Some might say interconnecting everything could be a legitimate goal. Nonetheless, some people started to report about huge amounts of data and metadata being sent to Matrix central servers.
Curious that this claim is without source in the original.
I also have porblems with their claims about bridges. Bridges are Band-Aids to allow you to communicate with people not on Matrix, not a dark masterplan to build a central spionage hub.
By default, a homeserver trusts matrix.org in questions of federation and identity of other servers. You have to get that trust from somewhere. You are free to choose another source for that.
(For example, my homeserver isn’t federated at all, and has that trusted server removed; it doesn’t communicate with anyone. Also it’s not synapse, but that’s besides the point.)
Yeaaaaaaahh the auth thing is really, really complicated to selfhost. There’s a docker project out there that apparently makes it possible, but… No idea. FOr the time being I still use FF’s auth - that’s still an improvement though: Mozilla knows that I am logging in / from what kind of device, but not the content or amount of what I sync.
No idea - this is my firefox sync NixOS config, in its entirety:
age.secrets.ffsync.rekeyFile = secrets.ffsync;
services.firefox-syncserver = {
enable = true;
secrets = config.age.secrets.ffsync.path;
settings.hostname = "localhost";
singleNode = {
enable = true;
hostname = "0.0.0.0";
capacity = 2;
};
};
They don’t actually have to enforce that though. Rather, it’s a neat trick: if you do use encrypted chats, well, you’re purposefully doing something illegal! To hide information, no less! That surely means you have more to hide, and since you’ve already broken a law, let’s investigate further!
To be clear: I’m not saying this is the intended effect. But it is a frighteningly possible one. Anyone who has reason to hide their communication (regime critical activists, opposition politicians, investigative journalists,…) either have to
- accept that their communication will be scanned, making it trivial to spy on them and use that information (legally, no less!) to hinder/stop them, or
- do something illegal, giving pretext for hindering/stopping them since they’ve now committed a crime
Actually… From a data-loss POV, it’s actually pretty much fine; since the server only serves an e2ee file anyways, each end device’s data is sufficient to recover everything.
I.e. if you host Vaultwarden, log into it on your mobile device, save all your logins; then fuck up the server, it doesn’t matter, because your mobile device not only still has everything, but also does not need a server connection to export everything in a way that can then be imported again on a new server installation.