I am interested in trying out matrix, but my first impression seems to reveal that by default, there may be some privacy or anonymity pitfalls if I use matrix.
Examples:
- using an instance I don’t host means the host is trusted with my data
- self hosting might reveal a lot of information about me. Most likely, it is registered to a domain that has my info and could potentially be traced back to me.
- When self-hosting, being one of few users, basic analysis of my activity could reveal a lot about me, since all that activity could be easily identified as belonging to a single person
Now I understand not all threats could be mitigated, but my worry is that both self hosting or not have significant gaps. What’s the most privacy and anonymity conscious way to use Matrix?
Trusting a third party with your data that is encrypted. Its better to blend in than to stand out. Use a instance with a fair amount of users , use anonymous username and email if they ask.
What about information like: who are the people I message, or the list of all group chats or public channels I am in? Is that encrypted?
I don’t have the answer to those but one that I know protect you even more is SimpleX. You can listen to this podcast with the founder where he explains everything.
Opt Out: SimpleX chat and how privacy aligns with the future of computing w/ Evgeny from SimpleX
Episode webpage: https://optoutpod.com/episodes/s3e02-simplexchat/
The first point is moot as you can encrypt your data; your host my have it, but they can’t access it.
As far as self hosting goes, yes: DNS registration will generally out you, so if you’re really trying to stay hidden then - as the previous poster mentioned - your best bet is to just make an account on a relatively large server.
Thanks. Is it encrypted by default? Or do I have to do something to ensure it is?
You can get a domain name 4free and anonymously https://freedns.afraid.org
Matrix is not the right protocol for staying anonymous. There’s way too much unprotected metadata.
You might be able to mitigate that somewhat by using an instance that is accessible via TOR and being careful who you communicate with, depending on threat models and so on.
But if you want to communicate anonymously and not leak meta data… Probably not what you are looking for.
Thanks, that’s what I was thinking. Are there better alternatives?
I’m skeptical of Signal’s centralized model and its couple with Google services, among other things.
I don’t know what would fit your needs, but Signal does not require Play Services. And even if those are present, it does not leak data to Google. Other than “Signal is installed” and “You get a push message”, Signal does not put your messages into the notifications. Instead Signal connects to the Signal servers and then gets the encrypted messages from there and only then decrypts.
Even if you have Play Services installed, you can force it to use a background connection inatead, if you disable Play Services before installing Signal, it wall automatically fall back to it.
If you want a version without Play Services libraries, you could use Molly, a hardened version of Signal, which is available in a version without those libraries.
Molly even allows linking phones as secondary devices, not just desktops.