Comment by mermaidsalad
3 years ago
Next time someone in Matrix discussion will ask "why we need Matrix when there is jabber/xmpp" show them this:
> All jabber.ru and xmpp.ru communications between these dates should be assumed compromised. Given the nature of the interception, the attacker have been able to execute any action as if it is executed from the authorized account, without knowing the account password. This means that the attacker could download account's roster, lifetime unencrypted server-side message history, send new messages or alter them in real time.
The same attack could be mounted against a Matrix server tbh. But the fact Matrix is E2EE by default would mitigate it a bit, and if folks verified who they were talking to then the attack would be defeated.
Matrix clients typically complain very loudly when keys change or unverified sessions get added to your chats.
Id's say it would mitigate it A LOT. Though I have to agree that there is still a lot of room for improvement.
I personally prefer the approach taken by briar: your public key is your address. Pretty cut and dry, not much room for shenanigans.