this post was submitted on 23 Sep 2024
337 points (98.8% liked)

Technology

58291 readers
3924 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
337
Telegram To Disclose Phones, IP Addresses At Authorities' Requests. (www.rferl.org)
submitted 5 days ago by 101@feddit.org to c/technology@lemmy.world
61 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] stefenauris@pawb.social 16 points 5 days ago (2 children)

I'm not sure how much we can trust matrix either to be honest. There's some cryptographic flaws in their Olm Library. https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/

As it turns out being both secure and convenient is very difficult

[–] kevincox@lemmy.ml 9 points 5 days ago

That is a pretty weak argument. The issues are minor and in a library that people are moving off of to a better build and stronger validated library. Yes, it should have been like that in the first place, but the problem is minor and being addressed.

I would look more to the various features of Matrix that aren't encrypted like room names, topics, reactions, ... and not to mention the oodles of unencrypted metadata. I really wouldn't call Matrix a high-privacy system.

I like Matrix and use it regularly, but it definitely doesn't have a privacy-first mindset like Signal does. I'm hoping that this improves over time, but without a strong privacy first leadership it seems unlikely to happen.

[–] melroy@kbin.melroy.org 5 points 5 days ago (2 children)

Olm is now deprecated and all development is now focused into Vodozemac: https://github.com/matrix-org/vodozemac. That being said, is there no proven Olm Protocol alternative implementation for e2e encryption (proven technology) instead of reinventing the wheel.

[–] melroy@kbin.melroy.org 4 points 5 days ago (1 children)

ow interesting. TIL.... Olm Protocol is a clone of Signal’s Double Ratchet.

[–] progandy@feddit.org 1 points 4 days ago

vodozemac might become that proven implementation. Without reinventing the wheel there will never be an alternative, because everyone just reuses the one existing library.