RTC/Riot: warn about media and centralization on matrix.org? #1395
Comments
Notably, other homeservers are somewhat prominently displayed in Riot (which is what we link to, not the two pages in that issue) during registration, at least in a way that makes it clear to the end-user that other homeservers are available IMO. I don't think these issues warrant warning badges in the same fashion that other warning badges have been implemented, but I do think if we rework the instant messenger page entirely like in #1377 they should be mentioned 👍 |
Where? I opened riot.im/app and wanted to register and I am offered only matrix.org for free, modular.im for a pay (both by New Vector) or if I am advanced, then I can enter something (what?) by myself.
|
I would say the characterization of this #1395 is disingenuous: Most email clients don't list every email server you could possibly use. They have taken a pragmatic approach of suggesting "a server": matrix.org for people to use. You could also purchase a subscription to Modular if you want to use your own domain and cannot be bothered maintaining a server yourself. This serves to do two things, generate some money for the project, (developers need to eat) and something as complex as Matrix requires full time development. Additionally it provides businesses who may not have their own IT staff a ready-to-go system they can use. Many small businesses rely on SaSS options to minimize costs. I can see the reason why they may not want to endorse any particular server, that could be due to unknowns about the reliability of their hosting. There is the Hello Matrix project and there are a number of servers on there listed, perhaps we could make a suggestion the user selects one of those? If I recall correctly XMPP did a similar thing to this with jabber.org. |
Mikaela
added
✨ enhancement
🌐 website issue
|
When making a suggestion of what server to use, this isn't a one size fits all; We should educate the user to select a choice appropriate to their needs. A server locally close to their origin may provide better performance but may be less desirable if that country has poor privacy protections. |
Sure.
I am not aware of any client pointing to jabber.org though. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
There is also this list public homeserver list. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
I wouldn't put the self-destructing message feature to a very high priority, since it is impossible to do well anyway. It's the same problem as with other types of DRM: the attacker and the intended recipient are the same. Does Matrix encrypt those media uploads? If so, it probably isn't a very big issue. Of course, if "forever" is long enough, the encryption might become obsolete and vulnerable to attacks. |
Depends on whether the room in question is encrypted.
This is my concern and also that deleted uploads are not deleted in reality. matrix-org/synapse#1263 |
👍 I expect if this becomes a feature in Matrix we will disable it for the public chat room. Very annoying and pointless to delete comments posted publicly, it provides absolutely no privacy when it's been indexed, cached, locally logged and possibly screen shotted by other users. It's highly irritating when people set exploding messages on Keybase as we don't check that as frequently as Matrix. All it does is destroy the flow of conversation. Public is public, if you don't want it public don't say it in public, people need to not get caught up in "message destruction" features and remember that.
Yes, in encrypted rooms.
This rule applies to any kind of cryptography no matter where it is. There's also nothing stopping people from pasting a link to a file on a server they do control, or that they can delete, eg how we did in the days of IRC. |
This comment has been minimized.
This comment has been minimized.
|
Yes and not it's not really off topic, I'll clarify why tomorrow when I'll
get access to a computer (but basically it's not centralized anymore on
matrix.org because you can change or disable all servers, although messages
are still indefinitely retained on the homeserver you chose, but there are
discussions to change this, but the issue is that this would add more
metadata on e2e encrypted messages, so they need to figure out an elegant
solution)
Le mar. 11 févr. 2020 à 10:00, Mikaela Suomalainen <notifications@github.com>
a écrit :
… To clarify, I am missing self-destructing messages in private Matrix/Riot
conversations, just like I have them in private Signal group/chats.
I am not personally using Signal for anything public and I don't view
Signal suitable for public chats, as I am not willing to share my phone
number and even more importantly it has no group moderation.
Also #1701 <https://github.com/privacytoolsIO/privacytools.io/pull/1701>
is the only answer I have to the offtopic conversation in this issue.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://github.com/privacytoolsIO/privacytools.io/issues/1395?email_source=notifications&email_token=AAIRFXV6GMLV4RIQBE7HXDTRCJSLBA5CNFSM4I7THP4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELLUN4I#issuecomment-584533745>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAIRFXT63USQY75YV4RK63LRCJSLBANCNFSM4I7THP4A>
.
|
|
If I now installed Riot on a new device, would it tell me that other homeservers than Matrix.org exist or ask me which homeserver I want to use giving me choice of others than Matrix.org without deciding that I am an experienced/advanced user by entering a custom homeserver address? |
|
You would have to manually enter a custom server (and this can also be done
later on). This was covered by other answers above, it's not an
illegitimate thing for them to do commercially wise (it's not like Wire who
offered free accounts to then become paid only services).
The thing is that with Riot, you *can* choose what server will store your
messages, and you can still have access to the whole federated network.
Whereas with Signal and others, you can't. I didn't check if signal server
is opensource, but even if it is and you self host it, then you can't
access other users on the main Signal server. Whereas here you can.
That's not to say that Riot should not have warnings or instructions to
properly configure it to make it more secure. But out of all currently
available messengers, it has one of the most decentralized design, so if a
warning about centralization is added, pretty much all other messengers
will have it (including p2p such as Jami, who uses several servers to offer
several services).
Le mar. 11 févr. 2020 à 11:00, Mikaela Suomalainen <notifications@github.com>
a écrit :
… If I now installed Riot on a new device, would it tell me that other
homeservers than Matrix.org exist or ask me which homeserver I want to use
giving me choice of others than Matrix.org without deciding that I am an
experienced/advanced user by entering a custom homeserver address?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://github.com/privacytoolsIO/privacytools.io/issues/1395?email_source=notifications&email_token=AAIRFXUAQWMWVUUGCL4EPS3RCJZLTA5CNFSM4I7THP4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELL2BXA#issuecomment-584556764>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAIRFXUQZLLR756CD3ZPEHDRCJZLTANCNFSM4I7THP4A>
.
|
|
@Mikaela To reply in more details, in your opening post, point 4 element-hq/element-web#10696 is now done (I checked in the app, the integration manager can be disabled). For the rest, I won't repeat myself, but yeah I agree Riot could do better in terms of decentralization by linking to a list of instances, instead of just showing an option to enter a custom homeserver address. But still, the possibility exists, and is not that hard to do, and there are pros and cons to using a custom server anyway, so for the lambda user, what matters more is E2EE by default and expiring messages IMO. E2EE by default is being deployed right now as I wrote above. For messages expiration, I had to do a bit of research to track down the pertinent info, but it seems it's now implemented, both at the server level and room level, although not easily changeable (ie, no button on the GUI in the room's options, you need to send a custom state event) because it's not yet part of the Matrix specification:
However, this is only true for messages, not for media, for which an issue was opened recently. Also, about what you wrote in https://github.com/privacytoolsIO/privacytools.io/issues/1389#issuecomment-540826288:
I remember reading a github issue on riot or matrix repo about this indeed, where the devs were aware that encrypted medias could be accessed by anyone with the handle because the medias were not attached to a particular room or permission, and they were thinking about how to elegantly fix this while minimizing the addition of meta-data. But unfortunately I can't find the issue where I have read that, I will post it here if I ever stumble on it again. Also, URL previews are a weak point that can be used to subvert E2EE, but they are disabled by default and when enabling in the options you get a warning. TL;DR: I agree that messages and media retention should be mentioned in a warning. Centralization (or rather the proposition of matrix.org as the default homeserver) is not an issue that merits a warning I think, but it would be nice to add a sentence in the description to highlight that it is possible to use a custom server address (the best would be to link to a list of instances, such as this one or this one). I would also suggest warning about enabling URL previews as they can leak information/identity. It could be nice to mention it can work with Tor Browser. |
|
Ah well, they just added your issue on centralization on this month's todo list for their website changes. |
|
Also pre-redacted messages are deleted after 7 days now (I consider this linked with the messages retention issue). |
|
Ephemeral/self-destructive messages are also supported (but not for media - media seem to be a weak point of Matrix/Riot currently): matrix-org/synapse#6409 PS: @Mikaela :
My bad, I remembered Matrix being a mention instead of a featured suggestion, but I must have looked at an old version of the page. I am not suggesting that Matrix should be suggested above Signal, as you write, they are in different categories, and suit different needs, it's fine to me like that, but I agree the description should be updated according to the issues you raised. |
|
I wish this issue could focus on the actual issue which is the centralization, but
no, the URL previews are generated on server-side by Synapse and if you look into logs of anything fetching a preview, you will see the homeserver address rather than Riot address so it doesn't matter. Or what information are you talking about? |
|
|
Would you mind opening a new issue about that? |
|
Session warns you about the same when you try to enable it. |
|
Riot also shows a warning now, so should we open an issue to mention this anyway or is it fine as long as the software warns about it itself? |
jonaharagon
added
📝 correction
|
I would vote that the new in software warning is good enough. |
|
I'm going to close this now that it has been added to the 2020-02 milestone matrix-org/matrix.org#586 that's really the right place for it. |
Currently the warning links to element-hq/element-web#6779 on the E2EE being experimental.
I think there are other issues that should be mentioned together with it, mainly:
The list is shorter than I thought while I was reading my complaints from #1389, I guess I am over-eager at judging what is a team chat application (with my rare use-case) and what a private chat.
This will likely be resolved by https://github.com/privacytoolsIO/privacytools.io/issues/1377#issuecomment-540152967. Maybe it should go directly to upstream privacy tracker? https://vector-im.github.io/feature-dashboard/#/plan?label=privacy-sprint&repo=vector-im/riot-web&repo=vector-im/riot-ios&repo=vector-im/riot-android&repo=vector-im/riotX-android&repo=matrix-org/matrix-doc&repo=matrix-org/sydent
The text was updated successfully, but these errors were encountered: