Zack Whittaker (@zackwhittaker@mastodon.social)
mastodon.social
external-link
Attached: 1 image 404 Media reports that a bunch of cybercriminals are ditching Telegram in the wake of CEO Pavel Durov's arrest: https://www.404media.co/in-wake-of-durov-arrest-some-cybercriminals-ditch-telegram/ I've seen the same! The crew behind a one-time password stealing operation called Estate (I profiled earlier this year: https://techcrunch.com/2024/05/13/cyber-criminals-stealing-one-time-passcodes-sim-swap-raiding-bank-accounts/) wiped its channel and ditched Telegram, citing the messaging app's recent moderation changes that allows anyone to report private groups. "Telegram can't be trusted anymore," wrote the OTP bot crime crew.

Ignoring the context.

Don’t pirate over Telegram, it’s no longer safe in terms of privacy and legal safety.

@zabadoh@ani.social
link
fedilink
English
322M

What kind of system that depends on centralized servers can ever be secure from government snooping?

That kind of architecture is completely hopeless in that regard.

Is a encrypted, distributed, P2P architecture realistic though?

Fonzie!
link
fedilink
English
142M

XMPP with the OMEMO extension is close, no? While Matrix isn’t distributed, it is decentralised like Lemmy and Mastodon, and E2EE by default. That could be the closest thing to what you mean?

Chewy
link
fedilink
English
42M

I’d argue XMPP is less ideal than Matrix because groups are located on a single server, which makes them easier to take down than Matrix’ replicated state.

Running any P2P/decentralized protocol over I2P seems to be the best for privacy and censorship-resistance. I2P already works great for torrents, except for it’s speed and lack of users/seeders.

@zabadho@ani.social

The problem always comes down to usability and barrier to entry. Telegram is popular because it’s great to use, and doesn’t moderate much. More private services rarely (never?) reach the level of usability most people expect, often simply because of it’s architecture.

I’d argue XMPP is less ideal than Matrix because groups are located on a single server, which makes them easier to take down than Matrix’ replicated state.

That is true, but it’s never been a problem in my relatively long experience with XMPP: some server software can be used as a cluster and distributed, making it highly available (basically, the whole of WhatsApp runs on a fork of ejabberd), and the comparatively tiny resource usage of XMPP contributes to its stability.

XMPP does have a spec for F-MUC (distributed rooms somewhat like Matrix, many years before Matrix) and my rationale as to why it never picked up despite a whole decade of “competition” from Matrix is that it’s a problem that just doesn’t need solving. The price to pay for it is hefty: Matrix resource usage (bandwidth, CPU, RAM) is insane, its protocol complexity makes it a single-vendor implementation (which is risky on very practical grounds), and it’s not even bulletproof for the niche use-case it set to tackle: in the end, your identity server on Matrix remains centralized.

You can tell that I’m partial to XMPP, but that’s only after having been a service operator for years, with my original expectations largely favouring Matrix.

@zabadoh@ani.social
link
fedilink
English
52M

I just signed up for Matrix because you mentioned it.

I installed the Element front end, because that seems to be the most popular.

It looks like IRC, which is fine if that’s all you need.

It also appears that anything beyond text has to be hotlinked, which is understandable, given that the amount of data transmitted for redundancy between home servers is exponential with the number of home servers.

Really very similar to Lemmy, where the identity of each group is tied to a particular server, e.g. lemmy has !anime@ani.social but Matrix has #anime:matrix.org

So what happens if matrix.org goes away or decides the server admin wants to be hostile to #anime?

SK
link
fedilink
12M

thats a possibility, that is why either you sign up with a provider you trust or run your own server. that is the appeal of distributed network.

JackbyDev
link
fedilink
English
12M

Really very similar to Lemmy, where the identity of each group is tied to a particular server, e.g. lemmy has !anime@ani.social but Matrix has #anime:matrix.org

So what happens if matrix.org goes away or decides the server admin wants to be hostile to #anime?

Same thing that happens when a Lemmy instance goes away, right?

Chewy
link
fedilink
English
3
edit-2
2M

Really very similar to Lemmy, where the identity of each group is tied to a particular server, e.g. lemmy has !anime@ani.social but Matrix has #anime:matrix.org

So what happens if matrix.org goes away or decides the server admin wants to be hostile to #anime?

A matrix room can have multiple identities/adresses set by the room admin. E.g. the admin of !anime:matrix.org could add another adress for the same room on !anime:myanime.instance. Because the room is replicated on all other participating servers, this would let the room continue to exist on the network (besides all matrix.org users not being able to access it).

Matrix does have a single “room id” per room, which looks like it gives the original creating home server more rights, which it does not. E.g. !ehXvUhWNASUkSLvAGP:matrix.org

Any server admin does not have any more rights over a room than another server admin. They can ban the room for their local users, but this does not stop federation as a whole.

[1] https://github.com/element-hq/element-meta/issues/419
[2] https://app.element.io/#/room/#synapse:matrix.org/$htJmba92wLTP9AoFg4eEWi9IXpgwvXr6G9Sa-kBsNNs
[3] https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#delete-room-api

It also appears that anything beyond text has to be hotlinked […]

Matrix allows for media to be hotlinked, but it can also be replicated across servers.

I.e. if I send an image in a room and look at the source (available on many web clients), the image url looks like the following "url": "mxc://matrix.org/qGgUKuZuHcRsWAhSfqKnmtiX". The actual image (and preview) then gets fetched by your server from my server [4], and then gets send to your client.

It’s important to note that a server isn’t required to download all media. If a user does not read a room, it might not download the media from another server, until the user actually wants to view it (or rather that part of the room history). Or a server admin might clean up the media store to free up space.

[4] https://matrix.org/docs/spec-guides/authed-media-servers/

@JackbyDev@programming.dev

@Kusimulkku@lemm.ee
link
fedilink
English
12M

What kind of system that depends on centralized servers can ever be secure from government snooping?

With properly implemented E2EE it can be less of a problem because at least the message content isn’t readable to them. Metadata though

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
!piracy@lemmy.dbzer0.com
Create a post
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don’t request invites, trade, sell, or self-promote

3. Don’t request or link to specific pirated titles, including DMs

4. Don’t submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

  • 1 user online
  • 246 users / day
  • 433 users / week
  • 933 users / month
  • 3.44K users / 6 months
  • 1 subscriber
  • 3.47K Posts
  • 83.2K Comments
  • Modlog