
Ask HN: What is the purpose of end-to-end encryption when you control the infra? - z0mbie42
So why would I prefer matrix over IRC&#x2F;XMPP + TLS ?
======
bigiain
I have a project where having provable zero knowledge of the content of user's
data/communication is a hard requirement. I can tell user xyz is exchanging
data with user abc (and when, how often, and how many encrypted\/padded
bytes), but I do not know who xyz or abc are nor what they are saying to each
other. The backend mediates a TOFU exchange of public keys and user guids, and
everything else is end to end encrypted.

It's not intended to be ultra resilient to - for example - the NSA, it's
designed that way to ensure we (as the operators of the backend
infrastructure) and the client we built if for (a government department)
cannot ever accidentally collect or expose any PII related to the platform
users.

Without pushing changed client code (mobile apps, in this case) or MITMing you
proactively before the TOFU exchange, even though I have god mode access to
all the infra, I cannot (and can prove I cannot) reveal anything more than IP
addresses and guids/times/sizes of user to user comms.

If my database gets popped, I and my client have no data breach reporting
obligations. And I sleep _much_ better at night knowing that.

(If LOE show up with a warrant, we'd happily hand over the IP
address/connections times/guids/guid-social-graphs - and they'd be able to go
elsewhere to try mapping IP addresses to identities. So I'd strongly advise
against running your drug business or terrorist cells on the back of this
project. But _I_ cannot tie identities to guids. Unfortunately, I and this
project are also from Australia, so if the App Store/googleplay binaries are
already backdoored, I could soon potentially get put in jail for saying so...)

