dngray

@dngray@lemmy.one

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Google DRM / WEI⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Not unless websites require certain features to be visible, that’s the major concern.
⁨Comment⁩ on ⁨How often do you use arkenfox-cleanup.js?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I don’t. I just run prefsCleaner each release and then updater.
⁨Comment⁩ on ⁨Should it really be Telegram?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
We have a website too www.privacyguides.org/en/real-time-communication
⁨Comment⁩ on ⁨What are your opinions on Matrix?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
If the audits are public and they are actually funded with proper scope that may very well be better than some very small project nobody can be bothered looking at.
⁨Comment⁩ on ⁨What are your opinions on Matrix?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

For instance my phone number isn’t tied to my Matrix account

It isn’t for anyone using any client unless they optionally decide to provide it.

They talk of Matrix being centralized but that only really applies if you use the Matrix home server, there are many alternatives

Indeed: joinmatrix.org/servers/ and that’s not even getting started on the private ones or unlisted ones.

is it betetr than Discord for privacy and security ?

100% Discord has no privacy no encryption, the company sees absolutely everything.

Discord is clsoed source so nobody knows what it gives up or does in the background

That doesn’t necessarily impact privacy, and we know exactly what it does in the background based on their privacy policy.

No closed source program can be trusted over a FOSS option

I would say be careful here, because something is open source doesn’t necessarily mean anyone cares about what the code is actually doing. In the case of Matrix it is a very active project with a lot of community engagement and a well thought out specification so that everyone can “get up to speed”. That is extremely important. Nobody is going to sift through a tarball of source code “it’s open source”, if the development is not. It’s also totally possible for a patched version to be running in production that doesn’t reflect the source code.

That is why it’s very important not to confuse FOSS with privacy.
⁨Comment⁩ on ⁨What are your opinions on Matrix?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

As for the metadata leaking, while metadata is obviously available to the admins of the servers you and you recipient are using, these chat histories are not synced in their entirely,

Maybe so, but for a public room it really means nothing because they could just join it anyway. Every client has a copy. The point is neither system has deniability in terms of “I was never talking to this person”. I do think there is more utility in Matrix’s future with P2P accounts however, that don’t depend on a single Matrix server and can be rotated. Anything you aim to be anonymous with should be regularly rotating accounts as we suggest. Take a look at XMPP: Admin-in-the-middle. Admins can get more than enough.

SimpleX chat addresses most of Matrix and XMPP’s shortcomings

Except there is no desktop client, and I’m not sure how it will work at scale. It does not have anywhere near the feature set of Matrix. The whole “spaces” thing is the beginning and I suspect they’ll be doing a lot more there, specifically: “Spaces effectively gives us a way of creating a global decentralised filesystem hierarchy on top of Matrix”.

I hope it can one day replace them.

I honestly doubt that will ever happen they aren’t really competing products. Matrix is really meant for large scale networks, a bit like a whole social media platform, whereas SimpleX is more like a competitor to Signal or Session.

I would like to see Decentralised user accounts and I think they may be still looking at this because it would be nice to be able import your account somewhere else if a home server you’re on shuts down or something.
⁨Comment⁩ on ⁨Tutanota vs Proton Mail⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

Plus their unwillingness to open source it and not sharing the audits just doesn’t inspire my confidence.

The server side isn’t open source, and you can’t verify that is what is actually running in production. While we do recommend it I don’t personally use their products.I like the use of email clients, particularly customized to my needs.

Nested folders was only a very recent feature added tutanota.com/blog/posts/subfolders and without that I wouldn’t even consider a provider as I use this for organization. Of course as you can’t use your own email client, downloading email from Tutanota can be a bit of a pain too, you can only export per-folder into Mbox.
⁨Comment⁩ on ⁨What are your opinions on Matrix?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Yes the article is FUD and sloppy. This is what Matthew Hodgson (Arathorn) had to say about it:

Talking of sloppiness, that hackea.org article is a huge steaming pile of FUD about Matrix.

For what it’s worth, the team who came up with Matrix was originally based in two separate startups: one in the UK doing VoIP, one in France doing mobile dev. Both got acquired by Amdocs in 2010, but we ended up forming an independent “incubated startup” first to build telco apps, and then we came up with the idea of Matrix in ~2013. We then built out Matrix until 2017 when Amdocs killed our funding, having run out of patience for what amounted to generous FOSS philanthropy.

We then set up New Vector (now Element) as an entirely independent UK/FR startup, and have received zero funding from Amdocs since. To be crystal clear: Amdocs has zero privileged influence or control over Matrix (or Element, for that matter), and has zero access to the Matrix servers we operate as Element. And besides - the whole point of Matrix is that you can and should run your own servers so you can pick who to trust, even if you don’t trust the project itself.
⁨Comment⁩ on ⁨What are your opinions on Matrix?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

you have to attach your matrix ID to your phone number

Yes, this is FUD, it’s not necessary, and entirely opt-in. Also you don’t even need to connect to the identity server.
⁨Comment⁩ on ⁨What are your opinions on Matrix?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

you’re referring is using XMPP without OMEMO

OMEMO encrypts text messages for VOIP you need DTLS-SRTP encryption or Jingle session encryption.

warns you your message content is unencrypted if this is disabled

The point is that Matrix 1:1 calls are always encrypted and soon with MSC3401: Native Group VoIP Signalling group VOIP calls will be as well. (still in beta. Having foot guns about what might be encrypted or not in a client isn’t very private at all.

Also, XMPP has better (imo) and more numerous clients than Matrix on every platform except iOS and MacOS (No better XMPP client than Element on these platforms).

I’ve used Nheko and that’s pretty good. Last time I checked the XMPP clients that existed had a lot of rough edges.

I definitely prefer an extensible protocol to a much heavier, metadata-leaking, less-feasible to self host solution like Matrix.

That is definitely your opinion, Matrix has shown to be very feasible in a commercial sense as there are many providers and commercial clients using it, french government, german government etc. Matrix really can be quite lightweight enough that it will be entirely possible to run a homeserver locally in WASM which is what the Matrix P2P project is about. arewep2pyet.com has more details about that.

The point is a lot of testing and thought goes into these things.

metadata-leaking

You’re pretending XMPP doesn’t have metadata between servers, it certainly does.
⁨Comment⁩ on ⁨Tutanota vs Proton Mail⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

Then why post it and spread FUD?

Deleted by Mod.

People please try to remember the rules about substantiating your content/posts.
⁨Comment⁩ on ⁨Tutanota vs Proton Mail⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. tutanota.com/encryption

These are only primitive algorithms, the actual implementation is custom and specific to Tutanota, which mean it will only work with Tutanota as nothing else will implement it.

There is no way to do key distribution outside of Tutanota’s service.
⁨Comment⁩ on ⁨What are your opinions on Matrix?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

Element web-client also phones home

It doesn’t send metadata about your use. There is a version check though.
⁨Comment⁩ on ⁨What are your opinions on Matrix?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
That is the nature of any federated protocol.

E2EE works well enough within rooms and that is likely where private data is to be anyway. As long as you Matrix and assume that everyone can see your Matrix ID and room IDs you’ll be okay.

XMPP isn’t any better in that regard.
⁨Comment⁩ on ⁨What are your opinions on Matrix?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

leaks more metadata than XMPP

XMPP is not a private protocol either. In a lot of cases data is not E2EE, there is no reference clients and there’s a mess of standards that very few if any clients fully implement.