1. Bikeshedding has lead to reduction in security agility: Any change will have to be first implemented for the protocol, then to SDKs, then to clients. This progress can take years.
2. Riot is the only client that delivers proper E2EE, majority of clients don't feature it.
3. E2EE is still not enabled by default.
4. IRC-bridges will break E2EE
5. Decentralization does break large silos and make less tempting targets, but now you have a bunch of server admins who have personal relationships with the people the content (when not end-to-end encrypted), and the metadata (always) of which they have access to.
6. Riot's key management and fingerprint verification has been a nightmare. Thankfully this is about to change.
Until all of these are are fixed, i.e.
Until all clients enforce E2EE, until the protocol design is safe enough, until client vendors are required to keep up with security, until no bridges are allowed, until fingerprints are trivial to compare, I will not, and I think no one should Matrix.
1. Bikeshedding has lead to reduction in security agility: Any change will have to be first implemented for the protocol, then to SDKs, then to clients. This progress can take years.
2. Riot is the only client that delivers proper E2EE, majority of clients don't feature it.
3. E2EE is still not enabled by default.
4. IRC-bridges will break E2EE
5. Decentralization does break large silos and make less tempting targets, but now you have a bunch of server admins who have personal relationships with the people the content (when not end-to-end encrypted), and the metadata (always) of which they have access to.
6. Riot's key management and fingerprint verification has been a nightmare. Thankfully this is about to change.
Until all of these are are fixed, i.e.
Until all clients enforce E2EE, until the protocol design is safe enough, until client vendors are required to keep up with security, until no bridges are allowed, until fingerprints are trivial to compare, I will not, and I think no one should Matrix.