I wanna know if MATRIX recipients know my IP, and more globally what the recipients know about me (how the matrix protocol works). THX

  • GravitySpoiled
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    5 months ago

    It’s not a disaster. That’s overstating it. It just leaks some metadata to the server. Nothing that’s inherently wrong with it and which won’t be solved over time.

    Some may don’t like that everything is stored on the server compared to signal where it only transits the server. But for companies or gov that should be/is mandatory. And it makes handling cross client and updating devices a lot easier for normal consumers.

    • poVoq@slrpnk.net
      link
      fedilink
      arrow-up
      6
      ·
      5 months ago

      You seem to be unaware of how Matrix works. It is inherent to the protocol that room metadata is shared with other servers. It is not fixable as it is working as intended. This feature is nice for censorship resistance, but it is pretty much a nightmare for metadata privacy.

      • GravitySpoiled
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        I’m mot aware of a critical metadata leak, a link or example would be really helpful. Thanks!

        • poVoq@slrpnk.net
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          Like all of it. It is not a “leak” if it is working as intended.

          Anyone can spin up a Matrix server, join a room with it and the Matrix network will happily push a complete copy of the room metadata (all the way back to the point the room was first created) to that new homeserver.

          • GravitySpoiled
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            There’s no problem for a public room. You can’t just join a private room.

            • poVoq@slrpnk.net
              link
              fedilink
              arrow-up
              4
              ·
              5 months ago

              Yes it is a problem for both public and private rooms as this info is stored and shared retroactively. Lets say one of the participants of a private room gets compromised or you invite someone that has their account on a compromised homeserver. This then results in the entire room meta-data history (since the room was created) being shared with that compromised homeserver which can then easily analyse it in detail.

              • GravitySpoiled
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                5 months ago

                That doesn’t sound realisticly threatening to me. Besides, if I want the highest security and privacy I use onion routing.

                • poVoq@slrpnk.net
                  link
                  fedilink
                  arrow-up
                  4
                  ·
                  edit-2
                  5 months ago

                  lol, why are you even posting on a privacy community then? And using Tor doesn’t help at all in that case.

                  • GravitySpoiled
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    5 months ago

                    If it’s a public room, all info is public. I don’t understand it, sorry.

              • smb
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                5 months ago

                a public room is public. anyone could and should be able to enter it at any moment start recording and uploading everything to $terrorist@/or$three-letter-agency or such. The idea that someone else could also get the same already public data later is not threatening, as that data is already considered public as in “everyone in the world could have it a second after the data came into existance”. and also as removing from the public is not considered possible, uploading that already intentionally published data again does not pose a greater threat than its first publication, but uses just a bit of bandwidth, not more. if you are very sensitive about visibility of who you talk with, maybe don’t enter “public” rooms in the first place.

                if you join a private room, you already want to share with the other participants that you are f***ing talking to them, including when and who you exactly encrypted the data for, when, and to which servers they have to be forwarded. i expect the server of all participants to forward messages to the recipients. for this the server needs to know this type of information. Of course awareness, which data is used to make i.e. routing decisions is a good thing, but a “nightmare” would be teams zoom icq, whatsapp and similar. i am sure that messengers exist that could be less traceable for participants, but full anonymity to who you are communicating with so that even the servers know nothing about what happens in a room is imho not even a goal of matrix for the future.

                Not a “nightmare”, but what a nightmare it must be to find out that a system that looked so promising did not fulfill “every” dreamexpectation one had with options that are even the opposite of ones dreamexpectation like “public rooms”. that are meant to be public! how horrible!!!(lol)

                by the way -as it seems possibly noteworthy here - if you exchange emails with someones @gmail address, then google has all of your mail histories metadata, as well as the server of your provider has. just to mention, do not send emails to @gmail.com if you dislike google knowing about it. and if you share a document with edit history, then the edit history is likely also shared ;-) As “rooms” in matrix are meant to have a state that changes from the beginning sometimes possibly with every message and one can answer to a message which would reveal the existance of that message later when answered on, including at least a hint of what it was about, such information is imho meant to to be rather complete than hidden. maybe 1:1 chat solves this issue for you, as every chat with a new other person would start empty.

                i might be wrong, but matrix already is one of the most robust systems when it comes to “compromised servers”. so very far away from a nightmare. that is unless you are either a true criminal bastard or a true world saving hero, then every leaked byte might be the deadly one, that is true.

                So in case you are a true world saving hero: Maybe use a self build raspberry pi mesh proxy chain mounted on rooftops delivered by drones at night to proxy the signal of an in-memory-only-tasks-raspi to a free wifi, where the raspi that has its orders is using battery (like the rooftop proxy chain) but is hidden in a public transport to reach the proxy mesh by the transportations timetable. just to give a paranoic one some ideas and some work to do ;-) If you’ve build everything, then upload the code to github and designs to thingiverse so that “anyone” could have placed the proxy mesh to a free wifi on the rooftops, so you be more secure from beeing suspected ;-) lol btw a mesh system to accomplish this already exists, i think they named it b.a.t.m.a.n. (no joke) protocol, so the main struggle should be handling of solar power vs wifi signal strength, distances, humidity and windproof mount design beeing able to be deployed by manually controlled quadrocopters. good luck!