Privacy

33266 readers

655 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Is using an Matrix account from matrix.org private and secure enough to talk with my family members and people in general? (lemmy.ml)

submitted 2 days ago by Confidant6198@lemmy.ml to c/privacy@lemmy.ml

73 comments fedilink hide all child comments

So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option

you are viewing a single comment's thread
view the rest of the comments

[–] EngineerGaming@feddit.nl 6 points 2 days ago (1 children)

I know I am just a normie who doesn't really know internal workings of them... But in my experience, XMPP is just easier to host, the servers are lighter, they don't store everything they touch forever like Matrix does, and OMEMO doesn't break like Matrix's encryption. Synapse would be probably impossible to run on my VPS, while Conduit and Dendrite are not as full-featured.

[–] toastal@lemmy.ml 2 points 1 day ago (1 children)

OMEMO is a mixed bag. Some clients are still preferring older versions that aren’t the best for security & almost every client does a bad job explaining that new keys are being used need to be verified… Gajim only recently gave a decent in-client pop-up for it, but it’s doesn’t work all the time. That said, this is basically the same issue Matrix has in the space. Both are based on libsignal if not outright using it, except Signal gets a point of privilege in basically having just one client …one that must be on Android/iOS according to their statements… so they can do a ‘better’ job managing who, what, & how many keys are being used. Many XMPP clients will recommend blind trust by default just because it can be a real hassle to deal with multiple clients & users coming back to less-often-used devices. There have been proposals to fix it, but I haven’t seen anything really take off (meanwhile considering just using the PGP encryption option as less flaky).

[–] EngineerGaming@feddit.nl 1 points 1 day ago (1 children)

Yeah, I agree it has some issues. Personally was fine verifying keys tho - either in-person or wherever I met them (usually IRC).

And yeah, the insistence on mobile in Signal bugs me a lot - a desktop is A LOT easier to make private (Linux runs on damn everything) while most phones won't allow making them not spy due to locked bootloader.

[–] toastal@lemmy.ml 1 points 1 day ago

I am just thankful so far that Signal has let WhisperFish exist as an alternative—even if it goes against what they say—which gives me an alternative to the Android/iOS duopoly.