Matrix is pretty open about how it hasn't been able to do anything about metadata leakage (which they have even at some times claimed is somewhat inherent to its federated nature; I think that is an overstatement, but is something that even they seem to believe).
> Matrix does not protect metadata currently; server admins can see who you talk to & when (but not what). If you need this today, look at Ricochet or Vuvuzela etc.
> Protecting metadata is incompatible with bridging.
> However, in future peer-to-peer home servers could run clientside, tunnelling traffic over Tor and using anonymous store-and-forward servers (a la Pond).
Signal, in contrast, put a lot of effort into metadata reduction--critical as they are a single giant hosted relay service--and in the process (I am very sure) even fixed the issue I used to complain about wherein their server was technically keeping around a temporary-ish in-memory metadata log for rate limiting.
If you are going to switch to something, switch to Signal (...though I sadly can't in good faith ever really recommend anyone do that, due to how Signal has crippled the ability to do chat backups; more info on this in the other thread going on today re Signal/WhatsApp).
Those slides are from 2017. P2P Matrix was released in June 2020. A lot of work is being done on Dendrite, the latest commit was posted two hours ago as of this writing. From the GitHub page for Dendrite: "As of November 2020 we're at around 58% CS API coverage and 83% Federation coverage, though check CI for the latest numbers."
So, yes, for now the metadata leakage is a real issue. However this is likely to change in the near future.
Thanks for the info. I was under the impression that you were claiming that Matrix is less secure than WhatsApp. If they both leak metadata then they're roughly equal from a privacy perspective no? I guess with WhatsApp you can't know the extent of metadata leakage, but at least with Matrix, you have the advantage of knowing precisely what data is leaked.
Not trying to push Matrix or anything, i've been using Signal for some time already anyway, but thought i'd see what alternatives there are. The lack of chat backups is a real drawback, though since the Android version has a backup option, i'm hoping it's something they'll eventually implement?
https://matrix.org/blog/wp-content/uploads/2017/02/2017-02-0...
> Matrix does not protect metadata currently; server admins can see who you talk to & when (but not what). If you need this today, look at Ricochet or Vuvuzela etc.
> Protecting metadata is incompatible with bridging.
> However, in future peer-to-peer home servers could run clientside, tunnelling traffic over Tor and using anonymous store-and-forward servers (a la Pond).
> But for now this is sci-fi.
https://github.com/matrix-org/synapse/issues/2188
https://github.com/matrix-org/synapse/issues/4565
Signal, in contrast, put a lot of effort into metadata reduction--critical as they are a single giant hosted relay service--and in the process (I am very sure) even fixed the issue I used to complain about wherein their server was technically keeping around a temporary-ish in-memory metadata log for rate limiting.
https://signal.org/blog/sealed-sender/
If you are going to switch to something, switch to Signal (...though I sadly can't in good faith ever really recommend anyone do that, due to how Signal has crippled the ability to do chat backups; more info on this in the other thread going on today re Signal/WhatsApp).
https://news.ycombinator.com/item?id=25686475