this post was submitted on 21 Jul 2023
11 points (73.9% liked)
Fediverse
28555 readers
522 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
All of the people recommending matrix don’t understand why signal is secure. Matrix offers the same level of end to end encryption as Facebook Messenger, but it’s federated so people who care more about federation than privacy like to misrepresent its safety
Can you please explain that in a bit more detail, for those of us who use these systems but aren't up on the architecture?
Facebook Messenger offers optional end to end encryption just like Matrix. Just like Matrix, the server knows who you're talking to, what groups your in, who else is in those groups, how many messages you sent to which group, who's messages you react to, etc. But the actual text of the message is technically encrypted so Facebook can't respond to subpoenas for your messages. I use Facebook Messenger as an example because Facebook is (correctly) generally considered not private or safe.
"theoretically" being the operative word here. Most people don't. And if they did, they wouldn't be able to talk to anyone else without the metadata getting copied to that person's server. Probably okay if it's between two information security experts who operate their secure own servers, but in reality most people don't do that. This could be summarized as: Matrix offers a lot of easy ways to be less secure, Signal does not.
As for WhatsApp, I know they have paid or maybe still do pay Signal for their encryption. I believe Facebook Messenger did or does as well. I'm not sure what the actual implementation looks like and neither is anyone else, because it's closed source.
But that’s not what’s being said here. In this post people op is asking for federated Signal. People are saying matrix is just as secure. This is wrong and I am pointing that out so people don’t go thinking this is correct. Making misleading statements about the security of this sort of thing is dangerous.
I will admit I don't understand why Signal would be more secure than Matrix. I understood Signal to have E2EE just like Matrix.
That's fair! If you're on these type of forums, there are a lot of Signal haters and a lot of Matrix lovers, and sometimes they like to make confusing or just straight up inaccurate statements. The crux of the issue is not about the encryption of the text of messages themselves, which both platforms are capable of doing. Personally, I wish there was something like Signal but without the centralization, but the reality is such a thing doesn't exist.
Signal (as in the Signal server and by extension the legal entity behind Signal) does not know what groups you're in, does not know who's in your contact list, does not know which groups you are sending messages to, doesn't know which groups exist, and can't tell the difference between a message, a reaction, a read receipt, a remote delete ("delete for everyone"), an edit... etc. Signal doesn't have a way to send anything between two parties that the server can see. Signal has received a number of subpoenas which they typically fight, and if/when they lose they over all of the information they have about the subject of the subpoena, which tends to be whether or not they have a Signal account, when they registered the account and when they last used it. You can see these at https://signal.org/bigbrother/
Matrix (as in the Matrix server you're registered on as well as the servers of whoever you're talking to, for groups that means everyone in the group, notably this is not necessarily the same as the legal entity behind Matrix, but in practice a LOT of people use matrix.org for their home server so it frequently is) can see basically all of the things I listed above. The text of normal messages is encrypted. The group membership list isn't encrypted. reactions aren't encrypted. read receipts aren't encrypted. Group membership lists are stored in plain text.