this post was submitted on 07 Sep 2024
115 points (91.4% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54746 readers
222 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Matrix. It can be self hosted, federated, and has encrypted chat rooms.
Anti Commercial-AI license
But terrible handling of metadata. Which is the case for all chat apps AFAIK. Like, even with OMEMO, who talks with whom, and when, can be exposed. Which sometimes is enough to get legal issues (e.g. Ola Bini's case)
Speaking about XMPP, compared to centralized services, at least the "who talks to whom" and metadata concerns in general are partially mitigated by not having all the metadata converge towards a single host, being able to selfhost, and being able to host behind tor/i2p/...
Isn't matrix like an absolute non for privacy?
I wasn't aware of that. I've even seen vendors using it.
I know it's E2EE and open source but there is a lot of Metadata.
What other limitations does it have?
Matrix has the tendency to require all participants's servers to replicate all of the room state (who joined when, who said what when, whose avatar changed to what when, ...) practically forever, and is sucking a ton of bandwidth and CPU for the privilege. It's pretty bad, unfixable, and, if you ask me, over hyped.
Why? You can connect over a VPN or TOR, can sign up with an email, and it can most likely be hosted on a as a hidden service on I2P or TOR.
How is telegram better?
Anti Commercial-AI license
I've never said Telegram is better. I'm just saying Matrix is also bad.
XMPP is the future.
Hmm, sounds like the P2P version has been paused for the forseeable future:
https://arewep2pyet.com
https://matrix.org/blog/2020/06/02/introducing-p2p-matrix
https://matrix.org/blog/2023/09/matrix-2-0
I don't know of any encrypted P2P chat 🤔
There is anonymous IRC over I2P which isn't the same but might be good enough?
Maybe there's even matrix over I2P.
Anti Commercial-AI license
Matrix works over i2P and Tor, just proxy the service.
P2P chat could include retroshare but it's not really a solution due to a variety of ux issues.
There is Tox which is P2P and encrypted and basically does this, but it's not that popular.
Basically with P2P things get complicated still having fixed rooms that you can find in a list or send offline messages, presumably using other nodes as temporary relays.
I imagine it comes with the problem most P2P chats come with: both sender and receiver have to be online at the same time, otherwise the message cannot be delivered.
Although, if people were serious about anonymity, they'd be using such a service (or similar).
Anti Commercial-AI license
Yeah. I mean theoretically you could use all the other nodes, similar to Tor or I2P to relay and temporarily store chat messages and room states. I mean that is basically those networks except maybe you route a package multiple ways and mark them for late delivery. And you measure the speed and latency of nodes so better connected nodes get more workload and act as temporary floating servers. All via DHT.
Then theoretically there should be no performance difference between server based and P2P chats. But it's even more complicated. I don't even need a chat like that, really not at all. But I think it should exist already.
It's maybe difficult to maintain privacy. The destination needs to be known and has to somehow notify other nodes that it's waiting for messages. I don't know if that can lead to traffic profiling to along the path (if enough nodes are owned) to deanonimise.
The sender can probably sealed like signal does though.
Anti Commercial-AI license
I tried a Piracy group in Matrix and there was less than 100 users...and the only active poster was a bot (or honeypot) advertising explicit CSAM related telegram groups for purchase.. just looking at the words made a pit in my stomach
That's the double edged sword with no moderation abilities
there are moderation abilities, but instead of all-seeing global moderators it must be done by the little poor room owner, and the mods they have granted permission.
if the existing owner/mods don't do that, and disgusting content starts appearing in the room, that means they probably aren't active anymore, and that it's time to make a new room with the still active members before something even more damaging happens, like an uncontrollable high volume spammer, at which point you won't be able to tell the others that you have made a new room.
I want to like Matrix but it has some serious usability issues (at least Element does, its flagship client).
I haven't used Revolt but looks a lot more polished.
Element is a complete disaster.
Like, completely unmaintained and broken.
Matrix is great and works great.
Element is a semi abandoned client that happened to come from some of the makers of matrix.
Use literally anything else. Fluffychat works for me. Element is okay for debugging sometimes so I keep it handy.
But the commenters point stands. In matrix, you can send whatever you like, as illegal or morally corrupt as you wish because its nobody‘s fucking business AND e2ee.
If someone on my server sends csam, I would never know unless someone reported it to me. Because thats how privacy works.
it wasn't abandoned, they are developing an overhaul with a more efficient sync API that required them to rethink how it works internally
How it works (to simplify) is them giving up on matrix clients ever becoming performant and well behaving on handheld devices (because of the absurd complexity of the protocol), and, instead of doing something about that, just decided to shift the client logic onto the server and castrating the clients (esp. for offline features). It's also good short-term business because it makes hosting Matrix even more cumbersome and expensive, giving a compelling reason for the type of midscale/corporate deployments previously on the fence about their self-hosting costs (due to poor design and scalability) to just pay Element for that (while probably contemplating an alternative future).
I know. I said semi abandoned because element x is their focus, which is the reason they are not adding features to element and are hesitant to put in fixes for things that would require massive changes.
This is still not ideal because the flagship app isnt advancing in a good speed. Thats why I dont recommend it.
The new Element X is really great, but only available for iOS and Android. Unfortunately no desktop or web version.
It is pretty good but pretty reduced in functionality imo. Thats why I generally suggest fluffychat. Its nowhere perfect either but it works better on a daily basis for me.