UK government demands Apple backdoor to encrypted cloud data: Report | TechCrunch
techcrunch.com
Apple is likely to stop providing its encrypted cloud service to U.K. users

I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.

I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?

  • mox@lemmy.sdf.orgEnglish
    0·
    5 days ago

    Matrix is good for private general messaging. The fact that it’s decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.

    Two things to be aware of:

    • Some non-message bits (e.g. room topic text and membership) have not yet been moved to the encrypted channel, so those could be read by the administrator of a homeserver that participates in your chat room. Since most people care primarily about keeping the message content private, this is an acceptable trade-off to get all the things that Matrix offers.
    • The upcoming Matrix 2.0 features and design choices simplify the UI and fix some occasional errors. It might be worth waiting until this stuff officially lands in the client apps before bringing your contacts to Matrix, for a better experience all around.
    • rottingleaf@lemmy.worldEnglish
      01·
      5 days ago

      Government-ordered shutdowns do not work the way you think. Government doesn’t play by the rules, it makes rules for itself.

      Which means - they may, say, make a list of instances updated hourly, which automatically get blocked by ISPs.

      Free speech or not, it won’t withstand such.

        • rottingleaf@lemmy.worldEnglish
          11·
          3 days ago

          All either lack user directory or use phone numbers as identifiers. Finding people through the same instrument is an important functionality, without which a messaging system will not be popular and thus will not be relevant for such situations.

          If a messaging system uses SMS for confirmation, then, as you might guess, there is some central point sending out those SMS. So it would have centralized registration. Then technically registration can be disrupted (one can imagine some cryptographic scheme to make this the only disruption). Registration is an important part, even for a popular system many people will not have an existing account when they need it.

          User directories - if there is a decentralized user directory listing John Smith, Ivan Ivanov and Obi-Wan Kenobi, then either there will be hundreds of each with no ability to tell which of them is the real one (suppose those names are unique, say, u://jsmith, u://iivanov and u://alongtime ), or you need some kind of registration of public key and nickname pairs. Simplest variant (maybe dumb) is to have the messages telling of such registration having happened to be signed by some “registration authority” or a user delegated (by another message) that right (one would have to trace it to the root sadly). Then, it appears, users may add registration authorities, or choose between them, manually, but then the decentralized user directory would work in some moderated and ordered way.

          I’m not aware of any such system existing, and perhaps something about what I wrote is just dumb.