Comment on Matrix 2.0 Is Here!
ozymandias117@lemmy.world 3 weeks agoI’ve used Matrix since the app was called Riot.im and there was no encryption
I didn’t realize once encryption was added, that there were still metadata leaks as compared to Signal
Could you give me some information on what metadata is unencrypted, or point me towards documentation about that?
mox@lemmy.sdf.org 3 weeks ago
Room membership and various other room state events are not currently end-to-end encrypted, which means a nosy admin on a participating homeserver could peek at them. (They’re still not visible on the wire, though, nor on homeservers that don’t host members of the room.)
I don’t know if Signal is actually much better, since I haven’t looked at their protocol. They hyped their Sealed Sender feature as a solution to things like this, but it can’t really protect from nosy server admins who are able to alter the code, and they fundamentally cannot hide network-level meta-data like who is talking with whom. There’s a brief and pretty accessible description of why in the video accompanying this paper.
I don’t have a list of Matrix events that are typically unencrypted. You could read the spec to find them, if you were motivated enough to slog through it, but be warned that network protocol specs tend to be long and boring. :) Unfortunately, the few easy-to-digest blog posts about it that I’ve encountered have been both alarmist and inaccurate on important points (one widely circulated one was so bad that the author even retracted it), so not very useful for getting an objective view of the issue.
However, the maintainers have publicly acknowledged the issue as something they want to fix, both in online forums and in bug reports like this one:
github.com/element-hq/element-meta/issues/1214