n0btc  

Which is better for privacy? Signal or Matrix?

Matrix Pros:
Open protocol
E2E keys stored on device by default (not on homeserver)
Federated/decentralized like #mastodon so no single point of failure/control by outside influences.
Authenticated sessions
Open source server (to my knowledge)

Matrix Cons:
Fewer users compared to signal (my guess)
Learning curve (user must understand how to use e2e, auth sessions, on-device backups properly)
More? Maybe few full featured clients.

Signal Pros:
Simple to setup
Larger user base
More well known
E2e encryption
Open source app

Signal Cons:
Requires phone number
Central point of failure/control
Registration lock and PIN may be uploading more data to signal servers than user is led to believe (unproven by me)
Closed source server (to my knowledge)

Would love comments on this.
#signal #matrix #opensource #privacy #encryption
Boosts appreciated.

114 people Β· Jan 24, 2021, 17:20
1+
Talon  

@n0btc The server for Signal is indeed open source. It's on their GitHub. What it doesn't do, however, is federation. So if you set up one yourself, you will have to recompile and republish the apps to work with your particular server. There are forks (I think?) that enable federation, but you cannot use them with the official Signal apps.

1
kravietz πŸ¦‡
Follow

@talon @n0btc

There is some source code called Signal-Server on GitHub.

And there is a farm of official Signal servers to which only Signal clients are allowed to connect.

So that's quite a weak chain of custody πŸ˜‰

P.S. if you set up your own, you can't call them "Signal" even in substrings

Β· Β· 1 Β· 0 Β· 1
Talon  

@kravietz @n0btc yes. We can't verify whether or not that code is the code that runs. Given the recent outage and no activity on the repo since April 2020, I can see why people might be skeptical whether or not that is actually the code that runs in production. That said, I'd still rather people use Signal than WhatsApp. I agree that Signal isn't the most ideal, but I see it as the lesser evil, and so far I have no reason to believe that Signal is inherently evil either.

1+
kravietz πŸ¦‡  

@talon @n0btc Oh yes certainly, better than WhatsApp! I'm also using it in the same way and I subscribe to your comment entirely.

1
Talon  

@kravietz @n0btc I do hope that eventually we will all use a defederated messaging service, whether that's Matrix, XMPP or some derivative. I definitely appreciate the work Matrix/Element are doing to allow fully peer to peer messaging, but the tech needs to be enticing and easy enough to use for it to be a no brainer for non tech interested people to also adopt it. That, or preferably, people properly inform themselves about privacy and security and can come to their own conclusions... but sadly that's not how it works. :( ease of use and convenience are top criteria for the moment so the best way to tackle the problem is to make privacy and security just as, if not more, convenient in my possibly biased and definitely unprofessional opinion. I personally think Matrix is easy to use, but for some reason a lot of people do not seem to share that opinion yet.

0
Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…