What ultimately pushed me to leave Matrix was discovering that my homeserver’s admin was using my account without my consent.
In an encrypted room even with fully verified members, a compromised or hostile home server can still take over the room by impersonating an admin. That admin (or even a newly minted user) can then send events or listen on the conversations.
…, I’ve decided to move my conversations over to SimpleX.
For the past few months, the Matrix community has been largely inactive (despite having over 5,000 members), while the Telegram community has remained much more vibrant. This is disappointing given that I have been a strong advocate for using Matrix and have promoted it widely. For some reason, people are not moving to Matrix at the rate I had hoped.
Btw, what kind of events were sent to the room? I suspect that’s important to know when judging if that’s been power abuse or simple server maintenance.
I thought the same at first, but honestly, there’s probably nothing that warrants impersonation. If it’s a system announcement or change from the host, it should be labeled as such.
Sure. I haven’t looked into the technical details. Impersonation often is a crutch to deal with technical shortcomings. Though in this scenario it changes the whole story, whether the admin does someone a favor or is acting maliciously. And I’m not even sure if this allows to break encryption. At least in the old days, Element would ask me to veryfy each new device. And the admin doesn’t have access to the encryption keys, since they’re stored with the client. So I’m not sure what’s happening here and I’m also not sure about the implications. Just seemed kind of fishy to me to omit that kind of information in a longer article.
“Unencrypted chatrooms can be modified by an admin”. No shit? And you’re sure that hasn’t happened on Telegram? Or IRC? Or any other unencrypted messenger?
For the past few months, the Matrix community has been largely inactive (despite having over 5,000 members),
Where is he getting these stats from?
In an encrypted room even with fully verified members, a compromised or hostile home server can still take over the room by impersonating an admin. That admin (or even a newly minted user) can then send events or listen on the conversations.
How? They don’t have the keys to do so, do they? I can’t imagine that the private, unencrypted keys are stored on the server. That would be nuts.
It’s shitty that he had such a bad experience, but again, any unencrypted messenger will be susceptible to account takeover by an admin. Signal has groups. Whether their moderating tools are good or not, I can’t tell as I’m not an admin of such a group, but moving back to Telegram is no better than going to Discord.
Where is he getting these stats from?
What do you mean? He’s the room owner. He can see the member count, and the activity.
Oh, by community he means room! OK. I’m pretty sure the matrix community as a whole is more than 5000 people 😅
"When I noticed this happening, I messaged the server’s admin. At the time, I was using the cutefunny.art homeserver. Here’s what he told me:
“I can understand how it feels a little intrusive, but it doesn’t invade on peoples privacy, private conversations stay private.”
what the fuck lol?
FOSS communication app moment.
