[hm] Matrix
amuza
amuza en riseup.net
Mie Ago 5 23:34:00 CEST 2020
spideralex:
> lei estos elementos hace un tiempo
>
> https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0
>
> https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org
>
Pego abajo parte del informe. Quizá alguien por aquí pueda desmentir,
confirmar o aportar alguna información al respecto del listado de datos
y metadatos que supuestamente se envían a matrix.org y vector.im incluso
aunque te montes tu propio servidor:
«matrix.org and vector.im receive a lot of private, personal and
identifiable data on a regular basis, or metadata that can be used to
precisely identify and/or track users/server, their social graph, usage
pattern and potential location. This is possible both by the default
configuration values in synapse/Riot that do not promote privacy, and by
specific choices made by their developers to not disclose, inform users
or resolve in a timely manner several known behaviours of the software.
Data sent on a potential regular basis based on a common
web/desktop+smartphone usage even with a self-hosted client and Homeserver:
- The Matrix ID of users, usually including their username.
- Email addresses, phone numbers of the user and their contacts.
- Associations of Email, phone numbers with Matrix IDs.
- Usage patterns of the user.
- IP address of the user, which can give more or less precise
geographical location information.
- The user's devices and system information.
- The other servers that users talks to.
- Room IDs, potentially identifying the Direct chat ones and the
other user/server.
With default settings, they allow unrestricted, non-obfuscated public
access to the following potentially personal data/info:
- Matrix IDs mapped to Email addresses/phone numbers added to a
user's settings.
- Every file, image, video, audio that is uploaded to the Homeserver.
- Profile name and avatar of users.»
------------ próxima parte ------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/hackmeeting/attachments/20200805/064cd927/attachment.sig>
Más información sobre la lista de distribución HackMeeting