Viewing a single comment thread. View all comments

vandemic OP wrote

Reply to comment by mofongo in Is Riot safe(r) ? by vandemic

If I configure an encrypted chat with a friend, do our comms remain e2ee as the default from that point forward or do I have to configure it every time? Also, does Riot store metadata as far as you know? One more thing, if I buy a smartphone off someone on CL without a SIM card, what's the procedure to download and install the app? I've noticed that it can be very difficult to work around needing a phone number to even access things like the iOS app store...

2

mofongo wrote

After setting up the encryption, it remains as the default from that point forward and cannot be turned off. Riot does store information, it asked for elevated storing permission on the webapp and surely the app does as well. However, you can look for another matrix client that does not.

I'm unsure about iOS, but you can download riot from f-droid without requiring a phone number or be associated with an account.

Here's the list of supported matrix clients, there's also a feature comparison list on the same page.

https://matrix.org/clients/

2

mofongo wrote

They also keep a record of the conversations on their servers.

2

vandemic OP wrote

Right, but if I set all conversations to e2ee, then even if they, the Riot ppl, store my data on their servers, none of it is in plaintext or otherwise accessible to their engineers, so it's fine?

2

celebratedrecluse wrote

all encryption is time-sensitive. anything can be broken with enough time.

the UK does not have statutes of limitations on criminal prosecutions, a unique feature of its legal system. So anyone can be prosecuted at any time for any crime they allegedly committed, even if it was a misdemeanor like 20 years ago lol

theoretically, anything you talk about on a default Riot encrypted chat is a conversation occurring in UK, because the matrix.org server is hosted there. They have data breaches in the past, too. UK is part of five eyes, which shares info with US Australia etc. So all of it, could be considered "Conspiracy to X", if it relates to anything illegal under UK law. Conspiracy is usually a felony charge, which makes it eligible for extradition.

So the question is, do you live in a country that extradites to UK, or who UK shares info with? If so, might want to self-host Riot, and not rely on this suspicious server, which has a giant target on its back and is in the worst possible jurisdiction.

2