As a reminder, because announced today that several millions venture capital is floating to their dev team at NewVector.

Most of the infrastructure of matrix is depending on centralized service.

Self hosting will not help you with that, unless you exclude any federation with matrix.org and any other instance that uses cloudflare and any instance that doesn't use cloudflare but federates with one that does and nobody you communicate with uses riot at riot.im and...

1/2

That makes privacy invasive and difficult to use for anyone that cares about privacy.
The default behavior is: sending all sorts of metadata to cloudflare also when you self host it.

I believe one shouldn't expect to much from a company, that used google analytics for their webchat at riot.im.

In case you want to read a bit more on this subject including a research paper, take a look here:
gitlab.com/prism-break/prism-b

2/2

Show thread

@syster

You have to make a different between and .

Matrix is a protocol, and Riot is just one of several clients that can be used with the matrix-protocol.

You can use whatever client you want and connect to whatever homeserver you want.

@selea I have not used my words precise enough, you're correct about that.

Matrix is a protocol that is used for federated communication. The infrastructure it runs in is largely depending on centralized service.

This is fostered by NewVector, the leading company behind Matrix, that is by it's personalities part of the matrix foundation, the Spec Core Team and New Vector.
1/2

@selea Speaking from their social graph, there isn't much distinction between the Spec Core Team, New Vector and Matrix foundation. For that reason I tend to call it all "matrix", even so it's not correct.
2/2

Follow

@selea the point is:
It is difficult to use matrix in a privacy respecting way, because the leaders and developers behind it made it very difficult for matrix users.

Β· Web Β· 5 Β· 3 Β· 0

@syster

How is matrix difficult to use in a privacy respective way?
The points you have brought up so far only applies to the matrix.org homeserver with the riot.im client hosted on their server.

@syster

Also, the matrix-protocol is not at all dependent on a centralized service.

@selea
>Also, the matrix-protocol is not at all dependent on a centralized service.

that is true, but I'm speaking about the usage.
The protocol is one point, the other one is the infrastructure it runs in. You can't use the protocol without the infrastructure. You can self host, but if the majority remains behind cloudflare, it will be difficult to use it in a privacy respecting way.

@syster

I am not following, what do you mean with "the majority remains behind cloudflare"?

I have set up several homeservers that is not behind cloudflare and that is not using any services behind it.
Those servers works perfectly fine, and I am in charge of the infrastructure too.

@selea do you federate with matrix.org?
If just one user from matrix.org (or any other server that uses cloudflare) joins into a groupchat of your server, everything from that chat will go through cloudflare. (or am I confused about what cloudflare does? 0_o)

With majority, I mean the user base.

@syster

Some servers of mine does, some does not.

Yes, what you are saying is true in that case.
I hope that people create their own homeserver or join someone that is privacy respecting.

@syster @selea

forget all the new players. let's go back to the age-old email.

if you self-hosted your email and had to communicate with a person who uses gmail; what would be your play?

would you decide to just not contact that person at all?

#email is the oldest #decentralized system that I know of.
and it too, inherently has the same "problem" that you're raising.

@syster @selea

in fact, #email is what #DeltaChat uses underneath it's "instant messenger".

and they too get to call themselves "de-centralized"

@shine @selea kind of, if other instances use cloudflare and one federates with it. This issue can be mitigated by establishing a culture that avoids the usage of cloudflare. At matrix the opposite is happening through the core team.

...checking what mastodon.social is using:
ups, also .
...its a mess.

@syster @selea

yes, cloudflare does a great job at caching. so a lot of projects use it.

unfortunately, there is no privacy-respecting way to get that job done.

so, no, if you want to scale anything beyond a single-user ( or maybe a few depending on what type of ) system, you'd probably need cloudflare.

so, maybe, the answer to what you're saying could be that EVERYONE hosts their own system; but also think how practical of a solution that is.

@syster @selea

show me one project that doesn't use cloudflare and scales well for many users ( I'm not even talking about the scale of matrix.org; maybe 100x smaller ); like around a few hundred thousand users or so ( I think that's an awful small number, but I'll concede for the sake of the question )

... then I'll give up.

@shine @selea
>yes, cloudflare does a great job at caching. so a lot of projects use it.

true. But as I understand is this done to some extend by matrix itself. Information from one channel are cached from one server to the other. If one server goes down, the channel can continue to stay live.
The content delivery network is done in combination of matrix federated infrastructure.

Maybe I misunderstand something, but I don't see much benefit in the usage of for that aspect.

@syster

You should difference between matrix.org and matrix.
I would not call SMTP "hard to use in a privacy respecting way" only because most users is using gmail.

Everything boils down to what homeserver is in use, and what client the user is using.

The only way to protect yourself in group-chats is to not participate in group chats. And that is true for every federated platform since there could be a malicious server or user participating in it.

@shine

@syster

It would make more sense to make users aware of that matrix is a just protocol, and there is a range of clients and homeservers to use and also make people aware of the dangers of cloudflare and how it can't be combined with privacy.

So, how do people use Matrix (as in the protocol) in a privacy respecting way? Is there a list of privacy friend homeservers that people can refer to?
What clients does not track their users?
And so on.

@shine

@syster @selea This seems more like an issue with the people that host homeservers rather than Matrix itself
Matrix is pretty easy to use in a privacy respecting way by enabling E2EE on your devices as well picking a homeserver that doesn't invade privacy by using stuff like Cloudflare.
I, for example, host my own (private) homeserver, and I know Selea runs a public, privacy respecting one.

@syster @selea Itβ€˜s not. Host your own server, host your own riot, disable integrations and 3rd party identities, don’t talk to people in matrix.org. Done. And for public rooms with matrix.org people in there it doesn’t matter anyway: The room is public, anyone can get its content.

@js @syster @selea funnily enough, hosting your own server is exactly a bad idea, when you want privacy in matrix. This is because your full matrix id is visible to every other occupant in a public room. Thus I can see your domain, which typically reveals details about your identity. Using a public server hides your personal domain. Matrix is federated, which is good for privacy, but beside that there seems to be little focus on privacy.

@larma

Since GDPR came in power, it is not that easy to reveal the identify behind a domain.

@js @syster

@selea
@js @syster

I don't need to know your real name to link identities. But it's somewhat likely that you use your domain on other places that you don't want to be linked. Also when sharing matrix home server with friends and family: if I know real identity of one of the users on the server, I can deduce that the other 3 users on that server are family members or friends. Getting to know social circles is what Facebooks tracking is about.

@larma @js @syster

Staying anonymous and privacy is not always the same thing. Staying anonymous is not the point of self-hosting, and has never been.

@larma

Also, staying anonymous is not always included in "privacy". It is more about having control over what fotprint and what data you are leaving out to third parties.

@js @syster

@larma @syster @selea Federation is bad for privacy, if anything. And Matrix is no worse here than any other federated network. Federation by definition means sharing your data with other servers.

@js
@syster @selea

Yes and no. Sure enough some data has to be shared with other servers, but not all data has to be shared with all servers and users. In a good design, each hop can do their part to hide as much details as possible from the next hop. This is also happening to some degree, e.g. your homeserver hides your IP-address from the other homeservers and users. In XMPP, the groupchat server(s) hide full user id from other room occupants (except admins).

Sign in to participate in the conversation
Linux.Pizza

A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - Welcome! Just give a reason why we should approve your application into this instance, and our team will review it. Please include the word "excited" in the application, otherwise your application will be rejected.