Comment by foresto

1 year ago

I was referring to the metadata that are typical complaints about Matrix, like usernames and reactions.

> "Metadata" includes a lot of stuff, but basically the originator, the destination and the timing of the messages

Indeed. AFAIK, sender/recipient correlation cannot actually be protected at the software level, because packet switched networking necessarily reveals it. The common way I'm aware of to mitigate this problem is at the network level, by trying to avoid common routes that would allow monitoring many users' traffic from any one place.

Concretely, that might mean having everyone use Tor (which some folks suggest already) or going fully peer-to-peer (which some messengers do already, and Matrix has been experimenting with).

Signal tries to improve the situation with Sealed Sender, but I'm pretty confident that can't protect against the Signal servers being compromised, nor against network monitoring. When trying to think of how it's useful at all, the only thing that comes to mind is that it might strengthen the Signal Foundation's position when a government demands logs. (And if that is why they implemented it, I suppose they must be keeping logs, at least for a short period.)