I wanna know if MATRIX recipients know my IP, and more globally what the recipients know about me (how the matrix protocol works). THX

35 points

No, the only one that knows your IP is your server. So your server knows your IP because you talked to it and the server knows the recipient servers IP because that’s who you’re sending to. And the recipient knows their servers IP but doesn’t know your servers IP and doesn’t know your IP. Now you can find the recipient servers IP by doing a ping obviously and they can find your servers IP that same way but they can’t find your IP directly and you can’t find their IP directly. Now, this may change for audio calls because that uses WebRTC, but I can’t speak to that.

permalink
report
reply
6 points

So why some nerds saying matrix as a metadata disaster?

permalink
report
parent
reply
13 points

Because encryption doesn’t work for rooms over 50 people, so any room over that size is public by default. And most of the usage is the Matrix.org home server.

permalink
report
parent
reply
2 points

Even if I selfhost?

permalink
report
parent
reply
1 point

Because encryption doesn’t work for rooms over 50 people, so any room over that size is public by default.

By public you mean non-encrypted? How does that work? When you create a room, you default to encryption, and there is only one participant (the room creator). And you cannot turn off encryption, so what then happens when you get 51 participants?

Also existing non-encrypted rooms are never automatically switched to encryption, so the switch must be explicit. Does it refuse to do it if there are more than 50 participants?

I’ve never heard of this limit nor was I able to find info about it (so a link would be great), but there could some factor that increases problems as the number of people increases… Perhaps 50 is some practical suggestion for the maximum number of people to have in encrypted sessions?

permalink
report
parent
reply
12 points

Because there is a lot more metadata than just IP addresses.

permalink
report
parent
reply
2 points

Human behavior is funny, isn’t it? No matter what the topic, there are always people around who like to repeat criticism they heard from someone else, even if it’s so vague as to be useless (“metadata disaster”) or they don’t understand the details at all.

It’s not a disaster. A few minor bits of metadata (avatars and reactions, IIRC) haven’t been moved into the encrypted part of the protocol yet. If that’s a problem for your use case, then you might want to choose a platform with different flaws, or simply avoid those features. It’s already good enough for the needs of many privacy-minded folks, though, and it continues to get better.

permalink
report
parent
reply
10 points
*

There is a lot more metadata than just avatars and reactions. Accounts and their room membership over time, timing of messages (and thus online times), individual interactions between specific users (based on the timing of their messages) and so on. That is all in the unencrypted metadata of a Matrix room and can’t be moved to the encrypted message part like avatars and reactions.

permalink
report
parent
reply
2 points
*
Deleted by creator
permalink
report
parent
reply
1 point

It’s not a disaster. That’s overstating it. It just leaks some metadata to the server. Nothing that’s inherently wrong with it and which won’t be solved over time.

Some may don’t like that everything is stored on the server compared to signal where it only transits the server. But for companies or gov that should be/is mandatory. And it makes handling cross client and updating devices a lot easier for normal consumers.

permalink
report
parent
reply
6 points

You seem to be unaware of how Matrix works. It is inherent to the protocol that room metadata is shared with other servers. It is not fixable as it is working as intended. This feature is nice for censorship resistance, but it is pretty much a nightmare for metadata privacy.

permalink
report
parent
reply
7 points

I figure that the administrators of your homeserver could see your IP address, I doubt that it would be sent to anyone you are just chatting with.

permalink
report
reply
3 points

Did you make a call?

permalink
report
reply
2 points

No

permalink
report
parent
reply
4 points
*

Then maybe you’re okay.

A number of people can see your IP, people will chime in and add to ane remove from this list:

Can’t see it:

  • Random people you personal message with
  • Random people you chat with in rooms

CAN see it:

  • Server admins
  • People you share (send/rcv files with) // this may have been fixed
  • People who send you links and you click them, but this isn’t specific to Matrix, it’s a tale as old as time.
  • You voice call with someone (may have been fixed)

Some info may be wrong. But having someone’s IP in the days of routers and all filtered ports means little, unless you piss off someone who knows some low level customer support person @ your ISP to pay to get your account info. Or you’re dealing drugs in which case use TAILS and stop fucking with technologies you don’t know the specifics of.

If they knock you offline and you can’t access anything at all, unplug your router AND MODEM (most importantly your modem) for an hour. Go touch grass for an hour. Widdle a wee branch. Plus your boxes back in and you’ll be bright as new.

@possiblylinux127@lemmy.zip this isn’t meant to be a dig at you, although last time you didn’t care to correct or learn if I recall,but often times you leave out the “if so,” “possibly, what and XYZ?'” and it ends up spreading misinformation because you didn’t know enough or care enough to type enough.

I love Matrix but we need to be open about what the fish is before skinning it…

https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0

https://blog.erethon.com/blog/2022/07/13/what-a-malicious-matrix-homeserver-admin-can-do/

https://www.reddit.com/r/PrivacyGuides/comments/q7qsty/is_matrix_still_a_metadata_disaster/

permalink
report
parent
reply
1 point
2 points

This thing is really scary, any other articles?

permalink
report
parent
reply
3 points

Do a lot of reading. Get a cyber informations systems basics overview on your own self-teaching before you try to understand it all.

Stay away from session and matrix. Signal, Nostr, SimpleX (nvm if you use Apple products) and the like are okay, but they are all hobbyist influencable products besides Signal which gets fat government grants and just happens to use the same encryption standards as all other huge name E2EE tools.

Stuff is fun to learn on, but get a good VPN (debates about… mullvad, ivpn, cryptostorm seem okay). here’s something fun for you and free: https://www.thc.org/segfault/

permalink
report
parent
reply
1 point

So Matrix protocol is bad because criminals use it to distribute illegal content. That’s the same as saying Tor is bad because people use it to do illegal things on the dark web. Matrix is just a protocol which powers a decentralized network. Is it better to have proprietary centralised platforms where a small number of people control everything?

permalink
report
parent
reply
1 point
*
Deleted by creator
permalink
report
parent
reply

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 4.7K

    Monthly active users

  • 1.6K

    Posts

  • 23K

    Comments