I am interested in trying out matrix, but my first impression seems to reveal that by default, there may be some privacy or anonymity pitfalls if I use matrix.

Examples:

  • using an instance I don’t host means the host is trusted with my data
  • self hosting might reveal a lot of information about me. Most likely, it is registered to a domain that has my info and could potentially be traced back to me.
  • When self-hosting, being one of few users, basic analysis of my activity could reveal a lot about me, since all that activity could be easily identified as belonging to a single person

Now I understand not all threats could be mitigated, but my worry is that both self hosting or not have significant gaps. What’s the most privacy and anonymity conscious way to use Matrix?

  • matcha_addictOP
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    Thanks, that’s what I was thinking. Are there better alternatives?

    I’m skeptical of Signal’s centralized model and its couple with Google services, among other things.

    • erebion@lemmy.sdf.org
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      I don’t know what would fit your needs, but Signal does not require Play Services. And even if those are present, it does not leak data to Google. Other than “Signal is installed” and “You get a push message”, Signal does not put your messages into the notifications. Instead Signal connects to the Signal servers and then gets the encrypted messages from there and only then decrypts.

      Even if you have Play Services installed, you can force it to use a background connection inatead, if you disable Play Services before installing Signal, it wall automatically fall back to it.

      If you want a version without Play Services libraries, you could use Molly, a hardened version of Signal, which is available in a version without those libraries.

      Molly even allows linking phones as secondary devices, not just desktops.