this post was submitted on 02 Feb 2025

71 points (91.8% liked)

Privacy

33266 readers

521 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Is using an Matrix account from matrix.org private and secure enough to talk with my family members and people in general? (lemmy.ml)

submitted 2 days ago by Confidant6198@lemmy.ml to c/privacy@lemmy.ml

73 comments fedilink hide all child comments

So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option

(page 2) 23 comments

sorted by: hot top controversial new old

[–] kevincox@lemmy.ml 11 points 2 days ago (1 children)

Probably yes, it depends on your threat model.

If you are using E2EE on a matrix.org account then your message content, attachments (images) and most other traffic isn't accessible to anyone but the people in the chat. However Matrix isn't the most private option, it has a number of leaks such as reactions and chat topics (these are being worked on but aren't close to happening).

For most people Matrix is a very private and secure option and the fact that it is federated is a huge plus. If you want something more secure you are probably looking at Signal (which you don't want to use and isn't federated) or Simplex Chat (which doesn't have multi-device support).

[–] refalo@programming.dev 4 points 2 days ago* (last edited 2 days ago) (2 children)

Unfortunately even with E2EE, the admins of a homeserver can still impersonate you or take over your channel.

Of course you could run your own instance, or maybe none of this is part of your threat model, but I felt like bringing it up either way.

[–] mox@lemmy.sdf.org 9 points 2 days ago* (last edited 2 days ago) (1 children)

even with E2EE, the admins of a homeserver can still impersonate you

No, they cannot. Your homeserver admin could create an impostor login session on your account, but it would be pointless with E2EE, because it would be flagged with an obviously visible warning. You and all of your contacts would see that the impostor session was not verified as you (this typically shows up as a bright red icon on the impostor and another one on the room they're in). Also, the impostor would be unable to read your communications.

[–] refalo@programming.dev 3 points 2 days ago* (last edited 2 days ago) (1 children)

What do you have to say about this then?

In an encrypted room even with fully verified members, a compromised or hostile home server can still take over the room by impersonating an admin. That admin (or even a newly minted user) can then send events or listen on the conversations.

Perhaps we have a different definition of "impersonate"... not everyone will pay attention to unverified warnings, and afaik they can still communicate with people (just maybe not read old messages)... but I would love to be proven wrong.

[–] mox@lemmy.sdf.org 0 points 2 days ago* (last edited 2 days ago) (1 children)

a compromised or hostile home server can still take over the room

A compromised server could affect a denial of service attack against its users, of course. The attacker could do the same thing by simply turning off the server. That's true on all platforms that use servers. A reasonable response would be to switch to a different server.

That admin (or even a newly minted user) can then send events

Exactly what events do you think would be dangerous?

or listen on the conversations.

No. End-to-end encryption ensures that only the intended endpoints can read the messages. Older Matrix clients have a setting to block the user from sending messages to unverified devices/sessions, in case they somehow don't understand the meaning of a bright red warning icon. I think newer ones (e.g. Element X) enforce that mode; if you're concerned about this, you could check for yourself, but...

not everyone will pay attention to unverified warnings

...unfortunately, there are no guarantees when trying to fix human behavior. If you need a messaging app to make it hard for your contacts to do something obviously foolish, then I suggest waiting until Matrix 2.0 is officially released and implemented in the clients. The beta versions of Element X, for example, look like everything is locked down to avoid human mistakes like the one you're describing.

[–] refalo@programming.dev 2 points 2 days ago (1 children)

End-to-end encryption ensures that only the intended endpoints can read the messages

But who/what gets to decide who the intended recipients are? Can't the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?

[–] mox@lemmy.sdf.org 1 points 2 days ago* (last edited 2 days ago) (1 children)

But who/what gets to decide who the intended recipients are?

The sender, of course.

Can’t the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?

No. Verification prevents that.

[–] refalo@programming.dev 1 points 2 days ago (1 children)

I don't understand. How would the sender prevent messages from going to the admin user that joined the room? It sounds like you're implying new users simply can't join a room? That makes no sense to me... I've certainly never experienced that. I see new users join encrypted rooms all the time and they can talk just fine... so what's the deal? And isn't verification off by default?

[–] mox@lemmy.sdf.org 2 points 2 days ago* (last edited 2 days ago) (1 children)

How would the sender prevent messages from going to the admin user that joined the room?

It wouldn't matter if a rogue admin eavesdropped on an E2EE room, because they would see encrypted blobs where the message content would be. That's what E2EE is for.

https://en.wikipedia.org/wiki/End-to-end_encryption

How would the sender prevent messages from going to the admin user that joined the room?

You're conflating multiple things. Merely joining a room does not grant access to message decryption keys.

I respect your curiosity, but I think you're going to have to familiarize yourself with the software and concepts to get a detailed understanding of how all this stuff works. If you're technically inclined, I suggest reading the protocol spec, or at least the parts that interest you. You could also drop in to the public chat room and ask more questions there: #matrix:matrix.org

[–] refalo@programming.dev 2 points 2 days ago

I have read the spec, used the service and also implemented my own clients before, that is why I'm so confused by what you're saying, because this has not been my experience at all. If a user joins a channel, whether they are an admin or not, whether it is encrypted or not, then unless the channel is explicitly setup to only allow verified users to talk (not the default), my understanding is there is nothing preventing that new user from seeing all new messages in the chat.

load more comments (1 replies)

[–] poVoq@slrpnk.net 9 points 2 days ago (1 children)

Why would Matrix be the only option? XMPP is significantly better. You can either sign up on a public server or pay a small sum to have your own private server for you and your family for example on https://snikket.org/ or I think https://jmp.chat/ also includes optionally a small server in the subscription.

[–] fxomt@lemm.ee 5 points 2 days ago (8 children)

I've always been curious with the differences between XMPP and matrix but i can't ever find anything explaining it. Why is it in your opinion better?

[–] EngineerGaming@feddit.nl 6 points 2 days ago (3 children)

I know I am just a normie who doesn't really know internal workings of them... But in my experience, XMPP is just easier to host, the servers are lighter, they don't store everything they touch forever like Matrix does, and OMEMO doesn't break like Matrix's encryption. Synapse would be probably impossible to run on my VPS, while Conduit and Dendrite are not as full-featured.

load more comments (3 replies)

load more comments (7 replies)

[–] asudox@lemmy.asudox.dev 8 points 2 days ago* (last edited 2 days ago)

Yeah, sure. But Matrix is decentralized and federated. So you can pretty much join any instance and be able to talk with anyone on any instance. So why not select another instance ~~or maybe even self host one yourself?~~

edit: didn't read the text till the end

[–] somegeek@programming.dev 2 points 2 days ago

Matrix is great, you can use another instance though.

https://servers.joinmatrix.org/

load more comments