Comment by fsflover
2 years ago
So the problem is the same: trusting the server. At least small Matrix servers aren't huge targets for attacks, since they don't serve so many users.
Also on Matrix you can run your own server.
2 years ago
So the problem is the same: trusting the server. At least small Matrix servers aren't huge targets for attacks, since they don't serve so many users.
Also on Matrix you can run your own server.
Signal doesn't know who's talking to you, it's called sealed sender:
https://signal.org/blog/sealed-sender/
Which is irrelevant when Amazon has all IP addresses.
So the two things we're comparing are:
1. Signal, where an attacker with granular access to AWS's global network logs could perform traffic analysis to match timings between sender and recipient IP addresses, which would work for some portion, and narrow things down for some other portion. The attacker would then need to combine that with data from mobile networks and other ISPs to link the sender/recipient IPs at a given timestamp with a subscriber.
2. Other messaging platforms, including Matrix, where they can just check the server's database to get a table of what user messaged what other user at a given time.
4 replies →