-
-
Notifications
You must be signed in to change notification settings - Fork 384
🆕 Software Suggestion | Matrix (Riot/Synapse) #1389
Comments
I support this. It would make https://github.com/privacytoolsIO/privacytools.io/issues/1377 a lot simpler too.
Could not have put it better myself. |
Several of the issues listed here as unfixed are actually fixed - i've gone through updating the bugs in question to try to make it clear, but specifically:
|
Thank you @ara4n, I've updated the issue. Re 10167 I was confused, I actually wasn't aware consent tracking existed. Don't know how that slipped by me, but since that's the case I do agree the current implementation is probably better. Sorry about that! |
I REALLY don't want to recommend matrix until e2ee is turned on by default for private chats. |
If that's the case we should not recommend any XMPP clients as they do not have it on by default either; and likely never will do. Perhaps a warning badge and a link to step-by-step guide in enabling it in Riot would do? We know that E2EE is going to be on by default for 1:1 chats with Riot element-hq/element-web#6779 at some time in the future. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Thing is, end to end is the default on all other platforms we basically recommend. I wouldn't see why riot deserve an exception here. Plus, they announced to make it default very soon, so it cannot hurt to wait for it a little longer. |
Well except for the current XMPP clients, we recommend. Do we know if Monal supports E2EE by default? I don't think it uses E2EE for it's jingle transport https://github.com/anurodhp/Monal/issues/10 https://github.com/anurodhp/Monal/issues/267 I am pretty sure Gajim doesn't. Perhaps we should consider a warning badge? The rocky road to OMEMO by default probably a bit outdated, but it does talk about this issue.
I guess we can always wait. |
Thing is, end to end is the default on all other platforms we
basically recommend. I wouldn't see why riot deserve an exception
here. Plus, they announced to make it default very soon, so it cannot
hurt to wait for it a little longer.
There is Rocket.chat also in Team Chat category which seems to have E2EE
with real Alpha quality (no support on Mobile app, no forward secrecy)
|
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Maybe @ara4n will be able to give us an estimated time until e2ee will be turned on by default for private chats? |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I wish we could recommend a non-Synapse and non-Riot option also as currently there is only New Vector.
I have some more:
Not something I would like to see in our recommendation.
Is E2EEd media also media? What about when technology is powerful enough to break todays encryption?
Blocker: matrix-org/matrix.org#586
https://github.com/privacytoolsIO/privacytools.io/issues/987
Will we have a warning about it not having been indepedently audited?
No, it's a build variant of Conversations.
How about we just wait for New Vector to enable it default as they have said that they are going to do it? element-hq/element-web#6779 |
While assigning labels I noticed the Tor one and would like to ask @ara4n what is the status with element-hq/riot-meta#287 and related issues and mark it as a blocker. We are currently recommending Tor for anonymity instead of a VPN and you generally don't send all your traffic through Tor and instead Torify only specific applications, possibly even with SOCKS isolation and currently all Riots make that non-trivial. |
Just for clarification my proposed solution at #1392 would only "recommend" Riot as a team chat platform, mainly for this reason. |
And I wouldn't list Riot even as a team chat application until the communities are rewritten (and when matrix-org/matrix-spec-proposals#2199 is fixed I think it may be listed also as a direct chat client). See also my other concerns above. Edit: I think this is matrix-org/matrix-spec-proposals#1513 (meta/tracker) + worked upon at matrix-org/matrix-spec-proposals#1772. |
I probably disagree that the "communities" feature are an integral part to either the "team chat" or the "Matrix" experience in general. They seem to be mostly useful as flairs designating certain memberships, somewhat akin to IRC vanity vhosts... |
This thread makes my head hurt. It seems to be devolving into a weird list of personal gripes against Matrix, saying “we can’t possibly relist Riot until... ‘all phase 3 (ie nice-to-have) privacy bugs are closed’ or ‘it has native Tor support’ or ‘communities get rewritten’ or ‘because both it and Synapse are mainly written by the same team’ or ‘it doesn’t have latex support’ (or whatever the next complaint will be)”. This feels bizarre in the extreme, and honestly makes privacytools look bad. It feels like we are being judged by a totally different and arbitrary standard to the other tools, despite demonstrably prioritising privacy and freedom. We hope to turn on E2E by default in the coming months - ideally by end of year. Possibly sooner, given pantalaimon and seshat are almost ready; it’s only the E2EE cross signing that remains because... we prioritised it behind addressing the privacy concerns which had been highlighted. It is genuinely hard to get it right, and we don’t want to force it on until it’s perfect otherwise it will just screw over all the users who are used to the existing behaviour. Meanwhile, just as XMPP doesn’t mandate E2EE, nor does Matrix. At this point, we are going to keep plugging away improving Matrix, and hope that you consider it worth promoting at some point. |
My understanding is that Matrix communities are best compared to Discord servers/guilds or IRC servers, and the flair is a side-effect. ExampleI am an operator on PirateIRC which is IRC network intended only for international Pirate Parties. IRC clients generally list all servers under specific servers and there are currently 115 channels that would appear under it, while anything joined on another server would appear under that server. This is what I understand Discord to be replicating as if I joined a Discord server, I would see server/guild bubbles on the left and next to them the list of channels on that server (I would be autojoined to everything that I have permission to unlike at IRC). I understand that Matrix is attempting to directly imitate Discord, so everything would not appear as belonging to a single IRC server, but belong to the releated community/communities such as Pirate Parties or Pirate Party Finland. Thinking while finishing this comment, IPFS could have been a better example, but I haven't followed them recently due to having been on a IRC break and trying to avoid IRC-bridged Matrix rooms. |
I think you have a worse track record than many of the other tools, but I hope everything in real time communication is judged similarly.
It will probably warm you to hear that @jonaharagon has proposed delisting XMPP on our team chat and I expect him to be opening an issue soon. My personal view on this is that you have history of storing messages forever even when they have been removed by the user and you are currently storing media messages forever, while XMPP has (as far as I know of) always had expiry time for messages. I am also confused on how file uploads sent in a direct chat can be posted elsewhere as easily as by copying the URL, which to me hints that they aren't actually private. |
@ara4n Uh, yeah, I agree 🤔 None of the issues anyone else has brought up outside the original post appear to have actual privacy implications to users. |
@blacklight447-ptio Will it be the default for large group chats? E2EE is highly irrelevant for large groups which is primarily what Riot is being recommended here for, to be clear. It is not a recommended instant messenger for this reason but seeing as E2EE exists we can mention it. |
I don't think so, element-hq/element-web#6779. |
Speaking as objectively as possible: I think this is untrue. For instance, thinking about the tools which actually claim a security focus, Wire claimed their VoIP calls were E2EE when they simply weren't; Signal has had a series of basic security screwups (free-for-all XSS and acting as an audio bug etc.) Whereas the worst complaint levelled against us seems to be that we set a default value for the phone book & integration manager for convenience (which we then went and fixed), and that configurable history retention and e2e-by-default hasn't been merged yet (despite clearly warning in the message composer that messages are unencrypted in non-E2E rooms). It feels like folks have been dazzled by the sheer number of words put out by the libremonde 'research'.
I have absolutely nothing against XMPP. We're working this week on turning Bifrost back on for XMPP<->Matrix bridging, and I really appreciated the XSF team reaching out to say congrats on our funding announcement today. The enemy here is FB/Google/Discord/Slack etc - not XMPP!!!
...which was always on the todo-list to fix - since 2015, and has now been solved. It's not like we were doing this maliciously.
Yes, this needs to be fixed, but is it really a privacy disaster? Especially if the file is E2EE?
The filenames are random. All you're doing is swapping a random access_token for a random file name. It would take longer than the heat death of the universe to guess one of the filenames. So the fact that you can copy the URLs between rooms is not a massive vulnerability. That said, we're going to fix it anyway (just to stop having this conversation, if nothing else) - just as we're providing deletion APIs for attachments.
E2EE will be turned on by default for rooms created as private chats - either DMs or private group chats. |
I was only thinking of security audits of those two.
I am happy to hear that.
You are correct and I am not taking my own words from https://github.com/privacytoolsIO/privacytools.io/issues/1377#issuecomment-540152967. While I have lost a lot of trust towards Matrix, it's not Discord (which is the instant messenger enemy that I cannot get to peace with (some may know of my Telegram cases)) and thus I am willing to come towards you and apologise for my behaviour.
And now it's 2019, but you don't need to reply to this.
In the light of the enemy being Discord with their ToS and privacy policy, I guess it doesn't qualify as a disaster. I am not assured that your E2EE will be unbroken forever and thus I wish to have even the encrypted copies removed after a time.
👍 |
thank you - the apology is appreciated & accepted. i'm hoping it will become even clearer that Matrix is worthy of trust, even if the core development is still largely funded by one company (under the governance of the Foundation). |
Basic Information
Name: Matrix (Riot)
Category: RTC > Team Chat Platforms
URL: https://about.riot.im/
Name: Matrix (Synapse)
Category: RTC > ?
URL: https://matrix.org/docs/guides/installing-synapse
I think we need to mention Synapse specifically and encourage self-hosting over using the matrix.org homeserver, or really any public homeserver whenever possible. I don't know if this should be mentioned in the Riot listing, or if we should have a separate category for RTC servers.
Description
Since Riot was last reviewed, they have added a number of privacy-centric improvements. This is not a complete list, but these are issues we previously defined as major blockers:
There are a few unfixed issues, but I don't know if they are blockers to recommendation or not, so that's what I want to discuss here.
Finally, there are a few more "major" concerns we've voiced that have not yet been fixed, but that I do not think are blockers at all.
Present an aggregated terms of service dialogue at registration if possible element-hq/element-web#10167: Present an aggregated terms of service dialogue at registration if possibleOperators of custom Riot servers can specify ToS, Privacy Notices, etc. inconfig.json
, no?Riot X identity server is not configurable. Login/register: allow to set home server and identity server urls element-hq/element-android#20For privacy reasons a hardcoded IS seems unacceptable, but is Riot X currently recommended for public use? I don't think we can judge the project based on an incomplete client.All the other issues within https://github.com/privacytoolsIO/privacytools.io/issues/1049 are still important to monitor but I don't think the issues not mentioned above are blockers and are mostly small issues.
Anyhow, it seems clear to me that the Matrix team is at least committed to fixing their issues. For instant messengers I would still probably prefer Signal or Wire, but for a more public, large group chat use-case there does not appear to be any better alternatives to Matrix, especially from a privacy standpoint. This is why we still use it ourselves. It seems especially disingenuous to recommend XMPP over Matrix.
Also, I think that by advertising our group chat on Matrix without recommending Matrix itself we are both sending a mixed message and promoting centralization on our own server, by not demonstrating the alternatives (hosting it yourself).
The text was updated successfully, but these errors were encountered: