In this blog post the author argues that there are serious privacy concerns regarding the Matrix communications platform as it exists today, due to the apparent reliance on Cloudflare of the matrix.org homeserver and the centralized Vector identity server. Some of this argument is quoted below. My question is whether anyone at Purism has considered these issues (assuming they are technically accurate) and if so, what the company’s thoughts are regarding them, given that Matrix is an underlying network for the Librem 5 as I understand it.
From the blog post:
“But Matrix is decentralised, so just use a different homeserver”. Sure, but I’d
need to be on a homeserver that refuses to federate with matrix.org to protect
its users. The issue you then get is with Matrix’s centralisation with its
identity servers. I tried creating an account with privacytools.io with the
centralised anti-privacy identity server vector.im blocked thorough uMatrix. I
was able to create the account, but then couldn’t log in, despite it saying I’d
be able to. It was only by removing the block to the identity server that I
could connect. It’s this vital encryption combined with lacking clients,
centralised components, and exposure to Cloudflare’s MITM attack on the internet
that make Matrix an incredibly hostile platform to try and communicate with. In
unencrypted rooms, privacy is exposed in a similar manner to that with any
spyware platform such as Discord.