Everyone loves a comeback story.
Can a 20 year old overlooked technology make a comeback as a completely decentralized, free, and scalable technology for the growing masses of people who value freedom and privacy?
XMPP is a simpler system that works on a “need to know” basis, meaning that servers and clients more or less only get the (meta) data that they need to function but not more. A group-chat for example exists only on one server and chat-history is only shared on request and usually is deleted quite quickly (that depends on the server settings though).
Matrix on the other hand works on a “replicate everything” basis (to be more resilient to censorship and other network disruptions). For that it runs a highly complicated distributed database where all (meta) data is automatically shared with all participating servers and is stored indefinitely. This has its upsides and downsides, but from a privacy/security perspective this is a strict negative.
I think your information on what matrix does with metadata is outdated or over-encompassing, or both. Is your knowledge on matrix up to date? (I’m asking honestly because I immediately went searching for what the current situation with matrix is, and most of what I find with regard to this was heavily worked on in 2019 and 2020 - maybe it’s still being worked on, but it doesn’t seem to be talked about much any longer).
It sounds like, for all practical purposes, Matrix should be plenty private. If one needs extreme levels of privacy, I don’t think you want to join an untrusted server, and definitely not join group chats. One couldn’t pretend to be cautious and do those things anyway.
On, on a complete side note - (and here I am doing an edit) - were you aware that every time you edit and submit, you may be sending out notification emails? I got a new email notification for each edit you made on yours.
Ah sorry for the notification spam. I did indeed edit a few times to make the message more clear.
I think my info on Matrix is pretty up to date. Yes message “pruning” in Matrix was indeed improved a bit in recent years, but the fundamental difference in system-architecture remains.
I can’t say that I am not biased in favor of XMPP of course, but I think my original message is pretty neutral and based on facts. From a security/privacy perspective not replicating data at all is always better, even when additional safety precautions like e2ee (that do exists in Matrix) mitigate the impact to some extend.
No worries - I just wanted to let you know that the notifications were occurring. They probably shouldn’t and I will be checking on Lemmy issues about it. (Just filed #1925)
Heh, I used to be biased in favour of XMPP until I did the full switch. ;-)
A group-chat for example exists only on one server and chat-history is only shared on request
That is technically true, but all servers from which users connect to the chatroom effectively get their hands on that traffic anyway to deliver it to the user (and could log it), which why end-to-end encryption is encouraged in chatrooms. [1]
It’s a tradeoff of XMPP that clients usually only interact with their own server (this is also true for Matrix). , This is done for scalability, reliability, and privacy. This way remote servers cannot for example record your IP address.
However, it’s very possible to negociate out-of-band access to some resources from your XMPP account (where leaks could occur, eg. for downloading on the web an image another user uploaded in a groupchat). For example, XEP-0070: Verifying HTTP Requests via XMPP defines a protocol for authenticating Jabber/XMPP users on the web.
[1] OMEMO encryption works rather reliably on “modern” clients in private messages and private groupchats, but is not yet supported in public chatrooms because encryption for so many recipients is resource-expensive and key verification in a public setting is a nightmare (do you really trust all those keys if anyone can join?) so there’s arguably little benefit in that.
That is technically true, but all servers from which users connect to the chatroom effectively get their hands on that traffic anyway to deliver it to the user (and could log it)
Yes, but only the data it needs to know to deliver what the client requests, not the full historic room state as in the case of Matrix.
XMPP is a simpler system that works on a “need to know” basis, meaning that servers and clients more or less only get the (meta) data that they need to function but not more. A group-chat for example exists only on one server and chat-history is only shared on request and usually is deleted quite quickly (that depends on the server settings though).
Matrix on the other hand works on a “replicate everything” basis (to be more resilient to censorship and other network disruptions). For that it runs a highly complicated distributed database where all (meta) data is automatically shared with all participating servers and is stored indefinitely. This has its upsides and downsides, but from a privacy/security perspective this is a strict negative.
I think your information on what matrix does with metadata is outdated or over-encompassing, or both. Is your knowledge on matrix up to date? (I’m asking honestly because I immediately went searching for what the current situation with matrix is, and most of what I find with regard to this was heavily worked on in 2019 and 2020 - maybe it’s still being worked on, but it doesn’t seem to be talked about much any longer).
It sounds like, for all practical purposes, Matrix should be plenty private. If one needs extreme levels of privacy, I don’t think you want to join an untrusted server, and definitely not join group chats. One couldn’t pretend to be cautious and do those things anyway.
On, on a complete side note - (and here I am doing an edit) - were you aware that every time you edit and submit, you may be sending out notification emails? I got a new email notification for each edit you made on yours.
Ah sorry for the notification spam. I did indeed edit a few times to make the message more clear.
I think my info on Matrix is pretty up to date. Yes message “pruning” in Matrix was indeed improved a bit in recent years, but the fundamental difference in system-architecture remains.
I can’t say that I am not biased in favor of XMPP of course, but I think my original message is pretty neutral and based on facts. From a security/privacy perspective not replicating data at all is always better, even when additional safety precautions like e2ee (that do exists in Matrix) mitigate the impact to some extend.
No worries - I just wanted to let you know that the notifications were occurring. They probably shouldn’t and I will be checking on Lemmy issues about it. (Just filed #1925)
Heh, I used to be biased in favour of XMPP until I did the full switch. ;-)
That is technically true, but all servers from which users connect to the chatroom effectively get their hands on that traffic anyway to deliver it to the user (and could log it), which why end-to-end encryption is encouraged in chatrooms. [1]
It’s a tradeoff of XMPP that clients usually only interact with their own server (this is also true for Matrix). , This is done for scalability, reliability, and privacy. This way remote servers cannot for example record your IP address.
However, it’s very possible to negociate out-of-band access to some resources from your XMPP account (where leaks could occur, eg. for downloading on the web an image another user uploaded in a groupchat). For example, XEP-0070: Verifying HTTP Requests via XMPP defines a protocol for authenticating Jabber/XMPP users on the web.
[1] OMEMO encryption works rather reliably on “modern” clients in private messages and private groupchats, but is not yet supported in public chatrooms because encryption for so many recipients is resource-expensive and key verification in a public setting is a nightmare (do you really trust all those keys if anyone can join?) so there’s arguably little benefit in that.
Yes, but only the data it needs to know to deliver what the client requests, not the full historic room state as in the case of Matrix.