• 1 Post
  • 19 Comments
Joined 4 months ago
cake
Cake day: July 2nd, 2024

help-circle





  • The entire protocol is build under the assumption that you do not need to trust the servers. Let the NSA have then, it doesnt matter. On the other hand 95% of Matrix users are hosted on Matrix.org which was not only hacked several times, but would be an ideal target for any agency to compromise. Its naiive to belive the big Matrix hosts arent compromised. The only effective defense is to build your system around the assumption that the server is compromised, which is what Signal did.



  • Signal Servers are using AWS and are spread throught the world. The entire protocl is build to remove any need for trust in those servers, so they migth as well be places in the datacenter of the NSA. So in the end it will be the same result. With decentralized protocls like Matrix you may get lucky and not have your small server taken down because it only hosts a few users, but if we are using the number of users as a metric, Signal would fare better against server takedowns, since all users are replicated throght the world, while my matrix server is the only place where my user data is stored. Then again both can deal fairly well against takedown ins single countries.





  • All decentralized protocols have this issue. The servers need to handle metadata for chat groups, like who is part of which group. If the servers are under individual control, nobody can force them to delete this data. The question is, do you trust a non profit organisation like signal to minimize and delete metadata (which court orders have proven they do) or do you trust all individuals of a group chat to do the same when you manually ask them to.