I was sold on Matrix as a viable alternative to Discord but recently read this article which made it look not so good.

  • dngrayM
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    For instance my phone number isn’t tied to my Matrix account

    It isn’t for anyone using any client unless they optionally decide to provide it.

    They talk of Matrix being centralized but that only really applies if you use the Matrix home server, there are many alternatives

    Indeed: https://joinmatrix.org/servers/ and that’s not even getting started on the private ones or unlisted ones.

    is it betetr than Discord for privacy and security ?

    100% Discord has no privacy no encryption, the company sees absolutely everything.

    Discord is clsoed source so nobody knows what it gives up or does in the background

    That doesn’t necessarily impact privacy, and we know exactly what it does in the background based on their privacy policy, which in itself is quite ambiguous in parts. They’re quite happy there to admit they will tie identities together if you use social media logins and features like that.

    No closed source program can be trusted over a FOSS option

    I would say be careful here, because something is open source doesn’t necessarily mean anyone cares about what the code is actually doing. In the case of Matrix it is a very active project with a lot of community engagement and a well thought out specification so that everyone can “get up to speed”. That is extremely important. Nobody is going to sift through a tarball of source code “it’s open source”, if the development is not. It’s also totally possible for a patched version to be running in production that doesn’t reflect the source code.

    That is why it’s very important not to confuse FOSS with privacy.

    • PublicLewdness@burggit.moe
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      You can say how FOSS programs don’t equate to privacy because people may not catch things or be watching but with closed source options nobody gets to audit the code at all outside the project. How is that better for privacy ? FOSS at least gives us a chance at privacy.

      • dngrayM
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        If the audits are public and they are actually funded with proper scope that may very well be better than some very small project nobody can be bothered looking at. I’m not saying having source is a bad thing, quite the opposite. Privacy is generally gained through security controls, and just because something is open source doesn’t mean it is secure, likewise if something is closed source that doesn’t necessarily mean it is insecure as this post describes.

        • PublicLewdness@burggit.moe
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          My issue with closed source is we don’t know if it is insecure or secure because nobody can find out. It’s a pandora’s box of privacy and security. It may be the most private and secure code known to man or it may be sending anything and everything about you somewhere but we’ll never really know. As for public audits who picks who gets to audit the code ? The company who made it ? You can do as you please but I refuse to trust closed source code. I’m not saying all open source code is good but at least we can find out if it’s good or not through independant means rather than trusting people that the company who made it picks to tell us.