> What's dangerous is the framing; many E2EE messengers give the server a LOT more power than "just stores the ciphertext". https://news.ycombinator.com/item?id=33259937 is discussion of a relevant example that's gotten a lot of attention, with Matrix giving the server control over "who is in a group", which can be the whole ball game for end-to-end security.
I'm a vocal critic of Matrix, and I would not consider it a private messenger like Signal.
When Matrix pretends to be a Signal alternative, the fact that the server had control over group membership makes their claim patently stupid.
> And that's not even getting into the power of side channel information available to the server. Timing and other side channel attacks can be powerful.
A lot of my blog discusses timing attacks and side-channel cryptanalysis. :)
> If the people who develop the software are different from those who host the server, that's almost certainly software you can self-host. Why not mention self-hosting in the article?
Because all of the self-hosting solutions (i.e., Matrix) have, historically, had worse cryptography than the siloed solutions (i.e., Signal, WhatsApp) to the point that I wholesale discount Matrix, OMEMO, etc. as secure messaging solutions.
> If you're shopping for a third party to host a self-hostable E2EE messenger for you. The framing of the server as just "storing ciphertext" would suggest trustyworthyness of that hosting provider isn't relevant. I can't agree with that claim.
It's more of an architecture question.
Is a self-hosted Matrix server that accepts and stores plaintext, but is hosted in Switzerland, a better way to chat privately than Signal? What if your threat model is "the US government"? My answer is a resounding, "No. You should fucking use Signal."
I'm a vocal critic of Matrix, and I would not consider it a private messenger like Signal.
https://soatok.blog/2024/08/14/security-issues-in-matrixs-ol...
When Matrix pretends to be a Signal alternative, the fact that the server had control over group membership makes their claim patently stupid.
> And that's not even getting into the power of side channel information available to the server. Timing and other side channel attacks can be powerful.
A lot of my blog discusses timing attacks and side-channel cryptanalysis. :)
> If the people who develop the software are different from those who host the server, that's almost certainly software you can self-host. Why not mention self-hosting in the article?
Because all of the self-hosting solutions (i.e., Matrix) have, historically, had worse cryptography than the siloed solutions (i.e., Signal, WhatsApp) to the point that I wholesale discount Matrix, OMEMO, etc. as secure messaging solutions.
> If you're shopping for a third party to host a self-hostable E2EE messenger for you. The framing of the server as just "storing ciphertext" would suggest trustyworthyness of that hosting provider isn't relevant. I can't agree with that claim.
It's more of an architecture question.
Is a self-hosted Matrix server that accepts and stores plaintext, but is hosted in Switzerland, a better way to chat privately than Signal? What if your threat model is "the US government"? My answer is a resounding, "No. You should fucking use Signal."