Well, it’s not all your Matrix data, but if you don’t trust Discord with writing an app that runs client-side, I’m not sure why it’s helpful to trust them with holding onto your conversions with other Discord users either…
I’ve also run a Matrix server and I can tell you from experience… You shouldn’t trust me with your conversations. Even if I was a good friend, I’m definitely not a security professional!
You can’t keep the admin out of your Matrix chats and bridge them to Signal (or Discord) though. Either they sit around effectively unencrypted on a server that’s built to hold data and especially metadata forever (which is one data breach away from being everybody’s data) or the user has to just not use Signal bridges.
I guess if you’re comfortable with that it’s fine, but I’m really not.
Thats what I meant. The admin is the person that most always has your data but data breaches are other people getting in which is not that hard to prevent. You dont have to run faster than the bear… just faster than the guy next to you.
For signal we assume that native connections are e2ee, for whatsapp I‘m less sure thats really the case and for discord we know that nothing is encrypted.
So yes, if someone got into the server and started poking around undetected, one might have their signal texts laid bare. I‘m pretty sure the likelyhood isnt as high as a phone getting hacked, especially for small servers that are obscure.
And it turns right around into my point: aside from signal, there is no such thing as privacy and discord and whatsapp should at best not be executed on your phone. And no, the person using a bridge on a server that is not their own is not the person that correctly sandboxes the app or roots their phone.
Well, it’s not all your Matrix data, but if you don’t trust Discord with writing an app that runs client-side, I’m not sure why it’s helpful to trust them with holding onto your conversions with other Discord users either…
I’ve also run a Matrix server and I can tell you from experience… You shouldn’t trust me with your conversations. Even if I was a good friend, I’m definitely not a security professional!
Well, I‘m not a security professional but an admin. Keeping people out of your matrix chats isnt that hard if you follow some standard procedure.
Sending 1000 texts to discord through matrix is a lot different than having 1000 texts and all photos, geo coding, contacts and microphone accessible.
You can’t keep the admin out of your Matrix chats and bridge them to Signal (or Discord) though. Either they sit around effectively unencrypted on a server that’s built to hold data and especially metadata forever (which is one data breach away from being everybody’s data) or the user has to just not use Signal bridges.
I guess if you’re comfortable with that it’s fine, but I’m really not.
Thats what I meant. The admin is the person that most always has your data but data breaches are other people getting in which is not that hard to prevent. You dont have to run faster than the bear… just faster than the guy next to you.
For signal we assume that native connections are e2ee, for whatsapp I‘m less sure thats really the case and for discord we know that nothing is encrypted.
So yes, if someone got into the server and started poking around undetected, one might have their signal texts laid bare. I‘m pretty sure the likelyhood isnt as high as a phone getting hacked, especially for small servers that are obscure.
In any case, you do you.
Which gets right back around to my point. If you use Signal, but you stick a Matrix server onto it, you have made your data less private.
It’s not choosing between “your phone could get hacked” OR “another admin can see or accidentally leak your data”…
It’s choosing between “your phone could get hacked” or “your phone could get hacked and extra points of failure are added too.”
Matrix bridging is a convenience service, like Beeper was… Definitely not a privacy one.
And it turns right around into my point: aside from signal, there is no such thing as privacy and discord and whatsapp should at best not be executed on your phone. And no, the person using a bridge on a server that is not their own is not the person that correctly sandboxes the app or roots their phone.