Discussion
Loading...
@milan @flbr @element @amatecha @matrix @liaizon They certainly did. But unless you are an encryption expert, we have to take the security of their product on trust. And being funded by governments means I, personally, don't trust them. I don't think that's unreasonable, and I think a lot of folks here feel the same.
@fishidwardrobe
> is not an argument against what i said
No it absolutely is. You said;
> we have to take the security of their product on trust
The software is published Free Code. It can be audited by anyone, including all the independent app devs who maintain forks. If Element put anything dodgy into the code there's a high chance of getting caught, completely blowing their reputation, including with their *customers*.
(1/2)
But putting that aside, Matrix is an open protocol. We don't have to use the Element company's software to use Matrix. There are servers and apps implementing Matrix independently of Element, and they are *definitely* checking what goes into the protocol spec, and any security/ privacy implications it might have.
@fishidwardrobe
> two years ago
So? You said it in public and you haven't deleted or edited it, and clearly you still stand by it.
(2/2)
~5 more replies (not shown)
@strypey it's been demonstrated multiple times that "many eyes on the code" *does. not. work.* when it comes to cryptography. very few of those eyes are qualified to audit it.
even if it did: my statement stands. **I** have to take their code on trust; I am not a cryptographer.
@fishidwardrobe
> many eyes on the code" *does. not. work.* when it comes to cryptography
Matrix is message-passing, like ActivityPub, not cryptography. Like anyone know has the first clue about building E2EE software, Element devs aren't doing roll-your-own cryptography ( TeleGrab are famously dodgy for doing this). Element, like all Matrix software AFAIK use Free Code primitives maintained by communities of cryptographers.
@strypey backdoors etc would fall under the broad heading of crytography, at least if well hidden.
i'm not especially interested in debating this after two years.
@fishidwardrobe
> i'm not especially interested in debating this after two years
That's fine. Withdrawiing isn't backing down from your position, and doesn't automatically make you wrong. But FWIW the topics under debate clearly aren't any less live than they were 2 years ago.
IMHO the burden of proof is on those who claim Element's funding source makes Matrix as a whole untrustworthy. Just llke claims that funding from US federal govt (via VOA, via OTF) make Signal untrustworthy.
@strypey this you, friend?
@fishidwardrobe
> this you, friend?
Me:
> That's fine. Withdrawiing isn't backing down from your position, and doesn't automatically make you wrong
I have a right of reply and I was using it. I was explicitly *not* demanding that you continue reply. So who's the sealion? Thanks for the chat, I'll let you see yourself out.