Incredible tweet from signal cofounder.

cyrano@lemmy.dbzer0.com · edit-2 5 days ago

Incredible tweet from signal cofounder.

easily3667 · 5 days ago

Source newer than the 2010s?

something_random_tho@lemmy.world · edit-2 5 days ago

https://spec.matrix.org/latest/#room-structure

The content of the messages can be encrypted. Who is in a room and who sent each message is not. See the “shared data” section of the chart.

Encrypting that data would require something like Sealed Sender (like Signal), and that is entirely absent from the spec and any implementation.

Edit: to the people downvoting, this is the literal Matrix spec upon which all the implementations rely. You are asking me to prove the absence of something in it. If you could, point me to the section that comments on the encryption of metadata in the spec. You may not like the answer (I’d love for it to encrypt metadata too!) but that doesn’t change the fact that it doesn’t encrypt metadata at this time.

easily3667 · edit-2 5 days ago

I’m not downvoting but I can say I was definitely hoping for more a study where data is probably leaking (ie theory vs practice). I know there had been some things like this the better part of a decade ago hence my time restriction, but maybe nothing new.

Looking at the shared data section you mentioned I don’t really get how it’s possible to avoid the system knowing who is in a room – except by limiting yourself to safe servers. Signal does that with a central system, but matrix certainly would allow self hosting such that this data doesn’t leak between servers.

The weird thing about that section to me is it says the messages are listed as json objects but…I don’t see how that works with room encryption. I suppose the json objects include the encryption data but I thought they had to do something weird for room encryption to make the double ratchet perform well.