Privacy

32109 readers

782 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

How secure Signal really is - Mesibo (scribe.rip)

submitted 2 years ago by linzilla@lemmy.ml to c/privacy@lemmy.ml

24 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] sandro_linux@lemmy.ml 3 points 2 years ago (1 children)

Matrix does have some metadata problems (not hating on Matrix though)

[–] XpeeN@lemmy.ml 1 points 2 years ago (1 children)

Interesting. Can you elaborate?

[–] southerntofu@lemmy.ml 3 points 2 years ago

In matrix pretty much everything is a public, logged append-only datastore (a room in matrix vocabulary). There is some access-control applied on top but it means that basically any server involved in some room (because their users are part of it) gets a full copy of the full history of the room including all user addresses.

In contrast, XMPP has a clearer threat model: your server knows about you, the server of a user you're communicating with knows about you, 3rd party services you employ know about you (eg. chatrooms) but other users of that 3rd party service don't. Practical example: when i join room anarchism@chat.jabberfr.org from southerntofu@userserver.net address, i'm giving the chatroom server (MUC server) a nickname to identify me with. When other users receive messages in the chatroom from me, they see it from southerntofu from chatroom anarchism@chat.jabberfr.org but have no idea what my actual JID (XMPP address).

That's certainly good for reducing chances of having all your messages being logged by a sysadmin somewhere, but it's even better for abuse-resistance. Having your address leaked in every public interaction is fine for most people but is a no-go for people who have stalkers or are targeted by harassment campaigns. See also this HN thread on XMPP and anti-abuse mechanism.