Post · bonfire.cafe

Post

Another day, another blog piece by Soatok spreading misleading FUD about an encrypted chat system that isn't Signal;

https://soatok.blog/2026/02/17/cryptographic-issues-in-matrixs-rust-library-vodozemac/

Once again @matrix folks respond in detail to Soatak's FUD, far more politely than it really deserves;

https://matrix.org/blog/2026/02/analysis-of-reported-issues-in-vodozemac/

FYI I was going to say *willfully* spreading misleading FUD, but I'll give them the benefit of the doubt. Never attribute to malice what can explained just as well by ignorance (and/or heavy bias).

(1/?)

#Matrix #encryption

Strypey

@strypey@mastodon.nzoss.nz · 2 days ago

Soatok seems to know far more than I do about the nuts and bolts of cryptography and encryption algorithms. Their recommendations to use Signal and avoid Matrix are justified from the POV of pure cryptography theory, but make no sense as practical advice.

(2/?)

Strypey

@strypey@mastodon.nzoss.nz · 2 days ago

As Soatok said in their recent blog post about Miscord replacements;

"To really get at the heart of the problem, you have to become deeply familiar with how influence emerges in society, how incentives shape behaviors, how Internet projects are funded and supported, and how laws and politics work."

https://soatok.blog/2026/02/11/on-discord-alternatives

(3/?)

Dhole Moments

On Discord Alternatives

Next month, Discord is going to start requiring age verification. The backlash from gamers everywhere has been predictable and justified. I guess their company name checks out. I’ve had a few…

Strypey

@strypey@mastodon.nzoss.nz · 2 days ago

In Soatok's piece on Miscord replacements, they admit that theoretically excellent End-To-End Encryption doesn't provide any extra protection if one entity controls all the ends. And that Signal does, as I explained in my piece on privacy-protecting chat apps;

https://disintermedia.net.nz/get-a-room/

Which means that even if it the current E2EE in most Matrix software can be broken - and I don't think Soatok makes a strong case for that - it still doesn't have the inherent vulnerability Signal has.

(4/?)

Strypey

@strypey@mastodon.nzoss.nz · 2 days ago

Coda: My initial post was intended to make it east to find both Soatok's recent anti-Matrix FUD, and the official response from the Matrix Foundation. I've added a bit of detail with the intention of both acknowledging Soatok's specialist knowledge, and providing some context for why I don't think their practical advice on E2EE app choice holds water.

FYI they've also done some good theoretical work on doing E2EE private messages in the fediverse;

https://soatok.blog/2024/06/06/towards-federated-key-transparency/

(5/5)

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.34 no JS en

Automatic federation enabled