Telegram will disclose users' phones and IP addresses to authorities at their requests, the messengers' founder and CEO Pavel Durov said on September 23.
That is a pretty weak argument. The issues are minor and in a library that people are moving off of to a better build and stronger validated library. Yes, it should have been like that in the first place, but the problem is minor and being addressed.
I would look more to the various features of Matrix that aren’t encrypted like room names, topics, reactions, … and not to mention the oodles of unencrypted metadata. I really wouldn’t call Matrix a high-privacy system.
I like Matrix and use it regularly, but it definitely doesn’t have a privacy-first mindset like Signal does. I’m hoping that this improves over time, but without a strong privacy first leadership it seems unlikely to happen.
Olm is now deprecated and all development is now focused into Vodozemac: https://github.com/matrix-org/vodozemac. That being said, is there no proven Olm Protocol alternative implementation for e2e encryption (proven technology) instead of reinventing the wheel.
vodozemac might become that proven implementation. Without reinventing the wheel there will never be an alternative, because everyone just reuses the one existing library.
I’m not sure how much we can trust matrix either to be honest. There’s some cryptographic flaws in their Olm Library. https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
As it turns out being both secure and convenient is very difficult
That is a pretty weak argument. The issues are minor and in a library that people are moving off of to a better build and stronger validated library. Yes, it should have been like that in the first place, but the problem is minor and being addressed.
I would look more to the various features of Matrix that aren’t encrypted like room names, topics, reactions, … and not to mention the oodles of unencrypted metadata. I really wouldn’t call Matrix a high-privacy system.
I like Matrix and use it regularly, but it definitely doesn’t have a privacy-first mindset like Signal does. I’m hoping that this improves over time, but without a strong privacy first leadership it seems unlikely to happen.
Olm is now deprecated and all development is now focused into Vodozemac: https://github.com/matrix-org/vodozemac. That being said, is there no proven Olm Protocol alternative implementation for e2e encryption (proven technology) instead of reinventing the wheel.
vodozemac might become that proven implementation. Without reinventing the wheel there will never be an alternative, because everyone just reuses the one existing library.
ow interesting. TIL… Olm Protocol is a clone of Signal’s Double Ratchet.
Ow interesting… SimpleX is also using Double Ratchet… https://github.com/simplex-chat/simplex-chat?tab=readme-ov-file#privacy-and-security-technical-details-and-limitations