The article alleges that Matrix:
- has links to Israeli intelligence.
- sends a lot of sensitive data to matrix.org servers, even when Synapse is self-hosted.
Is this information accurate?
To be clear, I’m not saying Matrix is bad. I’m still using it. I just want to know more about it and who’s running the show, and hear other people’s opinions and arguments. Thanks for all the insightful comments.
has links to Israeli intelligence.
Wrong. It’s libre software. We users control it.
I’m absolutely for free software, but this statement is very simplistic. Do “we” control software running on matrix.org, where most users have accounts? Or do “we” control what binaries of Element are being deployed to App Store or Play Store? Just because something has a free software licence, doesn’t mean it’s not important who the maintainers and major developers are. One of the important features of free software is transparency, which allow us as community to learn and discuss who and how develops the software. I’m not saying Matrix is bad. I’m still using it. I just want to know more about it and who’s running the show, and hear other peoples opinions and arguments.
Libre software doesn’t mean we control what other people do with their devices. Run it on your devices. The App Store and Google Play Store is not libre. Get it yourself. Apps should have reproducible builds. Everything there misses the point of my original comment.
Yeah, we will have much success converting people from WhatsApp and shit by telling them to run their own servers /s. If a non technical friend asks me what to use instead and I’ll advise them to use Matrix, you can be sure they’ll go to app store, install Element and register at matrix.org. So I do want to know if it’s operated by Mossad before I send my friends there.
If your friend’s hiding from Mossad, I think they’ll know to get it from F-Droid and turn on end-to-end encryption.
I can’t argue about the historic relevance; The article you linked is from 2020, the issues from early 2019. The original matrix developing company seems to have deep ties as described, yes.
But:
If you follow the very first link I. The article you can read the history of the matrix protocol itself. It shows where and when the matrix protocol was separated from this company and what the status quo seems to be:
https://en.m.wikipedia.org/wiki/Matrix_(protocol)#History
From this it seems clear to me that the information from this article are by now obviously outdated with KDE and Mozilla two big mentioned community projects that are involved.
Wikipedia as primary source is not well suited, but the fact that the article linked to it themselves seem to show that they relied on the back then status quo.
In short: in 2017 they would be absolutely right, in 2020 there were still huge issues - but by now those are mostly addressed or are unknown.
Some might say interconnecting everything could be a legitimate goal. Nonetheless, some people started to report about huge amounts of data and metadata being sent to Matrix central servers.
Curious that this claim is without source in the original.
I also have porblems with their claims about bridges. Bridges are Band-Aids to allow you to communicate with people not on Matrix, not a dark masterplan to build a central spionage hub.
By default, a homeserver trusts matrix.org in questions of federation and identity of other servers. You have to get that trust from somewhere. You are free to choose another source for that.
(For example, my homeserver isn’t federated at all, and has that trusted server removed; it doesn’t communicate with anyone. Also it’s not synapse, but that’s besides the point.)
In my opinion, it doesn’t matter. Matrix has a huge decentralization problem. Pretty much any conversation you have there will end up on matrix.org servers. And since Matrix servers collect ALL the metadata, the entire platform is susceptible to blanket warrants for all users.
That wouldn’t apply to conversations you have within a group that hosts their own server, would it? Like within a family or a club.
If anyone in your group has an account is hosted on Matrix.org, yes. If no one is, no.
But that puts a huge limitation on the platform so, why bother?
Isn’t this the same limitation of any federated platform? If you communicate with someone from a different instance your data will be replicated on their instance
No, not all platforms store metadata, much less absolutely all of it unencrypted. Further, other platforms are less centralized.
What’s a better alternative? Which other platforms are you referring to? How do they compare in terms of features and adoption? From all the decentralised, e2e encrypted platforms I tried, matrix is the only one more or less accessible for normies.
