The article alleges that Matrix:
- has links to Israeli intelligence.
- sends a lot of sensitive data to matrix.org servers, even when Synapse is self-hosted.
Is this information accurate?
To be clear, I’m not saying Matrix is bad. I’m still using it. I just want to know more about it and who’s running the show, and hear other people’s opinions and arguments. Thanks for all the insightful comments.
I can’t argue about the historic relevance; The article you linked is from 2020, the issues from early 2019. The original matrix developing company seems to have deep ties as described, yes.
But:
If you follow the very first link I. The article you can read the history of the matrix protocol itself. It shows where and when the matrix protocol was separated from this company and what the status quo seems to be:
https://en.m.wikipedia.org/wiki/Matrix_(protocol)#History
From this it seems clear to me that the information from this article are by now obviously outdated with KDE and Mozilla two big mentioned community projects that are involved.
Wikipedia as primary source is not well suited, but the fact that the article linked to it themselves seem to show that they relied on the back then status quo.
In short: in 2017 they would be absolutely right, in 2020 there were still huge issues - but by now those are mostly addressed or are unknown.
Some might say interconnecting everything could be a legitimate goal. Nonetheless, some people started to report about huge amounts of data and metadata being sent to Matrix central servers.
Curious that this claim is without source in the original.
I also have porblems with their claims about bridges. Bridges are Band-Aids to allow you to communicate with people not on Matrix, not a dark masterplan to build a central spionage hub.
By default, a homeserver trusts matrix.org in questions of federation and identity of other servers. You have to get that trust from somewhere. You are free to choose another source for that.
(For example, my homeserver isn’t federated at all, and has that trusted server removed; it doesn’t communicate with anyone. Also it’s not synapse, but that’s besides the point.)
has links to Israeli intelligence.
Wrong. It’s libre software. We users control it.
I’m absolutely for free software, but this statement is very simplistic. Do “we” control software running on matrix.org, where most users have accounts? Or do “we” control what binaries of Element are being deployed to App Store or Play Store? Just because something has a free software licence, doesn’t mean it’s not important who the maintainers and major developers are. One of the important features of free software is transparency, which allow us as community to learn and discuss who and how develops the software. I’m not saying Matrix is bad. I’m still using it. I just want to know more about it and who’s running the show, and hear other peoples opinions and arguments.
Libre software doesn’t mean we control what other people do with their devices. Run it on your devices. The App Store and Google Play Store is not libre. Get it yourself. Apps should have reproducible builds. Everything there misses the point of my original comment.
Yeah, we will have much success converting people from WhatsApp and shit by telling them to run their own servers /s. If a non technical friend asks me what to use instead and I’ll advise them to use Matrix, you can be sure they’ll go to app store, install Element and register at matrix.org. So I do want to know if it’s operated by Mossad before I send my friends there.
If your friend’s hiding from Mossad, I think they’ll know to get it from F-Droid and turn on end-to-end encryption.