1 :
root@bienvenidoainternet.org:~#
: 02/01/23(lun)17:18:51
ID:U3NmUxMT0
>By releasing v1.0, Matrix.org makes a promise of a secure and self-contained protocol while promoting privacy. But at the same time, has a near-monopol in the whole ecosystem in terms of client and server use: Riot and synapse, also labelled "reference implementations". We believe that reference implementations should reflect the core values of the protocol. They currently fail to do so and instead produce a near-centralised network which fails to protect people's privacy.>Security breaches in Matrix.org are an important reminder that we also are at the mercy of 3rd party entities with which we share our personal information unknowingly. They might leak private data unintentionally/unknowingly but still with a strong impact on the user, like it has happened many times in the past with security breaches across the Internet.Esto aplica en parte a instancias autohospedadas también.
>While users on the matrix.org Homeserver have to explicitly agree to the Terms of Use and the Privacy policy, no agreement is ever sought from users on self-hosted servers that also use matrix.org and vector.im. How is their data handled? Are they processed in some way? Which method of lawful processing under GDPR allows for this constant sharing of (meta)data? We hope such questions will be answered to ensure users' privacy is handled appropriately.https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part1/README.md>Matrix was developed and funded by a company Amdocs. Amdocs is an Israeli company that has since moved to America and has near total knowledge of American telephone communications.https://www.counterpunch.org/2008/09/27/an-israeli-trojan-horse/https://web.archive.org/web/20201219014215/https://samba.noblogs.org/post/2018/08/27/matrix-org-a-federated-app-funded-by-a-mossad-company/>Now to be clear, formally, since 2017, Amdocs no longer is the open sponsor of Matrix. It is instead funded by a break-off organization called Vector. But Matrix/Vector has somehow remained very, very well-funded for a "community-driven" project: they raised $8.5 million, that's a lot for free stuff! Crowd-funding for relatively unknown open source software projects is apparently much more lucrative than I thought!https://lukesmith.xyz/articles/matrix-vs-xmpp/
2 :
root@bienvenidoainternet.org:~#
: 02/01/23(lun)17:21:31
ID:U3NmUxMT0
"matrix.org and vector.im receive a lot of private, personal and identifiable data on a regular basis, or metadata that can be used to precisely identify and/or track users/server, their social graph, usage pattern and potential location. This is possible both by the default configuration values in synapse/Riot that do not promote privacy, and by specific choices made by their developers to not disclose, inform users or resolve in a timely manner several known behaviours of the software.
Data sent on a potential regular basis based on a common web/desktop+smartphone usage even with a self-hosted client and Homeserver:
The Matrix ID of users, usually including their username.
Email addresses, phone numbers of the user and their contacts.
Associations of Email, phone numbers with Matrix IDs.
Usage patterns of the user.
IP address of the user, which can give more or less precise geographical location information.
The user's devices and system information.
The other servers that users talks to.
Room IDs, potentially identifying the Direct chat ones and the other user/server.
With default settings, they allow unrestricted, non-obfuscated public access to the following potentially personal data/info:
Matrix IDs mapped to Email addresses/phone numbers added to a user's settings.
Every file, image, video, audio that is uploaded to the Homeserver.
Profile name and avatar of users."
¿Quedó en nada?, ¿Qué querías, que hiciéramos una marcha?
Revisando las respuestas puedo imaginar por qué borraron cosas. Anda a llorar sobre la libertad de expresión a otra parte.
XMPP e IRC fueron financiados por los mismos gobiernos. Lo mismo con IMAP, POP3 y SMTP.
Tor empezó como un proyecto militar y ahora es la forma más segura y privada de conectarse a un sitio web. El internet mismo empezó de igual manera.
Yo veo al equipo de Matrix a cada rato llorando de que les falta financiamiento.
"Anyone who wants to understand why the internet is so fucked up and centralized should read Cybernetics by Norbert Wiener. The creation of information technology follows theories of population control and governance through intentional design principals. It's humans themselves who overcame the security structures of the 'old' internet and established non-hierarchal communities. And it's humans today building non-hierarchal layers on top of centrally-administered server farms.
There's a reason people aren't hosting web servers at home anymore ISPs forbid it. There's a reason the largest social media organizations in the world are run by state department goons, and why backbone lines are connected to govt datacenters and beam splitters. The way the internet is run now is exactly how it was meant to run when it was created. People who fight cybernetic control are bugs in the machine."
Por lo que he escuchado, la mayoría de los proyectos grandes de Software Libre tienen a contribuyentes enormes detrás, corporaciones, gobiernos, ONG, etc.
como mozilla y amazon o BaI y george soros
12 :
root@bienvenidoainternet.org:~#
: 03/01/23(mar)19:35:28
ID:E1OWM4MDa
>>8Son estúpidos porque si ves la cantidad de proyecto es porque cada parte de la infraestructura de Matrix la hicieron de cero. Hicieron libolm en vez de usar la ya existente librería OMEMO, hicieran element chat en vez de utilizar Mumble, etc. Después por eso el desarrollo no avanza, no tienen tiempo ni plata para abarcar todo.
Yo llevo meses esperando mi cheque de Soros (hilarante humor del 2016)
>Después por eso el desarrollo no avanza, no tienen tiempo ni plata para abarcar todo.
No solo pierden el tiempo reinventando la rueda sino que además pasan meses jugando a la burocracia en su issue tracker nunca llegando a un acuerdo de cómo debe ser el protocolo.
>>12El problema real fue que no usaron Rust para desarrollarlos.
Verdadera oportunidad perdida ahí.