• gianni@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    4 months ago

    Simpler to manage and smaller attack surface.

    Running your own Matrix server also means running your own host server, database, caches, reverse proxy, firewall, networking stack, etc… Keeping these things running and updated. As well as vetting and updating clients.

    • helenslunch@feddit.nl
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      edit-2
      4 months ago

      Don’t have to run your own server, you can choose from any of hundreds of public ones.

        • helenslunch@feddit.nl
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          4 months ago

          Yeah, actually. Will be a lot harder to track it back to you if you’re one of thousands of random users on a public server rather than one you’re hosting using your personal information.

          • gianni@lemmy.ca
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            4 months ago

            How is it a lot harder to track if the FBI can just subpoena the sysadmin for server/room logs?

            With respect, this viewpoint is not defensible from an operational security perspective.

            It’s like saying they should use GMail because they have hundreds of millions of users. When the problem isn’t being a needle in haystack, but rather the fact that Google will gladly look through your private data and happily hand it over to the authorities.

            • helenslunch@feddit.nl
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              edit-2
              4 months ago

              How is it a lot harder to track if the FBI can just subpoena the sysadmin for server/room logs?

              1. What would stop them from subpoenaing all information from your personal server?
              2. There’s no personal information tied to your account. The server does not have your IP, your email, your CC, etc.

              With respect, this viewpoint is not defensible from an operational security perspective.

              “With respect”, ya don’t know what you’re talking about.

              It’s like saying they should use GMail because they have hundreds of millions of users.

              Except it’s not like that at all because Gmail is going to collect all the information about you they possibly can and Matrix is going to do the opposite.

              • gianni@lemmy.ca
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                What would stop them from subpoenaing all information from your personal server?

                If you’re a drug dealer and the FBI sends you a subpoena—you could simply….not respond.

                There’s no personal information tied to your account.

                There is actually a bunch of metadata tied to your account and your room. That’s partly how they caught that kid with the Pentagon leaks.

                And again, there may be other services between the clients and the matrix server that collect personal data (e.g. reverse proxies, load balancers).

                If you are someone who ostensibly cares about privacy and security (like a drug dealer) why would you rely on the benevolence and security hygiene of a stranger you can’t audit? Instead of using a known good actor, like Signal or SimpleX, or no actor, like Briar.

                • helenslunch@feddit.nl
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  4 months ago

                  If you’re a drug dealer and the FBI sends you a subpoena—you could simply….not respond.

                  I mean sure, but then you’d have bigger problems.

                  There is actually a bunch of metadata tied to your account and your room.

                  I understand Metadata is a big problem with Matrix (even for me, personally). Metadata is not personal information if it remains detached from your identity.

                  If you are someone who ostensibly cares about privacy and security (like a drug dealer)

                  LOL

                  why would you rely on the benevolence and security hygiene of a stranger you can’t audit?

                  I’ve already explained why.

                  Instead of using a known good actor, like Signal or SimpleX, or no actor, like Briar.

                  Like I said, there are pros and cons of each. I’m not telling you you should use anything specific. You just have to use whatever works for your situation.