GDPR deletion is nonexistent (it won’t delete your username or your messages, making it less effective than on Discord, let alone Signal)
… Etc.
Ironically, older federated messaging systems like XMPP might be better by coincidence. Message archiving was an optional addition and some servers, such as the popular Riseup one, do not implement it.
Yeah, fair. It can’t delete your messages to the extent a centralized system, and that’s an indication of the lack of centralized control? It’s a different threat model I think many find satisfying (though perhaps not most).
in other words, devices don’t delete megolm keys after they’ve been used to decrypt history (which is why you can back them up and share them with your other devices in order to ensure that all your devices can read your history).
Still I could only find:
Your username is stored indefinitely to avoid account recycling.
Same for telegram. Most other messagers store only joins.
They don’t control other homeservers. You never know if there is some homeserver/instance that stores everything in Matrix/Mastodon/Lemmy/PeerTube/Pleroma/whatever-else. Still I could only find:
Your username is stored indefinitely to avoid account recycling.
EDIT:
We will forget your copy of your data upon your request. We will also forward your request to be forgotten onto federated homeservers. However - these homeservers are outside our span of control, so we cannot guarantee they will forget your data.
I’m sorry I wasn’t more specific. Since you would have an issue with these things if I had been clearer, allow me to elaborate.
your username will continue to be publicly associated with rooms in which you have participated, even after we have processed your [GDPR] request to be forgotten.
I don’t know how you missed this. Must have been an accident.
We will forget your copy of your data upon your [GDPR right to be forgotten] request
Means the other “copies” of your data are not deleted.
We will forget your copy of your data upon your [GDPR right to be forgotten] request
Means the other “copies” of your data are not deleted.
Looking at next sentence it seems to be either typo or even mistake. Better source would be Dendrite(or do they still use Synapse?) issue tracker. But also in last sentence they explicitly say that it is possible for not all copies to be deleted.
This is no mistake, just a loophole for them to claim GDPR compliance while not complying… Hiding “your copy” of the message from you is basically setting a “deletedForYou=true” flag on the message.
It’s possible to redact messages (which is closer to the spirit of what a normal person expects a deletion to be), but redaction preserves the message metadata, and you cannot ever redact anything for a room you’re no longer in. You can only manually redact one message at a time.
So you can request an account deletion, and you can redact single messages… These features are both built in to the protocol.
But account deletion will never cause any redactions.
I showed you the source. All you can say was “it seems to be either typo or even mistake.”
in last sentence they explicitly say that it is possible for not all copies to be deleted[*]
Same goes for SMTP.
Apples to oranges. Matrix is Matrix, not email.
I noticed you shifted this argument from “Matrix is responsibly deleting data” to “Matrix shouldn’t delete data because…”
* And to clarify, Matrix says “not all copies will be deleted” because they built their server intentionally to never delete any other copy of your messages when you request an account deletion.
I don’t have time to respond to everything, so I’ll just respond to the first one- which is that it’s tankie copium. I don’t deny the Signal Foundation might be taking money from government groups- I believe it is. But looking at the groups its pretty clear what it is, Radio Free Asia, as in the Asia branch of Radio Free Europe. Aka, their goal is to make people living in US adversaries rebel. The US does not censor private communication, it would be very quickly found out if I sent a text to my friend and they couldn’t receive it, or I was sent to jail for the content of that speech.(That’s not to say its not spied on though.) However, in many(most?) US adversaries there is active censorship of opposition communication, the US generally(although not always) supports the opposition by nature of them being the opposition- this is why(if you believe the narrative that everything is a cabal of the powerful) US tech companies supported the Arab Spring. This is why Radio Free Europe broadcast in support of Dubček and the Prague Spring, why they also supported the 1956 Hungarian Revolution. All that is just to say the US can follow the narrative of being 100% power seeking while still supporting open communication platforms. (After all, the US government also either directly created or contributed to SHA-2, Tor, and Ghidra too) And, Signal is open source, read the code and network traffic yourself, they won’t remove encryption for US allies.
That doesn’t mean they’re immune to criticism, they may be able to explain it, but I personally probably wouldn’t donate to an organization that has the money to pay part time developers $450,000 according to their Form 990, but its not my money so not my place to judge how its spent.
The part about “not reading private messages” I think is mistaken, or rather, maybe amiss. I mean I don’t have evidence, so this is all conjecture. The sophistication of data surveillance and data gathering makes the content of the message rather meaningless in my view.
EDIT: Oh, I don’t think any adversaries of US, even if working together, make any meaningful threat towards it. It’s really hard to imagine, esp. considering the US has a bunch of successful coups & stuff under their belt.
I wasn’t saying the US doesn’t spy on private messages, I was saying Signal is open source so it would be hard to hide a back door. So I don’t see how any other E2E encrypted messages could be more secret then Signal. I guess obfuscating the messaging servers.
The sophistication of data surveillance and data gathering makes the content of the message rather meaningless in my view.
That’s a fair point but I don’t know if there’s any other good solution to that.
yeah i’m rethinking some stuff too, even in some utopia i think some information related to me might make life inconvenient, so the best way to protect that (e.g. not disclosing it digitally) maybe needs outta the box solutions.
related, does anyone even bother to look at physical mail for stuff? like if i put a cipher in a letter with no return address, using that pen ink that you can erase (which comes back if you put it in a freezer) and only i and my contact have the key to the cipher which we exchanged in-person; could anyone reasonably know it?
it seems digital stuff might be a carrot for surveillance people, maybe it can be made into a honeypot and physical or analog means can make a return.
I think finding novel ways to communicate with a specific person and not be monitored is easy. The difficulty is opening a new line of communication on an already monitored one, communicating to new people, and one of those new people not blabbing.
After all, if you play on a private Minecraft server and spell out text with dirt blocks, I don’t think anyone’s going to bother writing code to analyze your Minecraft network traffic.
Meanwhile Matrix was built & funded by Israeli Intelligence (to which I’m sure there are anonymous donors today). It’s expensive replication model means only those with the deepest of pockets can run a server leading many to flock to the mother instance of Matrix.org centralizing, replicating the data to a single node (being decentralized in theory, not so much is practice). It’s funny to see them call out Signal, but luckily there are private, free alternatives to both.
Huh, would it be possible to provide a source? I might be bad at searching, I’m not finding anything…
EDIT: Ok I found one with some search operators. I can provide links, most were less trustworthy, I’d reserve judgement.
An organization which was initially responsible for Matrix, AMDOCS, is allegedly (I say allegedly since I didn’t confirm it to a reasonable extent) an organization based in Israel which appears to have products related to surveillance
By association, Matrix is tainted, perhaps it has sophisticated backdoors along with the other myriad of issues mentioned by other commenters
To give an alternative explanation with plausible hypotheses
An organization linked to intelligence surveillance, created and discarded software, which occurs with most software, and I would imagine occurs with software developed at an organization linked with surveillance as well (if it’s publicly funded, i.e. by a government, I’d lean into this)
Though suspect in origin, the amount of time the software has been independent, and with its open codebase, means any backdoors or other nefarious artifacts can be reasonably said not to exist
An organization linked to an intelligence agency would perhaps be the one to expect to have a secure messaging platform, one could imagine said organization would develop a solution in-house as even with software audits, they may not be certain of any external software which may itself be compromised by an antagonist or have vulnerabilities which they could not control
Some food for thought. I’m not one to jump to conclusions, I think claims require proportional evidence, and obviously my judgement isn’t the same as a security researcher or clandestine operator, so settling on what ‘appears’ to be true without proper investigation isn’t something I do.
I use signal as well, might be worth looking into these two links to better manage expectations.
First here and second here.
Related post by Matrix here
Kind of ironic considering that with Matrix…
… Etc.
Ironically, older federated messaging systems like XMPP might be better by coincidence. Message archiving was an optional addition and some servers, such as the popular Riseup one, do not implement it.
Yeah, fair. It can’t delete your messages to the extent a centralized system, and that’s an indication of the lack of centralized control? It’s a different threat model I think many find satisfying (though perhaps not most).
All those points are about how one server communicates with itself. Federation doesn’t factor into it
huh, yeah that’s fair i did not actually notice that :/
EDIT:
I’m sorry I wasn’t more specific. Since you would have an issue with these things if I had been clearer, allow me to elaborate.
I don’t know how you missed this. Must have been an accident.
Means the other “copies” of your data are not deleted.
Looking at next sentence it seems to be either typo or even mistake. Better source would be Dendrite(or do they still use Synapse?) issue tracker. But also in last sentence they explicitly say that it is possible for not all copies to be deleted.
This is no mistake, just a loophole for them to claim GDPR compliance while not complying… Hiding “your copy” of the message from you is basically setting a “deletedForYou=true” flag on the message.
It’s possible to redact messages (which is closer to the spirit of what a normal person expects a deletion to be), but redaction preserves the message metadata, and you cannot ever redact anything for a room you’re no longer in. You can only manually redact one message at a time.
So you can request an account deletion, and you can redact single messages… These features are both built in to the protocol.
But account deletion will never cause any redactions.
By design.
Source please. Anyway:
Same goes for SMTP. Do you complain about SMTP in same way?
I showed you the source. All you can say was “it seems to be either typo or even mistake.”
Apples to oranges. Matrix is Matrix, not email.
I noticed you shifted this argument from “Matrix is responsibly deleting data” to “Matrix shouldn’t delete data because…”
* And to clarify, Matrix says “not all copies will be deleted” because they built their server intentionally to never delete any other copy of your messages when you request an account deletion.
I don’t have time to respond to everything, so I’ll just respond to the first one- which is that it’s tankie copium. I don’t deny the Signal Foundation might be taking money from government groups- I believe it is. But looking at the groups its pretty clear what it is, Radio Free Asia, as in the Asia branch of Radio Free Europe. Aka, their goal is to make people living in US adversaries rebel. The US does not censor private communication, it would be very quickly found out if I sent a text to my friend and they couldn’t receive it, or I was sent to jail for the content of that speech.(That’s not to say its not spied on though.) However, in many(most?) US adversaries there is active censorship of opposition communication, the US generally(although not always) supports the opposition by nature of them being the opposition- this is why(if you believe the narrative that everything is a cabal of the powerful) US tech companies supported the Arab Spring. This is why Radio Free Europe broadcast in support of Dubček and the Prague Spring, why they also supported the 1956 Hungarian Revolution. All that is just to say the US can follow the narrative of being 100% power seeking while still supporting open communication platforms. (After all, the US government also either directly created or contributed to SHA-2, Tor, and Ghidra too) And, Signal is open source, read the code and network traffic yourself, they won’t remove encryption for US allies.
That doesn’t mean they’re immune to criticism, they may be able to explain it, but I personally probably wouldn’t donate to an organization that has the money to pay part time developers $450,000 according to their Form 990, but its not my money so not my place to judge how its spent.
I think most of your criticism makes sense.
The part about “not reading private messages” I think is mistaken, or rather, maybe amiss. I mean I don’t have evidence, so this is all conjecture. The sophistication of data surveillance and data gathering makes the content of the message rather meaningless in my view.
EDIT: Oh, I don’t think any adversaries of US, even if working together, make any meaningful threat towards it. It’s really hard to imagine, esp. considering the US has a bunch of successful coups & stuff under their belt.
I wasn’t saying the US doesn’t spy on private messages, I was saying Signal is open source so it would be hard to hide a back door. So I don’t see how any other E2E encrypted messages could be more secret then Signal. I guess obfuscating the messaging servers.
That’s a fair point but I don’t know if there’s any other good solution to that.
yeah i’m rethinking some stuff too, even in some utopia i think some information related to me might make life inconvenient, so the best way to protect that (e.g. not disclosing it digitally) maybe needs outta the box solutions.
related, does anyone even bother to look at physical mail for stuff? like if i put a cipher in a letter with no return address, using that pen ink that you can erase (which comes back if you put it in a freezer) and only i and my contact have the key to the cipher which we exchanged in-person; could anyone reasonably know it?
it seems digital stuff might be a carrot for surveillance people, maybe it can be made into a honeypot and physical or analog means can make a return.
I think finding novel ways to communicate with a specific person and not be monitored is easy. The difficulty is opening a new line of communication on an already monitored one, communicating to new people, and one of those new people not blabbing.
After all, if you play on a private Minecraft server and spell out text with dirt blocks, I don’t think anyone’s going to bother writing code to analyze your Minecraft network traffic.
Meanwhile Matrix was built & funded by Israeli Intelligence (to which I’m sure there are anonymous donors today). It’s expensive replication model means only those with the deepest of pockets can run a server leading many to flock to the mother instance of Matrix.org centralizing, replicating the data to a single node (being decentralized in theory, not so much is practice). It’s funny to see them call out Signal, but luckily there are private, free alternatives to both.
Huh, would it be possible to provide a source? I might be bad at searching, I’m not finding anything…
EDIT: Ok I found one with some search operators. I can provide links, most were less trustworthy, I’d reserve judgement.
To give an alternative explanation with plausible hypotheses
Some food for thought. I’m not one to jump to conclusions, I think claims require proportional evidence, and obviously my judgement isn’t the same as a security researcher or clandestine operator, so settling on what ‘appears’ to be true without proper investigation isn’t something I do.
Thanks for the info though!!
If you think it’s expensive, you didn’t run bitcoin/etherium/monero node. THAT is real expense.
And obviously homeserver needs to replicate entire chat history to work properly. Especially for searches.
There are 3 options:
Matrix and Lemmy choose option 3.
Mastodon choosen option 2 and now has problems migration to 3.
And bluesky choose option 1.