• 43 Posts
  • 256 Comments
Joined 5 months ago
cake
Cake day: February 10th, 2024

help-circle
  • Linux user here. I don’t know of an open desktop calendar app that supports the protocol I need (CalDAV) without being one or more of:

    • Bloated
    • Too simplistic to be useful
    • Too annoying to use (poor UI)

    The best compromise I’ve found so far is Thunderbird. It is bloated, but less so than any Electron app I’ve used. I find the UI annoying, but tolerable for lack of a better option. I’m thankful for an open, cross-platform tool that gets the job done, but I wish I had one that was lightweight and pleasant to use.

    It would be nice to see some new work in this area. It’s a similar situation with email apps.









  • That explanation is fair enough but the headline is red meat the the EV disinformation brigade.

    It’s funny how words affect people differently.

    Not long ago, I posted a short, precisely-stated comment mentioning an observed fact that I had verified with a relevant authority. When I later checked in, I was surprised to find someone accusing me of spreading misinformation, and my comment removed by a moderator. It was clear that my accuser had badly misinterpreted my words. He refused to admit it or accept clarification. (And the mod had already acted, rashly.)

    I re-checked what I had written about twenty times over the course of the day. There was nothing there to support the accusation. My best guess is that my phrasing or the subject matter might have touched on rough emotions from a bad experience, leading him to see what he expected to see instead of what I wrote, and triggering attack mode.

    Communicating well really is complicated. It takes work on both sides, and can quickly turn into a bad time if it goes off the rails.

    Because of this, I’ve been making an effort to read (and re-read) charitably, especially with people I don’t know well.





  • mox@lemmy.sdf.orgtoPrivacy@lemmy.mlDoes MATRIX recipients know my IP?
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    7 days ago

    Obviously you need someone joining the room for the room metadata to be shared between homeservers.

    Well then, your assertion that Matrix gives it freely is false.

    Not so with Matrix, where a joining homeserver get full retroactive access to all the room metadata since the room’s creation.

    This is false, too. Historical event visibility is controlled by a room setting. (And if you don’t trust admins of a sensitive room to configure for privacy, then you’re going to have bigger problems, no matter what platform it’s on.)

    Edit: I suppose you might argue that you can bypass this by running your own homeserver and attempting to join the room from it, thereby granting visibility not through joining (as you wrote), but instead through federation with the server you control. The thing is, you can’t do it without permission. Room admins can simply deny your join request when they see what server you’re on. This might make sense in a particularly sensitive room, for example, just as it would to restrict history visibility.

    you really need to stop privacy LARPing

    LARPing? I’m not the one stirring up drama with falsehoods and patronizing snark, am I? Farewell.


  • Matrix stores all this info and gives it freely to other servers retroactively(!)

    Can you show me the part of the spec that allows a server with no room members to get private room info from another server? I’m skeptical, but if true, I believe that would be worth reporting as a bug.

    network layer sniffing (which is anyway much harder to do)

    You’re funny.


  • The network layer of all internet servers reveals almost everything you listed. Signal has the same problem, and there’s nothing they can do about that. The only way to avoid it is to use a completely peer-to-peer model (Matrix has started work on this, btw) and avoid communicating across network routes that can be monitored.

    There might be one exception, depending on what you mean by “Accounts”: The user IDs participating in a room can be seen by server operators and room members. But then again, server operators can already see their users’ IP addresses (which is arguably more sensitive than a user ID), and I believe room members have to be allowed into the room in order to see them. For most of us, that’s fine. Far from a disaster.


  • Human behavior is funny, isn’t it? No matter what the topic, there are always people around who like to repeat criticism they heard from someone else, even if it’s so vague as to be useless (“metadata disaster”) or they don’t understand the details at all.

    It’s not a disaster. A few minor bits of metadata (avatars and reactions, IIRC) haven’t been moved into the encrypted part of the protocol yet. If that’s a problem for your use case, then you might want to choose a platform with different flaws, or simply avoid those features. It’s already good enough for the needs of many privacy-minded folks, though, and it continues to get better.