Does XMPP not have the same metadata?
Comment on XMPP as a Discord alternative for small group?
TCB13@lemmy.world 7 months agoYes, but Matrix a plague of questionable open-source and a metadata disaster.
Matrix’s E2EE does not, however, encrypt everything. The following information is not encrypted: Message senders, Session/device IDs, Message timestamps, Room members (join/leave/invite events), Message edit events, Message reactions, Read receipts, Nicknames, Profile pictures
Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result.
Decentralized communication protocol Matrix shifts to less-permissive AGPL open source license Element, the company and core developer behind the decentralized communication protocol known as Matrix, has announced a notable license change that will make the open source project just that little bit less appealing for companies looking to build on top of it.
techcrunch.com/…/decentralized-communication-prot…
Stop recommending questionable open-source like Matrix. XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.
What people fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation and it can be configured to be secure and private. Everything else is just an attempt at yet another vendor lock-in. Here a quick overview of the architecture.
LodeMike@lemmy.today 7 months ago
poVoq@slrpnk.net 7 months ago
No, or rather not quite. XMPP is designed on a need-to-see system where basically only the meta-data that a server or client really requires to function is shared with it. This can mean that there is quite a bit of meta-data shared with various servers in a popular group-chat, but that is rather the exception.
Matrix on the other hand is designed as a replicated data-store, meaning that really everything is shared with every connected server by design. The reason for this is so that chats can continue to function even when the original server is removed etc. This was the big original selling point of Matrix, but lately they have been somewhat quiet about it as it largely contradicts privacy concerns and might even be fundamentally GDPR incompatible. In any case it is pretty much a meta-data nightmare.
LodeMike@lemmy.today 7 months ago
Well you also can’t remove shit on someone else’s email servers so is that not GDPR compatible?
poVoq@slrpnk.net 7 months ago
In the case of email you have to actively send something to someone for it to be on their server. In Matrix it is sufficient for a 3rd party to join a chat for them to get the entire chat history (hopefully e2ee) including all meta-data back to the very first day the chat was created.
TCB13@lemmy.world 7 months ago
Let me add the following: the problem is that that metadata is all over the place AND you can’t remove it from those 3rd party servers. Also there’s a ton of questionable stuff like read receipts and reactions that are never encrypted (not sure if this was fixed already). XMPP with OMEMO enables will encrypt everything.
poVoq@slrpnk.net 7 months ago
Currently the OMEMO as implemented in most clients only encrypts message content, but not the meta-data. There is a newer, sadly incompatible version that encrypts more, but few XMPP clients support it.
EngineerGaming@feddit.nl 7 months ago
What also bothers me is how prominent matrix.org instance is. So you got a system that is supposed to be decentralized… Yet defederating from the one central server would break a lot.
TCB13@lemmy.world 7 months ago
That’s just another detail where we see that.