Running your own Matrix server also means running your own host server, database, caches, reverse proxy, firewall, networking stack, etc… Keeping these things running and updated. As well as vetting and updating clients.
How is it a lot harder to track if the FBI can just subpoena the sysadmin for server/room logs?
With respect, this viewpoint is not defensible from an operational security perspective.
It’s like saying they should use GMail because they have hundreds of millions of users. When the problem isn’t being a needle in haystack, but rather the fact that Google will gladly look through your private data and happily hand it over to the authorities.
What would stop them from subpoenaing all information from your personal server?
If you’re a drug dealer and the FBI sends you a subpoena—you could simply….not respond.
There’s no personal information tied to your account.
There is actually a bunch of metadata tied to your account and your room. That’s partly how they caught that kid with the Pentagon leaks.
And again, there may be other services between the clients and the matrix server that collect personal data (e.g. reverse proxies, load balancers).
—
If you are someone who ostensibly cares about privacy and security (like a drug dealer) why would you rely on the benevolence and security hygiene of a stranger you can’t audit? Instead of using a known good actor, like Signal or SimpleX, or no actor, like Briar.
How the fuck would you confirm that? Maybe the sysadmin is running a forked version of matrix that just says it’s encrypted but actually logs everything in clear text.
I don’t think that’s how it works? It’s the client application that has the key for the end to end encryption, not the server. I don’t think you need to trust the matrix server you use? I could be wrong, I don’t know matrix particularly well.
SimpleX as a very user friendly interface, uses decentralized server, does not requires your phone number or email and the server is really easy to set up (but not needed, for the regular user it just looks like any other messaging app)
Yes, having a purely non-profit foundation from the start would have been better.
But, for me, it is still a better option than Signal or Matrix for messaging.
Signal is great but they need 10s of millions every year of donations. It means that they rely on the generosity of wealthy individuals to keep going. I’m worried it is not sustainable.
Matrix is better on this aspect since everything is open source, but the UC is not great on my opinion and I don’t fell comfortable switching to it for regular contract with family and friends. To be fair it’s been a while I haven’t used it so I downloaded Element but I am blocked on the account creation (the verification email is not arriving).
To compare I tried creating a new account with SimpleX and in less than a minute I was ready to chat. They rely on investors for now and don’t have a clear business model which is worrying but they are developping fast this way and being fully open source anyone could fork it at any time. The UX is great despite being heavily focused on privacy and security and have features that no other app have, you don’t need an email or phone to chat and if they ever start to enshitify someone can fork it.
Do pragmatically I think it is the best alternative right now and I am curious to see how they evolve.
deleted by creator
Simpler to manage and smaller attack surface.
Running your own Matrix server also means running your own host server, database, caches, reverse proxy, firewall, networking stack, etc… Keeping these things running and updated. As well as vetting and updating clients.
deleted by creator
Uhh yeah, but is that wise if you’re trafficking drugs?
deleted by creator
How is it a lot harder to track if the FBI can just subpoena the sysadmin for server/room logs?
With respect, this viewpoint is not defensible from an operational security perspective.
It’s like saying they should use GMail because they have hundreds of millions of users. When the problem isn’t being a needle in haystack, but rather the fact that Google will gladly look through your private data and happily hand it over to the authorities.
deleted by creator
If you’re a drug dealer and the FBI sends you a subpoena—you could simply….not respond.
There is actually a bunch of metadata tied to your account and your room. That’s partly how they caught that kid with the Pentagon leaks.
And again, there may be other services between the clients and the matrix server that collect personal data (e.g. reverse proxies, load balancers).
—
If you are someone who ostensibly cares about privacy and security (like a drug dealer) why would you rely on the benevolence and security hygiene of a stranger you can’t audit? Instead of using a known good actor, like Signal or SimpleX, or no actor, like Briar.
deleted by creator
At that point if you’re trusting a rando, just use signal
deleted by creator
You’re trusting whoever runs the hardware that they’re not snooping on you
deleted by creator
How the fuck would you confirm that? Maybe the sysadmin is running a forked version of matrix that just says it’s encrypted but actually logs everything in clear text.
I don’t think that’s how it works? It’s the client application that has the key for the end to end encryption, not the server. I don’t think you need to trust the matrix server you use? I could be wrong, I don’t know matrix particularly well.
deleted by creator
Correct… So put EVERYONE into one basket… Or split everyone up into multiple baskets…
Now I dunno about your mom… But mine told me to not put all my eggs into one basket.
SimpleX as a very user friendly interface, uses decentralized server, does not requires your phone number or email and the server is really easy to set up (but not needed, for the regular user it just looks like any other messaging app)
deleted by creator
FAQ SimpleX funding and business model
https://simplex.chat/blog/20240814-simplex-chat-vision-funding-v6-private-routing-new-user-experience.html
Right now it is investors and donations.
deleted by creator
Yes, having a purely non-profit foundation from the start would have been better.
But, for me, it is still a better option than Signal or Matrix for messaging.
Signal is great but they need 10s of millions every year of donations. It means that they rely on the generosity of wealthy individuals to keep going. I’m worried it is not sustainable.
Matrix is better on this aspect since everything is open source, but the UC is not great on my opinion and I don’t fell comfortable switching to it for regular contract with family and friends. To be fair it’s been a while I haven’t used it so I downloaded Element but I am blocked on the account creation (the verification email is not arriving).
To compare I tried creating a new account with SimpleX and in less than a minute I was ready to chat. They rely on investors for now and don’t have a clear business model which is worrying but they are developping fast this way and being fully open source anyone could fork it at any time. The UX is great despite being heavily focused on privacy and security and have features that no other app have, you don’t need an email or phone to chat and if they ever start to enshitify someone can fork it.
Do pragmatically I think it is the best alternative right now and I am curious to see how they evolve.
I low-key hope someone would fork it and make it live a life of its own.
I think a fork happening in a few years would be great, right now the app still need a bit of polishing but they are quickly improving it.