Soatok DreamseekerAh, the Matrix guy decided to chime in on the Hacker News thread about my blog.
https://news.ycombinator.com/item?id=46979742#46982871
Of course his comment is bullshit.
Like, the issues I found aren't even particularly difficult to mitigate. I provided some sample code in my Matrix disclosure blog post and pointed to a bitsliced AES implementation (BearSSL) for systems that can't do AES-NI.
Hell, you could probably get a fucking LLM to do it. Trail of Bits published a Claude skill for detecting whether a compiler has undermined the intent for code to be constant-time. But the heavy-lifting is done by a Python script.
Shipping cryptography without side-channels was table-stakes for being taken seriously.
(Note: I'm not endorsing LLM use. This is a flippant remark about how embarrassing the things I found in Matrix's Olm library were.)
The Matrix guy is incentivized to control the narrative here. No surprise there.
But I implore anyone paying attention to critically evaluate the facts and what he said then as well as what he's saying now.
There are more pathetic comments on the Hacker News thread.
For example:
(Would you believe this guy has -18 karma?)
The crucial thing Arathorn hasn't figured out is he's his own worst enemy when it comes to public relations.
Several folks have told me they stopped trusting Matrix. But not because of my write-up. They stopped trusting Matrix because of how Matrix responded to my write-up.
They couldn't just said something banal like, "Thanks for contributing to the security of Matrix," and done less damage to their own reputation.
Kiri 
@soatok I'm a good example of that! I got turned off Matrix as "the platform" when that whole "oh yeah we knew about those issues but didn't do anything about it because we were already working on the new thing", but then the following attitude was what cemented the notion of "I can't trust this to ever be better, can I?"
@kiri Given that my previous disclosure was in May 2024 (published August 2024), and then https://furry.engineer/@soatok/116055556402436098...
Yeah, probably not.
signal eleven@soatok median mossad-funded honeypot app behavior
nyanbinary@soatok reading this out of context & wondering why someone on my timeline is calling out the chieftain of the dunedain, which... not wrong, just surprised
Devourer
cloudskater@soatok Isn't Matrix involved with some crypto bs and military operations too? THAT'S why I don't trust them.
nLupo 
「Carmilla」 luné's villain era@soatok whenever I see these kinds of guys I am fascinated in a way. like a particular kind of dipshit frozen in amber from the 00s.
(I know unfortunately they're still making that kind of guy and it's usually creeping out of some sort of anti-LGBT bigotry. but my first thought is ALWAYS "how did you time travel to here?")
@lunemercove Haha fair
Greg Bell@lunemercove @soatok like seeing a classic car that you don't understand why anyone would have saved like a ford pinto
SkylerBold@soatok Time to increase the fucking thing, Soatok?