I really want to cheer for matrix/riot and this blog post moves me in that direction, but then seeing your comment as lead-dev throws me back into reality. The post is all about _tightening_ privacy! So why is the suggestion to solve addressbook feature more elegantly than a a TOS not addressed and instead GP is dismissed as being hyperfocused on privacy.
The reason I cheer about Matrix is exactly because of its P2P nature, which neither of the other privacy focused solutions like Wire/Signal address (though these give better privacy right now). Isn't it exactly the privacy conscious crowd that matrix is pitching to? Those of us who don't trust a signal or wire server because that server code is proprietary? Matrix has been promising better privacy (and e2e encryption) for some time but maybe this isn't actually where matrix is heading? I sure would like to know because there is no point for many of us to continue cheering for what otherwise looks really promising. And it's not like a better technical solution for the address book doesn't exist!!
Matrix aims to be for everyone, not just those with a (hyper)focus on privacy. From my perspective as project lead, the primary goal is more to open up communication so that users have control and that there is an open platform to build on, much like the Web, but for communication - rather than being locked into Facebook/Google/AT&T or whoever. A very desirable side-effect of that is that you get better privacy.
* People should have full control over their own communication.
* People should not be locked into centralised communication silos, but instead be free to pick who they choose to host their communication without limiting who they can reach.
* The ability to converse securely and privately is a basic human right.
* Communication should be available to everyone as a free and open, unencumbered, standard and global network.
You'll note that privacy is in there, but it's not the only thing that guides the project.
> Matrix has been promising better privacy (and e2e encryption) for some time but maybe this isn't actually where matrix is heading?
I assume this is ironic, when commenting on a blogpost talking about how we're improving privacy considerations. Meanwhile, E2E is going great guns, as per https://news.ycombinator.com/item?id=20315096.
> And it's not like a better technical solution for the address book doesn't exist!!
What do you have in mind? The only one I'm aware of is Signal's SGX stuff (https://signal.org/blog/private-contact-discovery/), but there you swap out trust in whoever runs your identity server for trust in Intel, which doesn't necessarily seem like an obvious win.
Theoretically, SGX allows you to assume that your data is in danger only if Intel and your service provider are cooperating in order to access it.
SGX has had vulnerabilities before, and there are likely to be more, but it still seems like a sane way to secure your customer’s data.
It doesn't allow you to assume that at all, precisely because of the potential for vulnerabilities.
SGX is just yet another iteration of the 'trusted tamper-proof hardware' concept (which, for reasons that are unclear to me, is apparently magically fine when Intel does it but impossible and bound to be broken when somebody else does it), and it suffers from the exact same issues as every 'trusted hardware' scheme before it.
Like everyone else they want to become the next WhatsApp - with only "the privacy conscious crowd" they don't think they'll get there. They market to your mom.
We really don't want to become the next WhatsApp fwiw. The idea is more to be the new email, or the realtime version of the web. We should be able to support the use cases both for privacy enthusiasts as well as mums, dads, grandparents or whoever.
Do you imagine the new email is going to be anything like the old email, in allowing easy composition of substantial, letter-length messages which can be organized in their own right?
I would love to be able to point non-technical users to an email alternative with sane integrity properties, and I've tried to some extent to push correspondence to Riot, but as it is right now, many of those users seem to suffer from Riot's flat design and not adapting well to the room metaphor. And one trigger-happy composition line posted to infinity scroll chat is pretty far from the experience of even a rudmentary email client.
I'll admit I haven't done a thorough search of the clients but if you're aware of good implementations of a letter metaphor for Matrix I'd be very grateful to learn what I've been missing.
We don't have a good letter metaphor in Matrix yet, but it should be coming fairly soon - we have someone sponsoring development on threading, and so you should get that bit at least in the coming months.
However, the other aspect of mail style semantics is the incredible flexibility which email gives in terms of adding/removing people from threads on a message by message basis. This doesn't map very tidily into a Matrix room currently, and is a bit of an open question right now :)
I hope the Matrix equivalent will be able to fully match and outdo email eventually, but 1-on-1 is already enough to be valuable, and it seems to me the room metaphor should be possible to map fairly gracefully to mailing lists at least.
Thanks for the efforts, as always!
I will read up on more of the current capabilities soon, by the way, to see if we can put an society I'm in on Matrix for internal communications and event announcements.
The reason I cheer about Matrix is exactly because of its P2P nature, which neither of the other privacy focused solutions like Wire/Signal address (though these give better privacy right now). Isn't it exactly the privacy conscious crowd that matrix is pitching to? Those of us who don't trust a signal or wire server because that server code is proprietary? Matrix has been promising better privacy (and e2e encryption) for some time but maybe this isn't actually where matrix is heading? I sure would like to know because there is no point for many of us to continue cheering for what otherwise looks really promising. And it's not like a better technical solution for the address book doesn't exist!!