data but also content of SMS/MMS, then a few months later, you receive some ads related to what you said.

I know that a bridge to connect SMS with Matrix already exists but it is not clear how it works, if it is E2E encryption or not, etc.


Android via Anbox on Librem 5?
#59

Just stop bashing the water please. Read above official statement from Matrix representative

To be clear: the “local homeserver” idea is 100% vapourware scifi at this point, but still an interesting thought experiment about where things could go in future.

So it’s a no-go at the moment. Unless you mean by that - go write your own matrix protocol implementation and run it on your private server.


#60

For those interested in running said “vapourware scifi”, I would advise you read the official instructions over on GitHub.
The link is: https://github.com/matrix-org/synapse/blob/master/README.rst.


#61

https://matrix.org/blog/2018/01/29/status-partners-up-with-new-vector-fueling-decentralised-comms-and-the-matrix-ecosystem/

great news from @matthew
i’m really happy to see they are start to work actively to this project again, improve the feature already have without pushing on newer things like other project do is a good news, i’m curious to see how they can make riot more user friendly, so i can finally bring more people to riot/matrix

dear matthew just don’t forget us about privacy policy, i know you have to focus on other things and i understand, but just no delay this topic too much please