Email or username:

Password:

Forgot your password?
Top-level
Arcane Alchemist

@rysiek @m Apparently, these issues were already known and not considered to be serious, which is why they remained.

mastodon.social/@krille@troet.

PS: If the issues were as basic and far-reaching as the blog insinuates, why are multiple countries using Matrix for their military and administration?

4 comments
Michał "rysiek" Woźniak · 🇺🇦

@ArcaneAlchemist it's not "some blog", Soatok is a solid security researcher. Ignore his insight at your own peril.

Also, did you really just argue that surely a certain solution is perfectly fine because nation states use it? Really? :blob0w0:

Because that would make Microsoft Teams by far the best communication solution in the world.

@m

Arcane Alchemist

@rysiek @m I'm judging it as a "blog" because of the style of language and the disclaimer at the beginning. I'm not saying Matrix is perfect, but considering that (at least Germany) is actively contributing to it, I expect that they also have experienced security researchers looking at the codebase. To use your argument, why go through all that effort if they could have just used WebEx and Teams? Arguing that the devs and auditors are all incompetent is a bit far fetched, don't you think?

Michał "rysiek" Woźniak · 🇺🇦

@ArcaneAlchemist I am not arguing that "devs and auditors are all incompetent", please kindly refrain from putting words in my mouth.

People miss things all the time. The fact that A Large Organization or State is using a given tool does not necessarily mean they audited it. And even if they have, it doesn't mean there are no security issues.

I linked to a specific piece of information on specific security issues found by a good security researcher. Do what you will with that info. 🤷‍♀️

@m

Arcane Alchemist

@rysiek @m I was referencing what was written in the blog, where he explicitly warns against using Matrix and repeatedly questions the developers' competence.

Go Up