About Matrix Matrix is an open protocol for decentralised, secure communications.
Matrix Manifesto We believe:
People should have full control over their own communication. People should not be locked into centralised communication silos, but instead be free to pick who they choose to host their communication without limiting who they can reach. The ability to converse securely and privately is a basic human right. Communication should be available to everyone as a free and open, unencumbered, standard and global network.
Matrix is a security nightmare. Everyone should stay clear from it till possible solutions are found for the ongoing concerns.
What are the ongoing concerns ?
Here’s a great and beginner-friendly article on the topic of secure (and private) messaging and why Matrix currently doesn’t fit there: https://proton.me/blog/whatsapp-alternatives
That doesn’t go into detail on the “server network reliability” and it’s used by multiple government agencies around the world and they likely paid for private audits before they picked it
Which government agencies? You’d be surprised…
germanys armed forced, their health sector, france seems to use it for their entire government as well and some others Icant remember off the top of my head
Use it for public message distribution or internal comms?
internal comms I think
That link says nothing of the sort! It actually says that Matrix is a strong choice for privacy and the underlying protocol follows best practices for security.
What are these security concerns you’re talking about?
Thanks !
Tbh, I don’t think encryption matters that much for are usually public chat channels.
The private communication should be safe since i think the users will usually pin the keys for each other.
The problem comes from federation. You never know where your messages are synced to + what will happen if instances are defederated. Matrix might become something really cool, if it spends 1-2 years solely on security. Otherwise… it’s just nothing more than an epic (and misleading) name + some IRC legacy vibes.
But you do know where your messages are synced don’t you? You can check your chat partner’s homeserver. Or am I mistaken?
yeah, messages are only sent to servers that are in a room, so its very easy to see and know what servers are storing the messages/metadata
And even IF a server is storing your messages — doesn’t E2EE make that irrelevant? It doesn’t matter if they store it as long as they cannot decrypt it. I don’t quite understand @SevereLow’s concerns.
yeah thats another point as well, not all rooms on matrix are encrypted, it for example makes it pointless to encrypt public rooms that anyone can join
Rooms are stored on every server that’s in the room and if a server goes offline even the one that created the room it keeps working just fine and no one notices