Because marcan is overreacting as usual, and is a very questionable character overall.
refalo
joined 2 years ago
Is This Safe for Me? Yes
I think the answer is not so simple. For example, some might think it would be a bad idea for their provider to know that you regularly exchange traffic with many users in adversarial countries (even if they don't know what that traffic is)... could that be used against you somehow? It's entirely possible.
I have read the spec, used the service and also implemented my own clients before, that is why I'm so confused by what you're saying, because this has not been my experience at all. If a user joins a channel, whether they are an admin or not, whether it is encrypted or not, then unless the channel is explicitly setup to only allow verified users to talk (not the default), my understanding is there is nothing preventing that new user from seeing all new messages in the chat.
I don't understand. How would the sender prevent messages from going to the admin user that joined the room? It sounds like you're implying new users simply can't join a room? That makes no sense to me... I've certainly never experienced that. I see new users join encrypted rooms all the time and they can talk just fine... so what's the deal? And isn't verification off by default?
End-to-end encryption ensures that only the intended endpoints can read the messages
But who/what gets to decide who the intended recipients are? Can't the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?
What do you have to say about this then?
In an encrypted room even with fully verified members, a compromised or hostile home server can still take over the room by impersonating an admin. That admin (or even a newly minted user) can then send events or listen on the conversations.
Perhaps we have a different definition of "impersonate"... not everyone will pay attention to unverified warnings, and afaik they can still communicate with people (just maybe not read old messages)... but I would love to be proven wrong.
Unfortunately even with E2EE, the admins of a homeserver can still impersonate you or take over your channel.
Of course you could run your own instance, or maybe none of this is part of your threat model, but I felt like bringing it up either way.
I have a hard time feeling sympathy for tatsumoto because every interaction I had with him was absolutely despicable. He was always a massive jerk, banned anyone who used matrix.org, frequently posted loli on matrix, and links to tons of pirated content on his site.
last time I checked, blind users could not even install any mainstream distro anymore, because they all switched to wayland, and that broke screen readers in the installer.
Waste of time, they don't even fix the massive bugs the app still has for years :/
Then are they really that great? Nobody wants to work with people who are hard to work with...