this post was submitted on 05 Dec 2024
322 points (99.7% liked)

Privacy

32442 readers
862 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 53 points 2 weeks ago (3 children)

To clarify: eMail, web chats, gaming chats, Signal, Threema and so on are affected as well

[–] [email protected] 22 points 2 weeks ago (2 children)

Self-hosted Matrix is obviously unaffected.

[–] [email protected] 12 points 2 weeks ago (1 children)

You say this but Matrix is largely centralized so it would be easy to get the biggest node to comply. Servers are quite costly to run too which is a big problem.

[–] [email protected] 5 points 2 weeks ago (2 children)

Federated protocols are not centralized in principle. It might not scale to one user-one server (which probably even Lemmy can't handle) but if you're signing up for a central server, you're doing it wrong(tm). Don't do that. The nice thing about Matrix client is that it allows end to end encryption, including groups. So that greatly limits what Mallory can do in principle. As to servers being costly to run, given what documented Synapse requirements are, you're looking at less than 5 EUR/month for a single server. Which can be shared among several users, obviously. This is in the same range as costs for a monthly VPN.

[–] [email protected] 9 points 2 weeks ago (2 children)

His point was the main Matrix.org server being way too prominent. In every given groupchat, chances are somebody is on this particular server. It is also the default for many clients.

[–] [email protected] 3 points 2 weeks ago

The default links many folks/projects share specifically log you into Element & on Matrix.org as well which advertizes more folks to be on that centralized node. Furthermore, Matrix provides hosting for some of the other big servers as well even if they are not using matrix.org in the address.

[–] [email protected] 1 points 2 weeks ago

Well, yes, but privacy in the current world is not free, even if it involves some own thought and planning. Being wary of defaults and being aware of implications one's choices bring is of course too inconvenient for many. But these do not get to complain.

[–] [email protected] 6 points 2 weeks ago (2 children)

Synapse boasts about 50,000 concurrent users on a node. Ejabberd has been tuned to 2,000,000 concurrent users which shows how efficient & scalable the setup can be. €5/mo is a lot for many folks.

[–] [email protected] 4 points 2 weeks ago* (last edited 2 weeks ago)

Monero-paid VPSes cost more, and given this fact, my €5 VPS (with a few other services already running there) would apparently not be enough for Synapse... But an XMPP server runs perfectly.

[–] [email protected] 1 points 2 weeks ago (1 children)

Poor people (who still can afford the end devices and an Internet plan) can of course share the costs in a community, or use one of the many free servers, as long as they are aware of the tradeoffs. Beigers not being choosers, and all that.

[–] [email protected] 3 points 2 weeks ago (2 children)

You can also choose to use technologies that aren’t such resource hogs. The eventual consistency model of Matrix alone & storage costs causud many medium-sized operations to shut their doors. Distroot.org for instance had to move to XMPP to deal with costs—& I have personally seen others.

[–] [email protected] 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

While storage is my main concern (my VPS is very limited in this regard), there is also the fact that you can very well end up with nasty materials stored on your server without a convenient way to delete it. Even if you don't let strangers have accounts on your server.

[–] [email protected] 1 points 2 weeks ago (1 children)

My uploads folder is mounted with noexec. It’s easy to set your storage usage & upload quotas in Prosody or Ejabberd.

[–] [email protected] 2 points 2 weeks ago (1 children)

I was talking about Matrix - specifically the fact that it stores every message and piece of media on every participating server, unlike XMPP. Indeed not had such a problem on XMPP.

[–] [email protected] 2 points 2 weeks ago

Yes, the eventual consistency model works more like a blockchain. Sliding windows are only hiding this fundamental flaw of data usage. It has an advantage against censorship, but it isn’t worth it & chat is better treated as ephemeral than permanent (look at how much info is lost behind proprietary Discord communities).

[–] [email protected] 1 points 2 weeks ago (1 children)

Does XMPP have feature parity with Matrix? I presume that bridges exist?

[–] [email protected] 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

They are called gateways https://sr.ht/~nicoco/slidge/ https://biboumi.louiz.org/

You can do basically everything except multiuser encrypted calls (we use Mumble for this anyhow). But even then Jitsi (& proprietary Zoom & WhatsApp) are built atop XMPP for the backbone of their protocol using XMPP to negotiate connections before handing off for calls.

[–] [email protected] 1 points 1 week ago

Thanks, useful information.

[–] [email protected] 3 points 2 weeks ago* (last edited 2 weeks ago)

This is why Matrix is infinitely better than Signal. This and not having been funded by the CIA through Radio Free Asia. Even with weaker architecture

[–] [email protected] 7 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Self-hosted XMPP using OMEMO included? OMEMO are based on Signal, hence my question.

[–] [email protected] 2 points 2 weeks ago

First I'd ever heard of OMEMO, thanks dude

[–] [email protected] 1 points 2 weeks ago* (last edited 1 week ago) (1 children)

I don't think Startmail will be affected. Ofcourse using Gmail is free pass to your data. But look at this https://www.startmail.com/ . I think if you also use Proton or other mailing services you're 99,9% safe. I sometimes play video games, some of my friends are kids who are cursing in gamechats. How will gaming chats be affected? Does the government have access already?

[–] [email protected] 1 points 2 weeks ago

Does the government have access already?

Via a subpoena, yes. Or directly via the NSA's PRISM program.