I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?
Matrix is good for private general messaging. The fact that it’s decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.
Two things to be aware of:
As long as you onboard them with the ElementX/SchildichatNext(better fork of element) mobile client, their experience and setup should be fairly future proof. Its still changing and growing for sure but the most important stuff is finally working now and the new call systems is a huge improvement.
But yeah if you want zero metadata, your only choice is P2P stuff like Briar.
Government-ordered shutdowns do not work the way you think. Government doesn’t play by the rules, it makes rules for itself.
Which means - they may, say, make a list of instances updated hourly, which automatically get blocked by ISPs.
Free speech or not, it won’t withstand such.
Note that I said the network can withstand such things, not that it guarantees your connectivity to it when using a hostile ISP. No internet messaging service can do that.
Are there any other messaging options that are more resistant to government ordered shutdowns than Matrix?
All either lack user directory or use phone numbers as identifiers. Finding people through the same instrument is an important functionality, without which a messaging system will not be popular and thus will not be relevant for such situations.
If a messaging system uses SMS for confirmation, then, as you might guess, there is some central point sending out those SMS. So it would have centralized registration. Then technically registration can be disrupted (one can imagine some cryptographic scheme to make this the only disruption). Registration is an important part, even for a popular system many people will not have an existing account when they need it.
User directories - if there is a decentralized user directory listing John Smith, Ivan Ivanov and Obi-Wan Kenobi, then either there will be hundreds of each with no ability to tell which of them is the real one (suppose those names are unique, say, u://jsmith, u://iivanov and u://alongtime ), or you need some kind of registration of public key and nickname pairs. Simplest variant (maybe dumb) is to have the messages telling of such registration having happened to be signed by some “registration authority” or a user delegated (by another message) that right (one would have to trace it to the root sadly). Then, it appears, users may add registration authorities, or choose between them, manually, but then the decentralized user directory would work in some moderated and ordered way.
I’m not aware of any such system existing, and perhaps something about what I wrote is just dumb.
Something p2p like Tox or Briar, both annoying for daily use.
There are a few messaging systems that don’t rely on internet service. That usually means a peer-to-peer design using some form of radio link, which can work well for local gatherings (like protests), but these tend to be impractical for general use.
Gotcha, so in summary, anything that relies on an internet service, such as Signal, Matrix, or Simplex, is vulnerable to government ordered blocks via black list that ISPs are compelled to enforce. Am I thinking of this right?
Thankfully, it’s not that simple.
A centralised service is an easy target for a government. (This is where Signal stands.) A decentralised one is significantly harder, because the government would have to be constantly discovering and processing every node in the network as new ones appear. (This is where Matrix stands, although it doesn’t have many public servers yet.) Fully peer-to-peer decentralisation makes it harder still, because there are as many nodes as there are users, with network addresses that often change. (Some of these exist today, but are mostly experimental with few users. Matrix has done some proof-of-concept work in this area as well.)
On top of decentralisation, tunnels like VPN and Tor can be helpful in avoiding ISP-imposed blocks.