I don’t know if I’m opening a can of worms here, and I’m still trying to backtrack a lot of history where I was tuning everything out. I keep seeing random swipes at Signal (or the representatives (?)), and I was wondering whether they are founded or just lies.Is it another situation like Lemmy where we just “take the technology and move on”? Thanks!

  • teolan@lemmy.world
    12·
    5 hours ago

    they don’t want to do anything about federation or messenger intercompatibility.

    Their reasoning is that they only trust themself to keep the meta data safe and so need you.

    That’s not their reasoning. Their reasoning is that it’s much harder to evolve the protocol in a decentralized context than a centralized one. It’s not that they only trust themselves with your metadata, it’s that they can improve the protocol much faster in order to get rid of most metadata.

    They have been able to deploy a ton of protocol updates with regards to minimizing the amount of metadata anyone has access to (including them), while other decentralized alternatives have essentially been stuck in limbo for a while:

    • Secure Value recovery
    • Groups V2
    • Sealed sender
    • Usernames
    • Post quantum resistance

    On the other hand, Matrix, XMPP and email are very leaky with regards to metadata. I’m not going into email because that’s pretty documented, but here it is for matrix:

    • Message reactions are not encrypted
    • Group membership are not encrypted (which lead to attacks)
    • Profile pic and Name are public (visible by everyone even people with whom you don’t have any contact)