I wanna know if MATRIX recipients know my IP, and more globally what the recipients know about me (how the matrix protocol works). THX

  • GravitySpoiled
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    I’m mot aware of a critical metadata leak, a link or example would be really helpful. Thanks!

    • poVoq@slrpnk.net
      link
      fedilink
      arrow-up
      4
      ·
      5 months ago

      Like all of it. It is not a “leak” if it is working as intended.

      Anyone can spin up a Matrix server, join a room with it and the Matrix network will happily push a complete copy of the room metadata (all the way back to the point the room was first created) to that new homeserver.

      • GravitySpoiled
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        There’s no problem for a public room. You can’t just join a private room.

        • poVoq@slrpnk.net
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          Yes it is a problem for both public and private rooms as this info is stored and shared retroactively. Lets say one of the participants of a private room gets compromised or you invite someone that has their account on a compromised homeserver. This then results in the entire room meta-data history (since the room was created) being shared with that compromised homeserver which can then easily analyse it in detail.

          • smb
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            5 months ago

            a public room is public. anyone could and should be able to enter it at any moment start recording and uploading everything to $terrorist@/or$three-letter-agency or such. The idea that someone else could also get the same already public data later is not threatening, as that data is already considered public as in “everyone in the world could have it a second after the data came into existance”. and also as removing from the public is not considered possible, uploading that already intentionally published data again does not pose a greater threat than its first publication, but uses just a bit of bandwidth, not more. if you are very sensitive about visibility of who you talk with, maybe don’t enter “public” rooms in the first place.

            if you join a private room, you already want to share with the other participants that you are f***ing talking to them, including when and who you exactly encrypted the data for, when, and to which servers they have to be forwarded. i expect the server of all participants to forward messages to the recipients. for this the server needs to know this type of information. Of course awareness, which data is used to make i.e. routing decisions is a good thing, but a “nightmare” would be teams zoom icq, whatsapp and similar. i am sure that messengers exist that could be less traceable for participants, but full anonymity to who you are communicating with so that even the servers know nothing about what happens in a room is imho not even a goal of matrix for the future.

            Not a “nightmare”, but what a nightmare it must be to find out that a system that looked so promising did not fulfill “every” dreamexpectation one had with options that are even the opposite of ones dreamexpectation like “public rooms”. that are meant to be public! how horrible!!!(lol)

            by the way -as it seems possibly noteworthy here - if you exchange emails with someones @gmail address, then google has all of your mail histories metadata, as well as the server of your provider has. just to mention, do not send emails to @gmail.com if you dislike google knowing about it. and if you share a document with edit history, then the edit history is likely also shared ;-) As “rooms” in matrix are meant to have a state that changes from the beginning sometimes possibly with every message and one can answer to a message which would reveal the existance of that message later when answered on, including at least a hint of what it was about, such information is imho meant to to be rather complete than hidden. maybe 1:1 chat solves this issue for you, as every chat with a new other person would start empty.

            i might be wrong, but matrix already is one of the most robust systems when it comes to “compromised servers”. so very far away from a nightmare. that is unless you are either a true criminal bastard or a true world saving hero, then every leaked byte might be the deadly one, that is true.

            So in case you are a true world saving hero: Maybe use a self build raspberry pi mesh proxy chain mounted on rooftops delivered by drones at night to proxy the signal of an in-memory-only-tasks-raspi to a free wifi, where the raspi that has its orders is using battery (like the rooftop proxy chain) but is hidden in a public transport to reach the proxy mesh by the transportations timetable. just to give a paranoic one some ideas and some work to do ;-) If you’ve build everything, then upload the code to github and designs to thingiverse so that “anyone” could have placed the proxy mesh to a free wifi on the rooftops, so you be more secure from beeing suspected ;-) lol btw a mesh system to accomplish this already exists, i think they named it b.a.t.m.a.n. (no joke) protocol, so the main struggle should be handling of solar power vs wifi signal strength, distances, humidity and windproof mount design beeing able to be deployed by manually controlled quadrocopters. good luck!

          • GravitySpoiled
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            5 months ago

            That doesn’t sound realisticly threatening to me. Besides, if I want the highest security and privacy I use onion routing.