As far as I can tell it comes down to:
- are you afraid of foreign espionage
vs.
- are you afraid of your own government
Now, if my government knows everything there is about me and one day decides to crack down on dissidents or hand them out to another foreign power as it was done in WW2 with the Jews in the Netherlands? Well, that is on another level.
We have be down this road before. It never ends well.
Maybe it's been too long and people forget. My grandparents lived through WW2, from what they told me, the capacity for humans to inflict pain and suffering on other humans knows no bounds.
I do use Switzerland as an exit for my vpn though yes.
Truth is, Euros don't care about privacy. The endgame will probably be to host this stuff in the third world or something, like pirates do
Switzerland created a new set of surveillance laws in January, that far exceed anything inside the EU. Which means that EU laws are irrelevant, when talking about a company inside Switzerland - you should be talking about what they actually use!
Maybe even with small-range offline radio mailboxes so you can deliver and gather messages from/to highly suppressed people which then can be send back into the "online" network automatically without further interaction.
Having a second diverse link that is cheap to setup would be an alternative.
I very much prefer to guarantee that data doesn't leave my trusted servers in the first place, rather than to encrypt it.
what's the rationale behind this? The point of a server is to ... serve things. If you're not gonna exchange data you might as well put a hard drive in a closet.
The point of encryption, to securely send information across adversarial channels, has made it possible that I can take my most secret information and send it across my worst enemies network and I don't need to care. Who on earth wants to go back to a world where I have to hide plain text documents in the sock drawer?
The only project that got some serious momentum is Meshtastic. That's decentralized LoRa with flooding/next-hop-routing that can be backed with MQTT.
I think a huge step forward would be a decentralized BLE LE (a super robust Bluetooth Low Energy mode) Mesh based application as it can be used on smartphones.
When Moxie wrote a thoughtful critique of decentralization, I wrote an article addressing his criticisms and spoke about why decentralization matters: https://community.intercoin.app/t/web3-moxie-signal-telegram...
There are many great decentralized alternatives. I know the founders for most of them, and interviewed some, like the founder of the original (and current) Freenet, probably the earliest private content sharing network ever launched: https://www.youtube.com/watch?v=JWrRqUkJpMQ
Here are some more of my interviews regarding freedom of speech, including with regulators, sociopolitical thinkers like Noam Chomsky, Milton Friedman’s grandson, etc: https://news.ycombinator.com/item?id=34179795
Here is a map of the global war on end-to-end encryption, with updates on how we have been losing this war: https://community.qbix.com/t/the-global-war-on-end-to-end-en...
In my opinion, the most secure network is Autonomi.com, which was previously Maidsafe. It is FULLY decentralized and encrypted, and those guys have been at it far longer than Matrix. I have been on their forums and they have been on ours for years, debating various architectural and economic tradeoffs.
Here is why. True anonymity and freedom requires not trusting a centralized party. So you’re going to need a way to achieve some sort of consensus and durability. Also if you are anonymous, how do you pay for storage? You can’t have accounts! Answer: you need utility tokens, a form of cryptocurrency that needs to solve the double-spend problem.
So any project that is serious about solutions arrives at these elements every time. Perhaps the only exception is early BitTorrent where everyone sharing had to be seeding too. But that only works for popular movies and such!
I think there is no need to buy storage (you already have it); there needs to be software to share it in a way that is p2p and not via ANY other machines that are not owned by the members of the group (for instance, your family).
dang: is HN really the place for competitive marketing crap like this?
Is it irrelevant? A vendor that isn't based in the UK could just rightfully tell the UK government to fuck off—which isn't likely to be an option for the UK-based Matrix and Element.
How does that publicised adding algorithm get corrupted, if the UK government decides they want that 2+2=5?
The answer is that matrix being based in the UK isn't ideal, but since they published the whole protocol, it can't just be made unsafe on request without people noticing. If the math maths it still maths when the government doesn't want it to math.
What could happen is that the UK could force specific servers of the UK based entity to surveil targets etc. But you don't have to use their servers (in fact, their goal is probably that you run your own).
As someone who would be in the position to decide for or against matrix/wire usage in my org, I have to say this kind of pratise didn't particularily strengthen my trust in wire.
A likely outcome is that they make it unsafe and people do notice.
I don't know the matrix org but if I were them I had a plan in a drawer for when that happens and where to move.
I started self-hosting and adopting Matrix for my app recently and most of these raised concerns seem manipulative at best. Thanks for all the work with the project!
Though I'm not sure if the GDPR allows for data to be stationed in Switzerland. It's not EU but it is party to a lot of treaties so it's not out of the question.
Ironically it might become a safer place to station data if the EU manages to push through more surveillance decrees.
There is a treaty between the EU and Switzerland for this. Full list of countries here: https://commission.europa.eu/law/law-topic/data-protection/i...
Being inside of the EU also won't ensure your privacy: https://argos.vpro.nl/artikelen/former-philips-top-cryptogra...
And let's not forget that the Swiss are just as willing to implement privacy infringing laws as any other country these days: https://tuta.com/blog/switzerland-surveillance-plan
Don't trust a company just because it's situated somewhere. When governments friendly to yours want to spy on you, they don't necessarily let borders stop them.
CryptoAG and the CIA's decision to release the history document of that operation is such an interesting story. In particular, it had this effect of getting people to distrust Swiss companies, for better or for worse. It makes it sound plausible, if however unlikely, that a company such as Proton is actually a front for US cyber warfare. (I don't think it is but it might be; it seems like that may have been the point.)
Backups half-way solve the issue with text messages - I would still need to contact someone with sufficient development skills to decrypt the backup and extract the text in a readable form, but the information is there.
But with images, there is no recovery. And they apparently already lost some of my photos (the placeholder for some of them never gets replaced with the actual photo when I scroll up to year 2023).
Add to that the incompatible backup formats between the desktop and mobile apps.
So this is definitely not the claimed data sovereignty.
wire continues to be a clown show.
kelnos•6mo ago