this post was submitted on 23 Jun 2024
43 points (92.2% liked)

Privacy

32207 readers
248 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I wanna know if MATRIX recipients know my IP, and more globally what the recipients know about me (how the matrix protocol works). THX

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 5 months ago* (last edited 5 months ago) (1 children)

There is a lot more metadata than just avatars and reactions. Accounts and their room membership over time, timing of messages (and thus online times), individual interactions between specific users (based on the timing of their messages) and so on. That is all in the unencrypted metadata of a Matrix room and can't be moved to the encrypted message part like avatars and reactions.

[–] [email protected] 7 points 5 months ago (1 children)

The network layer of all internet servers reveals almost everything you listed. Signal has the same problem, and there's nothing they can do about that. The only way to avoid it is to use a completely peer-to-peer model (Matrix has started work on this, btw) and avoid communicating across network routes that can be monitored.

There might be one exception, depending on what you mean by "Accounts": The user IDs participating in a room can be seen by server operators and room members. But then again, server operators can already see their users' IP addresses (which is arguably more sensitive than a user ID), and I believe room members have to be allowed into the room in order to see them. For most of us, that's fine. Far from a disaster.

[–] [email protected] 5 points 5 months ago (1 children)

No, because Matrix stores all this info and gives it freely to other servers retroactively(!). Also with network layer sniffing (which is anyway much harder to do) you can only see which home-server talked to with other homeserver and what clients talked to their homeserver. If you have the full room meta-data you can easily make a social graph of which account talked to whom when and where.

[–] [email protected] 0 points 5 months ago (1 children)

Matrix stores all this info and gives it freely to other servers retroactively(!)

Can you show me the part of the spec that allows a server with no room members to get private room info from another server? I'm skeptical, but if true, I believe that would be worth reporting as a bug.

network layer sniffing (which is anyway much harder to do)

You're funny.

[–] [email protected] 3 points 5 months ago (1 children)

Obviously you need someone joining the room for the room metadata to be shared between homeservers. But that is really only a minor barrier and once that has happened the worst case scenario takes place immediately. On other messengers (federated or not) a newly joining member has very limited access to past room metadata. Not so with Matrix, where a joining homeserver get full retroactive access to all the room metadata since the room's creation. If you can't see the problem with that, you really need to stop privacy LARPing 🙄

[–] [email protected] 0 points 5 months ago* (last edited 5 months ago) (1 children)

Obviously you need someone joining the room for the room metadata to be shared between homeservers.

Well then, your assertion that Matrix gives it freely is false.

Not so with Matrix, where a joining homeserver get full retroactive access to all the room metadata since the room’s creation.

This is false, too. Historical event visibility is controlled by a room setting. (And if you don't trust admins of a sensitive room to configure for privacy, then you're going to have bigger problems, no matter what platform it's on.)

Edit: I suppose you might argue that you can bypass this by running your own homeserver and attempting to join the room from it, thereby granting visibility not through joining (as you wrote), but instead through federation with the server you control. The thing is, you can't do it without permission. Room admins can simply deny your join request when they see what server you're on. This might make sense in a particularly sensitive room, for example, just as it would to restrict history visibility.

you really need to stop privacy LARPing

LARPing? I'm not the one stirring up drama with falsehoods and patronizing snark, am I? Farewell.

[–] [email protected] 3 points 5 months ago

Well then, your assertion that Matrix gives it freely is false.

My point is that it should never give out that data, or even store it permanently in the first place. This is just a fundamentally bad design from a privacy perspective, and other messengers don't do that.

This is false, too. Historical event visibility is controlled by a room setting. (And if you don’t trust admins of a sensitive room to configure for privacy, then you’re going to have bigger problems, no matter what platform it’s on.)

This is not false, what you mean only hides it for normal users, but it still ends up in the database of all participating homeservers and all the admins of those have full access to it. I happen to run a Matrix homeserver myself...