20 July 2019 - 11 minute read
"Wait... what!?"

You heard me. It was recently brought to light (for me at least) a truly
colossal fuck-up that not only renders Matrix a bad idea for privacy-respecting
chat right now, but generates enough concern to question whether it will ever be
safe and usable as a means of communication.
So, what's the problem? Well, by far the largest homeserver - matrix.org - runs
through Cloudflare's spyware. All traffic going through matrix.org is leaked, no
matter where it comes from or where it's going. If you're an unsuspecting user
in a public room, then your privacy is not being respected. In order to speak in
public, you must sacrifice everything you say to Cloudflare for collection,
analysis, and tracking. That then makes E2EE the only option for communication
with any user on matrix.org. The problem then is that the current UX for E2EE
is horrendous. The only client that fully supports E2EE is Riot, which requires
manual verification from every device to every other device individually. If you
have a room with 5 friends, each of which has 3 devices, each person needs to
carry out 36 (!!!!) verifications with friends, which requires about a minute
each and a second means of communication and for both to be online at the same
time on the given devices. It could take days or weeks to get that ordeal over
with. Obviously, I've never managed to get such a process complete.

The claim is that they're working on "cross-signing", which should make that
whole process easier, for instance if you have an untrusted device, but lots of
devices you already trust trust it, then you automatically trust it and so on.
That would definitely solve that problem, but Cloudflare is still there. Even if
they can't see the messages themselves, they can see the message size, source,
destination, time, and any and all other information that would otherwise be
protected by https.
"But Matrix is decentralised, so just use a different homeserver". Sure, but I'd
need to be on a homeserver that refuses to federate with matrix.org to protect
its users. The issue you then get is with Matrix's centralisation with its
identity servers. I tried creating an account with privacytools.io with the
centralised anti-privacy identity server vector.im blocked thorough uMatrix. I
was able to create the account, but then couldn't log in, despite it saying I'd
be able to. It was only by removing the block to the identity server that I
could connect. It's this vital encryption combined with lacking clients,
centralised components, and exposure to Cloudflare's MITM attack on the internet
that make Matrix an incredibly hostile platform to try and communicate with. In
unencrypted rooms, privacy is exposed in a similar manner to that with any
spyware platform such as Discord.
That alone is easily enough to drive away many people, but with Riot's UX
otherwise being fairly good, I could probably tolerate that failing and move to
a different homeserver and block matrix.org. However, it was not at all
everything that was wrong. Upon questioning a few core developers, it became
apparent that they simply don't care about their horrendous privacy and security
hole. There was a fundamental lack of understanding of what privacy really is,
and their claim was that because it was a public room it didn't matter that all
traffic through it was automatically siphoned off by Cloudflare's attack. This
disgusting refusal to recognise the problem and complete lack of respect for
users made the issue too much and so I'm moving away from the platform and do
not intend to ever return to it.

I think the worst part is that when I found Matrix and was told about it, the
general view was that it was this decentralised and (importantly) privacy-
platform, making it a great option for privacy-minded people to
comfortably communicate with friends and family. What is arguably the cherry on
top was that some 2 million people were led to believe exactly that, only for
there to be centralised components built in and this massive security breach
affecting the majority of users. It's a scam, and I strongly recommend people
keep as far from it as possible - for their own good and for the good of those
around them.
So, what to use instead? I've been trying out a number of chat protocols and
platforms recently and so I thought I'd give some quick thoughts on which ones I
tried and then my overall thoughts on what to use. I will be posting a rundown
of my new communications setup soon. To give you an idea of what I was after,
most of my friends are not technically minded and my family definitely isn't. My
friends are used to centralised spyware platforms such as Facebook messenger and
Discord (a platform I now regret pulling them all over to from Skype before I
really started to learn about privacy and the dangers to it). They expect to be
able to see chat history, send pictures, do group voice chat, and so on and
expect it to "just work" - which is quite amusing considering Discord had some
of the most hilarious stability and uptime issues. These friends are
unfortunately the "i HaVe NoThInG tO hIdE" type, so the only real things I can
use to argue in favour of a platform are conveniences - short of just up and
leaving and waiting patiently for them to very gradually move over one at a time
which is what has been happening with Discord over to Matrix. In that respect,
I'm glad only a couple of them have come over so far as it means less hassle for
them as a group going from Matrix to XMPP (oops, spoilers!).

### IRC ###

IRC isn't something I tried in light of this event. In fact, it was still only
very shortly after joining Matrix that I tried IRC as I knew it was very popular
and wanted to see what it was like. IRC doesn't so much have the concept of
accounts, but more just password-protected usernames. It still resembles an
account in that you have a username, password, and an associated email address,
but no other data is held. You can create and join channels and you chat in them
and then you disconnect. It's wonderfully simple to use. IRC supports 1-to-1 and
group chat, but no voice or video. It's also worth noting that IRC servers do
not store any messages - they just "relay" it between all connected peers. As a
result, no chat history is saved. You don't get any context immediately upon
joining a channel, and when you disconnect, nothing is left behind. In that
regard, it respects privacy. Considering IRC is a decades old system and hasn't
really changed much in that time, it's visibly dated, with only very simple
features to it. That made it very fun to use, but considering the people I most
need to reach, it's not very accessible.

### TOX ###

Tox is a completely P2P system, meaning there are no central servers that manage
accounts. Your account is - in its entirety - stored on your own machine, and
only the required details are shared with people you communicate with and only
those people. Tox has support for 1-to-1 and group chat, 1-to-1 and group voice
chat, and 1-to-1 video calls. I tried both the qTox and uTox clients.

My verdict on P2P systems like Tox is that for communicating among like-minded
people with regards to privacy, it's great. These more technical people don't
need flashy nonsense; we need it to work and to do nothing else. Spyware will
not be tolerated, but ugly UIs are fine up to a point. What matters is how well
it works. In my case though, it wasn't a great option, because my privacy-blind
friends would've hated it and likely just mocked it for missing "important"
features like offline messaging and chat history. Multi-device usage is also a
key thing that even I couldn't do without. P2P is undoubtedly the way forward,
but some serious hurdles need to be dealt with first before it can be both
comfortable to use and accessible to those without adequate technical ability.

### XMPP ###

XMPP - like IRC - is a very old system. XMPP goes back to the late 90s. The
difference from IRC though is that XMPP has been built upon tremendously. It's
designed to be extensible (even the name says so), and there are a large number
of extra specifications that build on the core of XMPP. These things are called
"XEPs" and are nothing more than documentation. Any client can very easily
implement any or none of the specifications and then just use them without
issue. Having tried XMPP, it is considerably faster than Matrix. As it is
extensible, it supports chat, voice, and video, all 1-to-1 or in groups - it's
just a matter of finding a client to do it. I'll go into more detail on how I've
set myself up in another post.

Unlike Tox and similar to Matrix, XMPP is federated, meaning there are still
servers that you need to rely on, but it's not centralised in that there can be
many servers and you may create an account on any of them, and you may
communicate with anyone even if you are on separate servers. This system means
there is an incentive to be a good host as if you want people to use your server
you need to have good policies and privacy measures, because if you don't then
users can trivially go elsewhere without losing contact with anyone. Having
servers involved also means that you get all the niceties of a server-client
system, like simple multi-device, offline messages, chat history, and so on. I
found a list of XMPP servers to browse through and found plenty that not only
were clear of things like Cloudflare or Google analytics, but also had clear and
readable privacy policies that respected the user. With that, I decided this
would be what I'd switch to.
It's a terrible shame that the Matrix community had to fail so tremendously at
such a simple thing as respecting users, but on the bright side, there are
plenty more chat platforms, many of which do respect users. It's just a matter
of going and finding them.


Internet - Thoughts
Copyright Oliver Ayre 2019. Site licensed under the GNU Affero General Public
Licence version 3 (AGPLv3).