About matrix and riot


#83

Thanks for your reply, so i could be happy for a better matrix.org server policy and configurations, so if an user will just use it for personal chat will know when the message is deleted it is for real also from the server


#84

Signal has some privacy issues.

IIRC, they also require a phone number to sign up for an account.

Hi, I just found this interesting app called Ring. What is interesting in this open-source app is that it works P2P, with E2E encryption without any server.
If I understood well, the server is your phone/desktop. I know that this feature about Matrix is kind of vapourwave for the moment, but I would like to share anyway, maybe this can help to get such feature in Matrix

Ring and Tox (https://tox.chat/) are both interesting because they’re P2P, but the drawback is that it’s much harder to get 100% availability, which is pretty important for calls and instant messaging.


#85

https://matrix.org/docs/guides/privacy_notice.html
New matrix privacy policy thank you @matthew for this

Just a few questions

  1. password are encrypted with ssl as i read technically what does mean? Ssl as i know is a kind of encryption used for transmission not for storing data i could be wrong i hope someone can answer me
  2. username, avatars and mail and other user account are encrypted too?

#86

Very glad that we’ve finally got the new privacy policy out; hopefully folks agree it’s an improvement. Sorry it took so long.

I’ve just clarified the password wording (https://github.com/matrix-org/matrix.org/commit/ed9f9026bc74646aed1bd914385ed3e4ae6eedb7) - thanks for the prod. Passwords are only ever stored on disk having been hashed (and salted & peppered).

When a client sends a password to the server, it does so over SSL / TLS (HTTPS), so it’s encrypted in transmission too.

Username, avatars and email are not currently stored encrypted as need to retrieve them on a regular basis in order to actually use them to run the service.


#87

Why not stick to IRC as the protocol for communication or in short, for chat.?

Trying to evangelize a protocol (matrix in this case) that is not yet standard for this kind of communication seems to be only reasonable for a company that is already part of the oligopoly.

Using IRC is a political decision since big companies will not rely on such an open protocol or standard that has been around for decades and is already widespread, since they cannot control and change it at will. This can be used as an advantage for open projects like this one.

I can understand that the IRC protocol does not contain all the features that are mentioned here, but on the other hand there exists an IRC channel for exactly this project and trying to separate the developers from the eventual users by protocol doesn’t seem like the way to unify communication. How does communication about this project differ from communication that is enabled by this project?

If decentralization is conceptually a requirement, then end to end crypto seems like a much less important factor, since you have the ability to choose the server you are using for communication. so you an choose a server you trust (an option you don’t have with one of proprietary systems)

I really like your idea to produce secure and privacy-honouring device and software solutions, thanks for your prior and current efforts!


#88

IRC does not scale well. Servers are arranged in the spanning tree with only one path between any two of them. This causes frequent network splits once the number of servers grows beyond a handful. All users are known to all servers and any user can get a list of them (at list protocol sais so, in practice this has been disabled for efficiency reasons, once the userbase on average IRC network got to ten thousand or so). Than again, this is my knowledge from 1997, perhaps IRC protocol has undergone major changes since then.