Signal's Meredith Whittaker scorns anti-encryption efforts as 'parochial, magical thinking' | TechCrunch - eviltoast
  • haui@lemmy.giftedmc.com
    link
    fedilink
    arrow-up
    6
    ·
    9 months ago

    I run a matrix server that interoperates with signal, whatsapp and discord so people who need to use those platforms are able to use one app instead of three and also keep their info private.

    • LWD@lemm.ee
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      9 months ago

      How’s that keep people’s info private? Every Signal-Matrix integration I’ve seen decrypts the data and just holds it unencrypted on a (Matrix) server.

      • haui@lemmy.giftedmc.com
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        I‘m talking about apps like discord or whatsapp that have a lot of info on you when you open them. The open source clients are a lot less data hungry afaik.

        But yes, the encryption between the apps is not seamless so you‘d need to activate encryption again for this if you want it.

        • LWD@lemm.ee
          link
          fedilink
          arrow-up
          4
          ·
          9 months ago

          Maybe. If you communicate on Matrix with someone who is bridged from Discord, you have now given Matrix data to Discord and Discord data to Matrix. Which isn’t great for privacy at all.

          Granted, I guess you don’t have to use the Discord app at that point, but the extra data is a server-side treasure trove regardless.

          • haui@lemmy.giftedmc.com
            link
            fedilink
            arrow-up
            2
            ·
            9 months ago

            I dont know where you got that info from but afaik the most data collection is automated and does not include manually sifting through stuff. Having a discord bot does not give discord the info from a persons matrix account. Its the persons decision if they want to name the matrix account the same (which they shouldnt).

            • LWD@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              9 months ago

              Well, it’s not all your Matrix data, but if you don’t trust Discord with writing an app that runs client-side, I’m not sure why it’s helpful to trust them with holding onto your conversions with other Discord users either…

              I’ve also run a Matrix server and I can tell you from experience… You shouldn’t trust me with your conversations. Even if I was a good friend, I’m definitely not a security professional!

              • haui@lemmy.giftedmc.com
                link
                fedilink
                arrow-up
                1
                ·
                9 months ago

                Well, I‘m not a security professional but an admin. Keeping people out of your matrix chats isnt that hard if you follow some standard procedure.

                Sending 1000 texts to discord through matrix is a lot different than having 1000 texts and all photos, geo coding, contacts and microphone accessible.

                • LWD@lemm.ee
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  9 months ago

                  You can’t keep the admin out of your Matrix chats and bridge them to Signal (or Discord) though. Either they sit around effectively unencrypted on a server that’s built to hold data and especially metadata forever (which is one data breach away from being everybody’s data) or the user has to just not use Signal bridges.

                  I guess if you’re comfortable with that it’s fine, but I’m really not.

                  • haui@lemmy.giftedmc.com
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    9 months ago

                    Thats what I meant. The admin is the person that most always has your data but data breaches are other people getting in which is not that hard to prevent. You dont have to run faster than the bear… just faster than the guy next to you.

                    For signal we assume that native connections are e2ee, for whatsapp I‘m less sure thats really the case and for discord we know that nothing is encrypted.

                    So yes, if someone got into the server and started poking around undetected, one might have their signal texts laid bare. I‘m pretty sure the likelyhood isnt as high as a phone getting hacked, especially for small servers that are obscure.

                    In any case, you do you.