[hm] Matrix

amuza amuza en riseup.net
Sab Ago 8 00:55:00 CEST 2020 

Quizá nos hayamos rayado y realmente no haya planes malvados detrás del
oscuro origen de Matrix: financiación, vínculos, su pretensión de hacer
de hub (MITM) de todo tipo de redes de mensajería...

Puede que nos hayamos rayado. En serio, es posible. Olvidémonos al menos
por un momento de ese rollo. Entonces, ahora tenemos un software que
dice que es descentralizado y seguro, y lo dicen mucho y desde el
principio. Se anuncian como un "open standard" para las comunicaciones
descentralizadas y su publicidad dice cosas tipo "Fully distributed
persistent chatrooms with no single points of control or failure".

El software en realidad llega así:



matrix.org and vector.im receive a lot of private, personal and
identifiable data on a regular basis, or metadata that can be used to
precisely identify and/or track users/server, their social graph, usage
pattern and potential location. This is possible both by the default
configuration values in synapse/Riot that do not promote privacy, and by
specific choices made by their developers to not disclose, inform users
or resolve in a timely manner several known behaviours of the software.

Data sent on a potential regular basis based on a common
web/desktop+smartphone usage even with a self-hosted client and Homeserver:

   - The Matrix ID of users, usually including their username.
   - Email addresses, phone numbers of the user and their contacts.
   - Associations of Email, phone numbers with Matrix IDs.
   - Usage patterns of the user.
   - IP address of the user, which can give more or less precise
geographical location information.
   - The user's devices and system information.
   - The other servers that users talks to.
   - Room IDs, potentially identifying the Direct chat ones and the
other user/server.

With default settings, they allow unrestricted, non-obfuscated public
access to the following potentially personal data/info:

    - Matrix IDs mapped to Email addresses/phone numbers added to a
user's settings.
    - Every file, image, video, audio that is uploaded to the Homeserver.
    - Profile name and avatar of users.

------------ próxima parte ------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/hackmeeting/attachments/20200807/6078e5a9/attachment-0001.sig>

Más información sobre la lista de distribución HackMeeting