> Finally, anyone paying attention knows that the UK government’s Investigatory Powers Act (IPA) impacts all vendors globally which service individuals in the UK. Something that’s obvious given the high profile TCN that the UK served Apple: the fact that Element and the Matrix.org Foundation are UK-based is irrelevant.
Is it irrelevant? A vendor that isn't based in the UK could just rightfully tell the UK government to fuck off—which isn't likely to be an option for the UK-based Matrix and Element.
Ok let's say you're a UK vendor and you developed and published an adding algorithm for 2+2 that returns the correct result: 4
How does that publicised adding algorithm get corrupted, if the UK government decides they want that 2+2=5?
The answer is that matrix being based in the UK isn't ideal, but since they published the whole protocol, it can't just be made unsafe on request without people noticing. If the math maths it still maths when the government doesn't want it to math.
What could happen is that the UK could force specific servers of the UK based entity to surveil targets etc. But you don't have to use their servers (in fact, their goal is probably that you run your own).
As someone who would be in the position to decide for or against matrix/wire usage in my org, I have to say this kind of pratise didn't particularily strengthen my trust in wire.
Any open source project can be made unsafe intentionally or unintentionally, with or without people noticing, is there anything unique to this risk with Matrix?
Right now it's prime time for a bunch of "European" tech (which still very much depend on a ton of non-EU infrastructure and code) to start shilling for their "EU alternatives". It's like the new local buzzword after AI.
I started self-hosting and adopting Matrix for my app recently and most of these raised concerns seem manipulative at best. Thanks for all the work with the project!
Even if I dislike Matrix for various reasons, it is absolutely ridiculous to point to a completely centralized AND closed system as an alternative. Terrible article.
I can't really evaluate some of their claims, but note that this is published by a company (written by a "Tech Marketer" who works there) that has a vested interest in making its product look better than the competition. The overly-alarmist language they use makes me extra skeptical.
I am a Wire user. I am not happy that, if their server goes down, all the text and images that I shared with other users will become unavailable to me. As a special case, I am not able to look at my own old messages while using my laptop on the airplane, as the Linux client is just a webview. On the phone, it works.
Backups half-way solve the issue with text messages - I would still need to contact someone with sufficient development skills to decrypt the backup and extract the text in a readable form, but the information is there.
But with images, there is no recovery. And they apparently already lost some of my photos (the placeholder for some of them never gets replaced with the actual photo when I scroll up to year 2023).
Add to that the incompatible backup formats between the desktop and mobile apps.
So this is definitely not the claimed data sovereignty.
The only safe communication is decentralized communication, capable of multiplexing multiple techniques (IP, BLE, LoRa, etc.) under the hood of cryptographically safe routing and messaging algorithms that work over unreliable links.
Maybe even with small-range offline radio mailboxes so you can deliver and gather messages from/to highly suppressed people which then can be send back into the "online" network automatically without further interaction.
There are many great decentralized alternatives. I know the founders for most of them, and interviewed some, like the founder of the original (and current) Freenet, probably the earliest private content sharing network ever launched: https://www.youtube.com/watch?v=JWrRqUkJpMQ
Here are some more of my interviews regarding freedom of speech, including with regulators, sociopolitical thinkers like Noam Chomsky, Milton Friedman’s grandson, etc: https://news.ycombinator.com/item?id=34179795
In my opinion, the most secure network is Autonomi.com, which was previously Maidsafe. It is FULLY decentralized and encrypted, and those guys have been at it far longer than Matrix. I have been on their forums and they have been on ours for years, debating various architectural and economic tradeoffs.
I might be completely wrong/off the mark here, but could it be related to that everything decentralised here is about blockchain (or even DLTs) which is just really weird for almost any idea... Who comes up with weirdness to stuff every square peg in a round hole? Sorry if you are not that person, but when I open the Autonomi page, I see 'not block chain', 'add your eth wallet', 'dlt based'... Why?
You asked why everything decentralized is about blockchain. Then you proceed to say Autonomi says “NOT blockchain” and still that triggers you? I think the problem may be on HN for being triggered by certain words.
Here is why. True anonymity and freedom requires not trusting a centralized party. So you’re going to need a way to achieve some sort of consensus and durability. Also if you are anonymous, how do you pay for storage? You can’t have accounts! Answer: you need utility tokens, a form of cryptocurrency that needs to solve the double-spend problem.
So any project that is serious about solutions arrives at these elements every time. Perhaps the only exception is early BitTorrent where everyone sharing had to be seeding too. But that only works for popular movies and such!
I think it depends on what you want to achieve; this solves another decentralised thing than I would want. I want users in a group to share data which is not possible to be ever retrievable by someone outside the group. So the data is encrypted between the members of the group, on THEIR devices only. And when the group collapses and/or users remove the data from their device, it cannot be retrieved in any way. Unlike any distributed decentralised network where, if we get good enough in 'n' years, we can just get that info from the chain and decrypt it. Even if the creators of the data disbanded and have no wish for any of this. I see for payments blockchain makes some sense, although it's hardly anonymous anymore, but for any other goal, I don't want anything stored where I don't have control. Ideally that is, of course life doesn't work like that.
I think there is no need to buy storage (you already have it); there needs to be software to share it in a way that is p2p and not via ANY other machines that are not owned by the members of the group (for instance, your family).
That's it. Also prevents from chat control being effective. Who is working in that space? I see this as an answer to many privacy/gov overreach issues.
One thing that is true about the article is that E2EE encryption is nowhere near enough. Metadata leaks of any kind are probably worse than leaking data itself.
I very much prefer to guarantee that data doesn't leave my trusted servers in the first place, rather than to encrypt it.
>I very much prefer to guarantee that data doesn't leave my trusted servers in the first place, rather than to encrypt it.
what's the rationale behind this? The point of a server is to ... serve things. If you're not gonna exchange data you might as well put a hard drive in a closet.
The point of encryption, to securely send information across adversarial channels, has made it possible that I can take my most secret information and send it across my worst enemies network and I don't need to care. Who on earth wants to go back to a world where I have to hide plain text documents in the sock drawer?
A lot of people metion "Reticulum" in this regard. But that's a one-man-show project.
The only project that got some serious momentum is Meshtastic. That's decentralized LoRa with flooding/next-hop-routing that can be backed with MQTT.
I think a huge step forward would be a decentralized BLE LE (a super robust Bluetooth Low Energy mode) Mesh based application as it can be used on smartphones.
Not being subject to the UK and US surveillance laws seems as good an argument as any.
Though I'm not sure if the GDPR allows for data to be stationed in Switzerland. It's not EU but it is party to a lot of treaties so it's not out of the question.
Ironically it might become a safer place to station data if the EU manages to push through more surveillance decrees.
Don't trust a company just because it's situated somewhere. When governments friendly to yours want to spy on you, they don't necessarily let borders stop them.
> The US and Germany used a Swiss company to sabotage encryption for years
CryptoAG and the CIA's decision to release the history document of that operation is such an interesting story. In particular, it had this effect of getting people to distrust Swiss companies, for better or for worse. It makes it sound plausible, if however unlikely, that a company such as Proton is actually a front for US cyber warfare. (I don't think it is but it might be; it seems like that may have been the point.)
If the EU was starting to go rogue like US is, it could easily bully Switzerland to force their hand into giving whatever data they want to, given that Switzerland have no frontier with sea or non EU country (not that I can imagine this scenario happening, but Switzerland is a weird choice to hide from EU)
Unfortunately we have had to remove Matrix-Element from production after user frustration and concerns with quality. While the concept is excellent, the implementation of Element is janky and caused so much friction that users would not depend on it. Concerns about other potential issues become more common within the technical team when the frontend has become substandard in a professional environment.
Matrix may not be safe but is Wire going to be safe from Chat Control? Most likely no. So I don't see how trading one surveillance state for another will help.
Let's put it this way, if the Russians get my ID and a picture of my face and know my kinks and my religious preferences what is the worst that can happen?
Now, if my government knows everything there is about me and one day decides to crack down on dissidents or hand them out to another foreign power as it was done in WW2 with the Jews in the Netherlands? Well, that is on another level.
We have be down this road before. It never ends well.
Maybe it's been too long and people forget. My grandparents lived through WW2, from what they told me, the capacity for humans to inflict pain and suffering on other humans knows no bounds.
Technically yes but Switzerland does subscribe to most EU legislation in order to join the internal market. They're a lot more "EU" than the UK is now.
They generally agree to pretty much everything yes because they're afraid of losing internal market access. It just takes a while longer because they have to approve each new thing individually.
I do use Switzerland as an exit for my vpn though yes.
This cope is officially dead now, not even Proton is believing Switzerland anymore. The pressure has gotten enough that they had to freeze all Swiss investment and start the process of moving key infrastructure to another country (I don't remember which, but it's the one Mullvad is at).
Truth is, Euros don't care about privacy. The endgame will probably be to host this stuff in the third world or something, like pirates do
Switzerland created a new set of surveillance laws in January, that far exceed anything inside the EU. Which means that EU laws are irrelevant, when talking about a company inside Switzerland - you should be talking about what they actually use!
Wire used to be relatively fine, but there are better alternatives, and Matrix is one of them, as it is not centralized, despite the most commonly used, namely Element, being "chunky" or whatever. In any case, this is written by Wire, a competitor, so take it with a pinch of salt.
In my opinion this is a poor, vendor-originated commentary attempting to spread FUD and drive people to a product. Not worth reading, and I wish I didn't.
There is of course also the fact that the EU is not a sovereign state, legitimate government, or any kind of legitimate government at all, not to mention that is it an abrogation and disassembly of democratic principles of self-determination, and inherently foreign and even hostile to all its members, the most dominant of which jockeying over control of all of Europe through the EU.
dang: is HN really the place for competitive marketing crap like this?