Privacy

1744 readers

260 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

Be civil and no prejudice
Don't promote big-tech software
No reposting of news that was already posted
No crypto, blockchain, NFTs
No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 4 months ago

MODERATORS

[email protected]

243

Incredible tweet from signal cofounder. (nitter.net)

submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]

34 comments fedilink hide all child comments

There are so many great reasons to be on Signal. Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations. Don’t sleep on this opportunity…

Editing to add the link to the messages: https://archive.is/2025.03.26-131842/https://www.theatlantic.com/politics/archive/2025/03/signal-group-chat-attack-plans-hegseth-goldberg/682176

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 15 points 1 week ago (3 children)

Matrix shares metadata in plaintext with every participating server: who talks to who, when and how often.

[–] [email protected] 4 points 6 days ago

However, unlike Signal, you can exclude external participating servers entirely.

(I heavily prefer XMPP to Matrix tho, even though I host both)

[–] [email protected] 2 points 6 days ago

yeah, no shit, it's decentralized.

If you don't want that metadata visible then host your own server and require your organization to use only that server, there are settings specifically to enforce this use-case.

the french government uses matrix for communications, it's fine.

[–] [email protected] 12 points 1 week ago (1 children)

Source newer than the 2010s?

[–] [email protected] 4 points 1 week ago* (last edited 1 week ago) (1 children)

https://spec.matrix.org/latest/#room-structure

The content of the messages can be encrypted. Who is in a room and who sent each message is not. See the “shared data” section of the chart.

Encrypting that data would require something like Sealed Sender (like Signal), and that is entirely absent from the spec and any implementation.

Edit: to the people downvoting, this is the literal Matrix spec upon which all the implementations rely. You are asking me to prove the absence of something in it. If you could, point me to the section that comments on the encryption of metadata in the spec. You may not like the answer (I’d love for it to encrypt metadata too!) but that doesn’t change the fact that it doesn’t encrypt metadata at this time.

[–] [email protected] 4 points 6 days ago* (last edited 6 days ago)

I'm not downvoting but I can say I was definitely hoping for more a study where data is probably leaking (ie theory vs practice). I know there had been some things like this the better part of a decade ago hence my time restriction, but maybe nothing new.

Looking at the shared data section you mentioned I don't really get how it's possible to avoid the system knowing who is in a room -- except by limiting yourself to safe servers. Signal does that with a central system, but matrix certainly would allow self hosting such that this data doesn't leak between servers.

The weird thing about that section to me is it says the messages are listed as json objects but...I don't see how that works with room encryption. I suppose the json objects include the encryption data but I thought they had to do something weird for room encryption to make the double ratchet perform well.