still hella confused as to why self-proclaimed privacy advocates—even teams like @privacyguides—are pushing @element so hard despite the data collection & sharing practices, the loosey-goosey metadata usage, and the fact that they host on AWS.
still hella confused as to why self-proclaimed privacy advocates—even teams like @privacyguides—are pushing @element so hard despite the data collection & sharing practices, the loosey-goosey metadata usage, and the fact that they host on AWS.
You’re supposed to host on whatever you want.
Fork it if you want, remove what troubles you.
@mrmojo
>You’re supposed to host on whatever you want.
sure, but if the messages are stored on servers you don’t fully trust or control?
>Fork it if you want, remove what troubles you.
can’t argue with this, except that becomes it’s own point of vuln if you’re not adept in development or have sec experts vetting your setup, which make this easy to say and impractical to implement
(lol sorry for the spamming there… can’t figure out blockquotes)
Encrypted messages.
Also, you can limit which servers can participate in your room’s federation (in simple terms: which one has access to room data). There’s an option on the Element UI to disallow federating the room, and I think it’s also possible to have fine grained control over it (with so called server ACLs)
Isn’t it opt-in on all the released Element clients?
deleted by creator
whitelists: exist
deleted by creator
deleted by creator
What is your idea to solve this?
With centralized messaging services, both of them must swear off their data sovereignty.
While with true peer to peer systems none of them must do that, that model is not really compatible with mobile devices as both the sender and the receiver has to be online at the same time for the message to go through, and generally any device that is not online 24/7, which mostly includes all desktop PCs.
For this reason, I think that for the average user (who does not have a 24/7 online server-role machine, or maybe even a desktop computer) the best solution is to choose a server operator who they trust with their data. Or, they may try to run a lightweight homeserver on their mobile device (laptop or even smartphone), and live with it’s shortcomings. Not like it’s not possible, and this way everyone can register where they want, including their own part-time server if they are more comfortable that way.
However I think I did not totally understand what is your exact concern.
Do you think it to be a problem that even if you run your own server, messages you sent to your friend on another one will be stored on that homeserver too?
If so, I don’t think it’s possible to solve that problem. They (your friend) have chosen to take a compromise between security and ease of use by trusting someone else with storage. You can’t tell them - only suggest - where should they store their data, otherwise they would lose their sovereignty over it.
Fortunately confidentiality can be kept with encryption, and if you are concerned with the other server having access to metadata, you could patch your server to try to generalize the message metadata to some extent, like with delaying sending messages to they 10th minute and such measures.
deleted by creator
No it doesn’t? A single party cannot block you from participating in the network, as you can just find a different provider, and you can have control over what servers may store your data, both as a server operator and as a room admin.
deleted by creator