Re: The Ecosystem is Moving

“I agree with this observation and think that this is a real problem. But the answer to this problem would logically be that we need to increase our efforts to change that by reducing the number of GMail accounts and increasing the number of self-hosted email servers, right? This is not really an argument for centralization, where each and every message is guaranteed to have the same service at the other end.”

If you think about it, it really is an argument towards centralization. Imagine Facebook releasing a privacy invading Matrix client that lures in billions of users just because it comes preinstalled on every Samsung phone or whatnot — no way to talk to almost anyone without them invading your privacy. Sure, you can choose not to use their client, but majority of your peers are the equivalent of second hand smokers blowing smoke at your face; “what’s the big deal, it’s only metadata. I have nothing to hide”. Compare that to centralized ecosystem built to protect your privacy from the ground up, there’s no bad Signal client out there. FB needs to have different ecosystem and they have: WhatsApp.

“totally ignoring modern approaches to email encryption like autocrypt.”

The only client supported are Thunderbird and K-9 Mail. How is this a solution? It’s XKCD #927 all over again.

“there are solutions to this problem, one being nomadic identities.”

Great, so the solution is… a centralized service managing your decentralized identities.

“There are also import/export features present in most services nowadays”

Good luck using those when the service is being censored.

“And even if domain fronting was an effective way to circumvent censorship, it could also be applied to federated servers as well, adding an additional layer of protection instead of solely relying on it.”

If Domain Fronting works, it’s enough. If it doesn’t, you’re out of luck because the international community isn’t going to care about oppressive nations blocking all Matrix servers.

“What if the US decides to shutdown signal.org for some reason?”

FUD. There’s nothing that implicates such incident would ever take place. Plus even IF that would happen, Signal could easily move to e.g. Switzerland or Nordic countries that still respect human rights. And there’s the fact the US senate staff is using Signal: https://www.schneier.com/blog/archives/2017/05/the_us_senate_i.html

“Police confiscating each and every server of a federated system (or even a considerable fraction of it) on the other hand is unlikely.”

That’s not necessary when you can block the protocol, public servers or whatnot.

“contrary to a total outage of centralized systems.”

Yeah, because AWS hasn’t figured out how to ensure uptime in case some individual server / data center goes down.

“The XMPP community already recognized the problem that comes with having that many XEPs and tries to solve this issue by introducing so called compliance suites. ”

So when a new feature is proposed, it takes one year to create a non-binding advisories to client vendors, who may or may not implement them. Doesn’t sound too agile. What if it’s a more secure protocol? What do you do if the client refuses to implement it? All clients need to maintain backwards compatibility or boot out the users using the client. If they maintain compatibility, you get protocol downgrade attacks. Security agility matters more than anything here, and it’s THE thing where decentralization sucks. If you want a good example, take a look at how OpenPGP workgroup still hasn’t agreed on a 256-bit hash function after SHAppening, FIVE years ago. Such things are a non-issue for centralized protocols. Considering Matrix clients’ E2EE-by-default is still non-existent, I’d say they’re on the same boat with PGP and its bike shedding.

“preading FUD about the XMPP protocol as a whole is unfair and dishonest.”

The problem is security. There is no mandated E2EE standard like OMEMO in XMPP. Matrix is another “solution” that did not think along the lines of “security first”.

“Luckily the audience of the talk didn’t fully buy into Marlinspikes weaker arguments as demonstrated by some entertaining questions during the QA afterwards.”

The question was not mocking in it’s nature, the fun part was the fact he disagreed with Moxie. Moxies reply wrt. metadata was eventual adaption of Onion Routing. It’s not a trivial issue to solve. What the writer fails to note is Matrix doesn’t solve metadata problem either. Instead, it moves metadata to Mike, the IT guy of your peers who has a crush on Karen, and who he’s stalking relentlessly: Who she talks on Matrix, when, and how much. And until Riot enables E2EE by default, it might be he’s reading her private messages too. I’ll take Moxie reading my metadata any time over such a scenario. At least I know all my messages are always E2EE.

The only solution is Tor. But v3 Onion Services aren’t even ready e.g. basic/stealth authorization doesn’t work yet. So even if you removed metadata, now you’re unable to properly block contacts from checking when you’re online.

“What Marlinspike is right about though is that developing a federated system is harder than doing a centralized service. You as the developer have control over the whole system and subsequently over the users. However this is actually the reason why we, the community of decentralized systems and federated protocols do what we do. In the words of J.F. Kennedy, we do these things “not because they are easy, but because they are hard” – or simply because they are right.”

Then they should start with security first like Signal does and only release once E2EE works. Until decentralized platforms solve metadata, I wouldn’t talk about idealistic not-so-well-thought-out ideas of decentralization to people who can do it faster. Matrix ecosystem will get there eventually, but considering they don’t offer anything meaningful to availability (as dissected by Moxie and above), their arguments fall down to the idealism regarding user freedom and FUD “what if the server is taken down or if Moxie gets bored”. Both would be problems, but neither seems to be the case. This blog post was full of “solutions have been proposed to this problem” — why wouldn’t the same apply to Signal’s problems?

I fail to see any meaningful, real benefits from decentralized platforms. To really solve metadata problem and censorship resistance, you need apps like Ricochet, Briar, or Cwtch, that are peer-to-peer and where you can’t screw up your anonymity and OPSEC accidentally.