WingNews logo WingNews
top | item 46980135

(no title)

RandomGerm4n | 19 days ago

I think it would be a mistake to reject Matrix outright. Even if it's not perfect, it would still be a good starting point from which to build something better. Besides, you don't have to replace Discord with the perfect solution, just with something that's better than Discord and where there's no company behind it that can steer it in a negative direction again, as happened with Discord.

discuss

order

OkayPhysicist|19 days ago

The writer of this blog is a cryptographer. They're primarily focused on security, first and foremost, and when people ask for their advice, they're probably concerned about security, too.

The Matrix devs demonstrated an alarmingly cavalier attitude towards fundamental security issues that the writer pointed out in the past, so they are naturally not going to encourage its use.

Arathorn|19 days ago

The devil is in the details on this. The core concern was that libolm (the obsolete C impl of e2ee in Matrix) used crypto primitives which don’t protect from timing attacks.

However, in practice, this was not exploitable: the only way to exercise these primitives was over the network, where network latency and request rate limiting mitigates such attacks.

Meanwhile, we had already rewritten and replaced libolm with vodozemac, a pure rust implementation using robust primitives, shipped in the major Matrix SDKs and implementations like Element and Element X.

I’m not sure this counts as alarmingly cavalier. I do regret libolm ever going into production with substandard primitives from a hygiene perspective, but we fixed it as soon as we could via vodozemac, and meanwhile included the safety warning.

erxam|19 days ago

>just with something that's better than Discord

I mean, that's the entire issue. There's very little tangibly better than Discord. I like the idea of Matrix, but it's complete garbage in practice.

At least for now, the solution lies more in mass outrage and action rather than any technological migration. The post raises this and I think it's a good point.

erxam|19 days ago

Also, the fetishism for federation has got to stop. It's only barely workable in asynchronous environments like the Fediverse, but on a live chat service it's ruinous. It's feels like it's half of what's suffocating Matrix.

iwontberude|19 days ago

Element is way better these days. Not many people know this but Matrix team upgraded synapse last year to support hundreds of simultaneous voice/video users without the need for that shitty jitsi. They aren’t advertising bullshit to you all the time. The ACLs for spaces and rooms more granular and expressive. Your data isn’t training AI models used by people that want to enslave you. You have control where your data resides for protections by jurisdiction. Element has web embeddings for links now, it has all the platforms supported, it’s easy to verify sessions and backup your key. They support SSO external auth. What more can you want?