this post was submitted on 05 Dec 2024
323 points (99.7% liked)
Privacy
32482 readers
228 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
To clarify: eMail, web chats, gaming chats, Signal, Threema and so on are affected as well
Self-hosted Matrix is obviously unaffected.
You say this but Matrix is largely centralized so it would be easy to get the biggest node to comply. Servers are quite costly to run too which is a big problem.
Federated protocols are not centralized in principle. It might not scale to one user-one server (which probably even Lemmy can't handle) but if you're signing up for a central server, you're doing it wrong(tm). Don't do that. The nice thing about Matrix client is that it allows end to end encryption, including groups. So that greatly limits what Mallory can do in principle. As to servers being costly to run, given what documented Synapse requirements are, you're looking at less than 5 EUR/month for a single server. Which can be shared among several users, obviously. This is in the same range as costs for a monthly VPN.
His point was the main Matrix.org server being way too prominent. In every given groupchat, chances are somebody is on this particular server. It is also the default for many clients.
The default links many folks/projects share specifically log you into Element & on Matrix.org as well which advertizes more folks to be on that centralized node. Furthermore, Matrix provides hosting for some of the other big servers as well even if they are not using matrix.org in the address.
Well, yes, but privacy in the current world is not free, even if it involves some own thought and planning. Being wary of defaults and being aware of implications one's choices bring is of course too inconvenient for many. But these do not get to complain.
Synapse boasts about 50,000 concurrent users on a node. Ejabberd has been tuned to 2,000,000 concurrent users which shows how efficient & scalable the setup can be. €5/mo is a lot for many folks.
Monero-paid VPSes cost more, and given this fact, my €5 VPS (with a few other services already running there) would apparently not be enough for Synapse... But an XMPP server runs perfectly.
Poor people (who still can afford the end devices and an Internet plan) can of course share the costs in a community, or use one of the many free servers, as long as they are aware of the tradeoffs. Beigers not being choosers, and all that.
You can also choose to use technologies that aren’t such resource hogs. The eventual consistency model of Matrix alone & storage costs causud many medium-sized operations to shut their doors. Distroot.org for instance had to move to XMPP to deal with costs—& I have personally seen others.
Does XMPP have feature parity with Matrix? I presume that bridges exist?
They are called gateways https://sr.ht/~nicoco/slidge/ https://biboumi.louiz.org/
You can do basically everything except multiuser encrypted calls (we use Mumble for this anyhow). But even then Jitsi (& proprietary Zoom & WhatsApp) are built atop XMPP for the backbone of their protocol using XMPP to negotiate connections before handing off for calls.
Thanks, useful information.
While storage is my main concern (my VPS is very limited in this regard), there is also the fact that you can very well end up with nasty materials stored on your server without a convenient way to delete it. Even if you don't let strangers have accounts on your server.
My uploads folder is mounted with noexec. It’s easy to set your storage usage & upload quotas in Prosody or Ejabberd.
I was talking about Matrix - specifically the fact that it stores every message and piece of media on every participating server, unlike XMPP. Indeed not had such a problem on XMPP.
Yes, the eventual consistency model works more like a blockchain. Sliding windows are only hiding this fundamental flaw of data usage. It has an advantage against censorship, but it isn’t worth it & chat is better treated as ephemeral than permanent (look at how much info is lost behind proprietary Discord communities).
This is why Matrix is infinitely better than Signal. This and not having been funded by the CIA through Radio Free Asia. Even with weaker architecture
Self-hosted XMPP using OMEMO included? OMEMO are based on Signal, hence my question.
First I'd ever heard of OMEMO, thanks dude
I don't think Startmail will be affected. Ofcourse using Gmail is free pass to your data. But look at this https://www.startmail.com/ . I think if you also use Proton or other mailing services you're 99,9% safe. I sometimes play video games, some of my friends are kids who are cursing in gamechats. How will gaming chats be affected? Does the government have access already?
Via a subpoena, yes. Or directly via the NSA's PRISM program.