I was sold on Matrix as a viable alternative to Discord but recently read this article which made it look not so good.

I use Matrix; XMPP; Session; Jami; and am looking into Briar. Some of what the article says is valid but other parts are weird such as when they list Riot as “the Matrix client”. Matrix has many clients. I don’t use Riot at all. I use Fluffy Chat and Cinny Mainly. A lot of their list of issues don’t apply to me. For instance my phone number isn’t tied to my Matrix account and while they may get my IP I am usually on a VPN so that limits what they get. They talk of Matrix being centralized but that only really applies if you use the Matrix home server, there are many alternatives.

In the end they have some valid concerns but it really depends on what Matrix is being compared to. Even with these issues is it betetr than Discord for privacy and security ? Yes it is. Discord is clsoed source so nobody knows what it gives up or does in the background. No closed source program can be trusted over a FOSS option. If you want to trust any of the options I mentioned over Matrix then feel free to but don’t trust Discord over it.

@dngray@lemmy.one
mod
link
fedilink
English
2
edit-2
1Y

For instance my phone number isn’t tied to my Matrix account

It isn’t for anyone using any client unless they optionally decide to provide it.

They talk of Matrix being centralized but that only really applies if you use the Matrix home server, there are many alternatives

Indeed: https://joinmatrix.org/servers/ and that’s not even getting started on the private ones or unlisted ones.

is it betetr than Discord for privacy and security ?

100% Discord has no privacy no encryption, the company sees absolutely everything.

Discord is clsoed source so nobody knows what it gives up or does in the background

That doesn’t necessarily impact privacy, and we know exactly what it does in the background based on their privacy policy, which in itself is quite ambiguous in parts. They’re quite happy there to admit they will tie identities together if you use social media logins and features like that.

No closed source program can be trusted over a FOSS option

I would say be careful here, because something is open source doesn’t necessarily mean anyone cares about what the code is actually doing. In the case of Matrix it is a very active project with a lot of community engagement and a well thought out specification so that everyone can “get up to speed”. That is extremely important. Nobody is going to sift through a tarball of source code “it’s open source”, if the development is not. It’s also totally possible for a patched version to be running in production that doesn’t reflect the source code.

That is why it’s very important not to confuse FOSS with privacy.

You can say how FOSS programs don’t equate to privacy because people may not catch things or be watching but with closed source options nobody gets to audit the code at all outside the project. How is that better for privacy ? FOSS at least gives us a chance at privacy.

@dngray@lemmy.one
mod
link
fedilink
English
1
edit-2
1Y

If the audits are public and they are actually funded with proper scope that may very well be better than some very small project nobody can be bothered looking at. I’m not saying having source is a bad thing, quite the opposite. Privacy is generally gained through security controls, and just because something is open source doesn’t mean it is secure, likewise if something is closed source that doesn’t necessarily mean it is insecure as this post describes.

My issue with closed source is we don’t know if it is insecure or secure because nobody can find out. It’s a pandora’s box of privacy and security. It may be the most private and secure code known to man or it may be sending anything and everything about you somewhere but we’ll never really know. As for public audits who picks who gets to audit the code ? The company who made it ? You can do as you please but I refuse to trust closed source code. I’m not saying all open source code is good but at least we can find out if it’s good or not through independant means rather than trusting people that the company who made it picks to tell us.

@PublicLewdness @dngray

The concept of security by obscurity in general is just absurd. It’s maddening that this is the preferred option in Enterprise.

@PublicLewdness @dngray

security by obscurity… this is an absurd concept

Create a post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…


Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don’t ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don’t repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

  • 1 user online
  • 1 user / day
  • 4 users / week
  • 45 users / month
  • 395 users / 6 months
  • 1 subscriber
  • 675 Posts
  • 11.2K Comments
  • Modlog