It has stuff like E2E encryption, but that essentially just works on the message contents. Who sends messages where is visible to any server owner that receives the data (basically: host of the user account or room, or any public room). (there may be wrinkles to this, but in a broad sense it matches Matrix's metadata exposure)
Which makes it pretty much exactly the same as, e.g., XMPP. Or nearly[1] any federated chat system, past, present, or future. It's not privacy-oriented, by design, because privacy oriented and able to connect N independent implementations which are able to protect themselves from abuse are almost completely at odds with each other.
In that sense: yes, it's a privacy disaster. It is not and never will be Signal. But in another sense, no, it's just what happens when you build a usable federated chat system - convenience costs privacy. There are "free" and "cheap" ways they could improve it, and some improvements have been trickling steadily, but the fundamental feature-set prevents it from ever being what most privacy people would call "good".
[1]: there are some exceptions, but generally speaking they are making extreme tradeoffs somewhere. E.g. inability to stop spammers because you can't see senders -> no large hosts will ever exist because it'll hemorrhage money, so it's practically just a P2P network. Some of which do have interesting privacy feature-sets, but often suffer with discoverability and connection reliability.
Groxx|3 years ago
Which makes it pretty much exactly the same as, e.g., XMPP. Or nearly[1] any federated chat system, past, present, or future. It's not privacy-oriented, by design, because privacy oriented and able to connect N independent implementations which are able to protect themselves from abuse are almost completely at odds with each other.
In that sense: yes, it's a privacy disaster. It is not and never will be Signal. But in another sense, no, it's just what happens when you build a usable federated chat system - convenience costs privacy. There are "free" and "cheap" ways they could improve it, and some improvements have been trickling steadily, but the fundamental feature-set prevents it from ever being what most privacy people would call "good".
[1]: there are some exceptions, but generally speaking they are making extreme tradeoffs somewhere. E.g. inability to stop spammers because you can't see senders -> no large hosts will ever exist because it'll hemorrhage money, so it's practically just a P2P network. Some of which do have interesting privacy feature-sets, but often suffer with discoverability and connection reliability.
hammyhavoc|3 years ago
Reventlov|3 years ago
badrabbit|3 years ago