Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Telegram can be forced to give up data

That's all you need to know. Matrix and Signal can't be forced in any way.



The admins of Matrix instances sure can be forced to give up data. The metadata is not encrypted, and many rooms are not either.


Metadata is indeed an open issue on Matrix. I believe addressing it is on their to-do list.

Many rooms are not encrypted because they are public rooms, where there would be no point in it. Encryption has been the default for quite a while now.


> I believe addressing it is on their to-do list.

I doubt that it's very high on that list, as the problem seems a very hard. Very hard as in that do we even know it's possible? "Metadata" includes a lot of stuff, but basically the originator, the destination and the timing of the messages and participants of a room are all quite difficult to hide in a federated system.

I do believe there is a plan for getting rid of the association of one user in multiple rooms, but that's but a small bit of metadata. I think it is part of the puzzle for supporting changing homeservers.


I was referring to the metadata that are typical complaints about Matrix, like usernames and reactions.

> "Metadata" includes a lot of stuff, but basically the originator, the destination and the timing of the messages

Indeed. AFAIK, sender/recipient correlation cannot actually be protected at the software level, because packet switched networking necessarily reveals it. The common way I'm aware of to mitigate this problem is at the network level, by trying to avoid common routes that would allow monitoring many users' traffic from any one place.

Concretely, that might mean having everyone use Tor (which some folks suggest already) or going fully peer-to-peer (which some messengers do already, and Matrix has been experimenting with).

Signal tries to improve the situation with Sealed Sender, but I'm pretty confident that can't protect against the Signal servers being compromised, nor against network monitoring. When trying to think of how it's useful at all, the only thing that comes to mind is that it might strengthen the Signal Foundation's position when a government demands logs. (And if that is why they implemented it, I suppose they must be keeping logs, at least for a short period.)

Related:

https://www.ndss-symposium.org/ndss-paper/improving-signals-...


With Telegram, even the data can be accessed. Also: https://news.ycombinator.com/item?id=41351227





Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: