Comment by StudentStuff
6 years ago
>All these years later Matrix only has... The ambition to some day try to offer the core privacy features Signal already delivered back then.
E2E on Matrix works, plus key verification is easier than on Signal. Managing metadata is hard, but my Matrix homeserver doesn't have my phone number (unlike Signal) and does not require Google Cloud Messaging. I can even run it on a PinePhone or Pocket CHIP!
>But for an actual user who needed privacy and security any time between then and now - and for future users who need it between now and whenever you get this stuff working in the real world, it was Signal that delivered. Moxie was right so far.
Tell that to the people getting imprisoned due to Signal's metadata leaks: https://news.ycombinator.com/item?id=21747424
> Tell that to the people getting imprisoned due to Signal's metadata leaks
Isn't this rather Twitter's metadata leaks in your source?
...that wasn't Signal leaking data, though, and unlike Twitter, which until last week allowed anyone to mass-check phone numbers, Signal doesn't publicly broadcast your number.
I don't use Signal, and won't as long as they force a phone number, but at least be accurate.
> Tell that to the people getting imprisoned due to Signal's metadata leaks:
Please explain how Signal leaks metadata given:
- everything behind the client and the server goes over TLS
- all Signal messages are end to end encrypted with the Signal protocol
- the Signal server doesn't even know who is messaging whom in the majority of cases: https://signal.org/blog/sealed-sender/
E2E in Matrix "works" with which Matrix clients? The whole point of a decentralized federated messaging protocol is to allow people to build their own clients. Do Matrix clients uniformly and interoperably support E2E today?
Nearly; we’re aiming to force on E2E by default at end of Jan (but it’s getting tight). There are at least 6 complete independent implementations, and once cross-signing lands it’s good to go. For clients/bots/bridges without E2E we have pantalaimon (a clientside daemon which you proxy all the traffic through in order to encrypt it).
Out of curiosity, what are these implementations?
1 reply →
bruh did you honestly just say home server.... might as well just say use "tor and pgp".