So if we don’t know what runs on the server side, how do we know then that this is not used to map user networks, i.e. who communicates with who? From an activist POV wouldn’t that be a significant risk?
Also, even if you trust the company today, given that it is US based, it is subject to the gag orders the US government agencies hand out. So that makes it still a problem, no?
Self hosting of the synapse server is pretty well documented. There even is an ansible script to speed it up.
I self hosted early on and it wasn’t particularly time consuming.
Again, the specific issue with Signal is that it is located in the US, which has pretty authoritarian practices against exactly the type of organisation that runs Signal. This potentially makes Signal problematic even if the people running it have the best intentions.
Is this context the use of phone numbers is questionable too, in my opinion at least. The given rational is that it makes it easier for users to sign up, but that’s really not true. Email is used by pretty much everyone and doesn’t rely on phone numbers. I’m sure someone thinking half a day about user IDs that aren’t carrying inherent privacy risk will likely come up with something.
I had my parents using matrix for years without issue in a quite advanced age and they had no issues desite not using phone numbers…
Got to ask now: are you working for Signal? It really sounds like it…
Re sysadmin and self hosting it really depends on the scope. You can follow basic security recommendations, which you will set up once, and which will protect you from bots and scripts. What about targeted attacks? Not sure, but if you host for yourself or family and friends only, I wouldn’t take this as my threat model.
I have a Nextcloud server running for about 4 years now with close to zero downtime. During those years I had perhaps two instances where I did larger upgrades which took me perhaps an hour on two weekends to prepare (basically backing stuff up, dealing with the excitement, reading up) and then maybe one evening to execute.
I’m sure hosting for millions of people who might end up sending lawyers your way is difficult. Running something like matrix yourself for friends and family simply isn’t and it removes all the security and privacy risk that comes with trusting an US based organisation that had its share of controversies, and more importantly is subject to the questionable laws and enforcement practices.
Anyone who had installed linux and is happy to work with a console would be capable of learning how to self host in a reasonable amount of time.
deleted by creator
So if we don’t know what runs on the server side, how do we know then that this is not used to map user networks, i.e. who communicates with who? From an activist POV wouldn’t that be a significant risk?
Also, even if you trust the company today, given that it is US based, it is subject to the gag orders the US government agencies hand out. So that makes it still a problem, no?
deleted by creator
Self hosting of the synapse server is pretty well documented. There even is an ansible script to speed it up.
I self hosted early on and it wasn’t particularly time consuming.
Again, the specific issue with Signal is that it is located in the US, which has pretty authoritarian practices against exactly the type of organisation that runs Signal. This potentially makes Signal problematic even if the people running it have the best intentions.
Is this context the use of phone numbers is questionable too, in my opinion at least. The given rational is that it makes it easier for users to sign up, but that’s really not true. Email is used by pretty much everyone and doesn’t rely on phone numbers. I’m sure someone thinking half a day about user IDs that aren’t carrying inherent privacy risk will likely come up with something.
I had my parents using matrix for years without issue in a quite advanced age and they had no issues desite not using phone numbers…
deleted by creator
Got to ask now: are you working for Signal? It really sounds like it…
Re sysadmin and self hosting it really depends on the scope. You can follow basic security recommendations, which you will set up once, and which will protect you from bots and scripts. What about targeted attacks? Not sure, but if you host for yourself or family and friends only, I wouldn’t take this as my threat model.
I have a Nextcloud server running for about 4 years now with close to zero downtime. During those years I had perhaps two instances where I did larger upgrades which took me perhaps an hour on two weekends to prepare (basically backing stuff up, dealing with the excitement, reading up) and then maybe one evening to execute.
I’m sure hosting for millions of people who might end up sending lawyers your way is difficult. Running something like matrix yourself for friends and family simply isn’t and it removes all the security and privacy risk that comes with trusting an US based organisation that had its share of controversies, and more importantly is subject to the questionable laws and enforcement practices.
Anyone who had installed linux and is happy to work with a console would be capable of learning how to self host in a reasonable amount of time.