I am interested in trying out matrix, but my first impression seems to reveal that by default, there may be some privacy or anonymity pitfalls if I use matrix.
Examples:
- using an instance I don’t host means the host is trusted with my data
- self hosting might reveal a lot of information about me. Most likely, it is registered to a domain that has my info and could potentially be traced back to me.
- When self-hosting, being one of few users, basic analysis of my activity could reveal a lot about me, since all that activity could be easily identified as belonging to a single person
Now I understand not all threats could be mitigated, but my worry is that both self hosting or not have significant gaps. What’s the most privacy and anonymity conscious way to use Matrix?
Matrix is not the right protocol for staying anonymous. There’s way too much unprotected metadata.
You might be able to mitigate that somewhat by using an instance that is accessible via TOR and being careful who you communicate with, depending on threat models and so on.
But if you want to communicate anonymously and not leak meta data… Probably not what you are looking for.
Thanks, that’s what I was thinking. Are there better alternatives?
I’m skeptical of Signal’s centralized model and its couple with Google services, among other things.