d@nny mc² @hipsterelectron
Yes, as I was reading that there was some conflation, I did get the impression you attributed Element's words to Matrix, which I found confusing.
Anyway I agree with you that Element does some deceptive marketing here by hyping Rust and stupidly suggesting data breaches result from loss of availability.
Replay attacks should be considered, but don't timestamps limit the potential for abuse?
"when keys are rotated that they have precise instructions for what to do ... bc signal understands that PEOPLE WILL FUCKING DIE IF YOU DON'T PROTECT THEM!"
However Signal unfortunately doesn't have any instructions for checking safety numbers the first time you contact someone, so if they understand that people will die they are neglecting responsibility.
"i have an extension of libsignal that avoids a central server dependency"
I think that's great, but unfortunately Signal won't let us use it to talk to our friends who use Signal.
""bridges" (your messages aren't encrypted)"
Yes, its a choice and I don't see this as a negative point. Matrix isn't a walled garden platform and it gives you that flexibility. You can choose to stick with encrypted messages if you prefer.
If I understood your point about auditing, you say that businesses should use unencrypted communications. But if a business has a data breach and we find out they haven't encrypted they're databases, I'd call that irresponsible. It seems to me the best way is to use encrypted platforms while making sure that the necessary people have the encryption keys to do auditing.
"if your encryption is secure then why do you need to inspect network traffic?"
That's a good question, and it sounds like Element wants to branch out into a security vendor role, maybe they should just focus on the messaging platform, but I wouldn't argue against the concept of "layered defense" in general
"sovereign—but somehow still compliant with regulations"
If your not a corp you can have sovereignty, which is impossible with Signal.
"decentralized—but the server owns your identity".
I agree that there is room for improvement, but isn't it the same with most of the Fediverse, which we also describe as decentralized?
jenkinse