Found here.

I don’t have any real proof of this and it might be FUD, but given the curious links Signal seems to have to the NSA/CIA, this wouldn’t actually surprise me much…

Yes and XMPP is funded by the Russian mafia ;)

  • @abbenm@lemmy.ml
    link
    fedilink
    173 years ago

    If you really don’t know how to look at this and see the lack of a compelling argument, I really don’t know what to tell you.

    The level of scatterbrained disorganization in the article is something that could only exist on the internet. I’m not even sure where to start. I guess I’ll start with this: at one point, in bold, it is alleged that “some people started to report about huge amounts of data and metadata being sent to Matrix central servers.”

    Some people? It’s not at all clear from the article what the source for that is. Is it one of the numbered links? Before, or after? There’s no natural reading of it where you can find what the source is. I’m not even just talking about whether the statement is true, I’m talking about the fundamental lack of concern for connecting allegations to evidence in a way that’s accessible to a reader.

    Also, the game of saying X is funded by Y, easily degrades into a meaningless exercise of six degrees of Kevin Bacon if you aren’t careful. The joke at the center of six degrees of Kevin bacon, is that you can name any actor, and they’re no more than six degrees removed from Kevin Bacon. Is that because there’s a secret Kevin Bacon conspiracy at the center of the entire history of film and cinema? Or is it because the that’s how networked set of relationships in any context for anything works?

    That goes even more so for finance. It’s not enough to say that one organization is connected to another because it is “funded by” it, and therefore compromised. That is intellectually lazy, and not something that by itself is sufficient to establish questionable motives or intentions. It’s not nothing, either, but it’s a circumstantial connection that needs to be supplemented by additional context, such as an agenda that carries over from one institution to the other, or particular people that move from one to the other, or some kind of smoking gun explicitly and directly showing intentions, that is to say, a totality of evidence that converges on a point, rather than mere connections that can be interpreted to suggest malevolent intentions.

    I could go through the article piece by piece and explain how scatterbrained it is. The incoherence of opening the article that starts by floating a possible connection to Israeli intelligence, only to immediately set it aside and say that the rest of the article doesn’t depend on taking any of that seriously. Or how absurd it is that any of the argument at all would hinge on the fact that Riot, which isn’t even matrix, but a client for matrix, runs on Electron, which itself is also not Matrix, and that Electron being not free software somehow supports an argument specifically relating to Israeli intelligence. It’s not even clear what that argument is or isn’t supposed to support, is never elaborated upon. It’s never elaborated upon whether electron is bad just in the sense that proprietary software is bad because it seeks profit, or whether in this case it’s supposed to be specific to a malevolent connection to Israel or something else, and what the basis is for distinguishing it as one or the other, or how much of an argument that’s against electron or Riot is supposed to apply specifically to matrix.

    It’s just one half baked argument after another after another after another. And I’m not even saying that it’s wrong! Regardless of what you believe, there’s just a really fundamental level at which this is not an example of coherent thinking through evidence or logical arguments to get to a well reasoned conclusion.

    “Curious” connections that might be nothing, but nevertheless are being entertained because things are “linked” in ephemeral ways, and that is the stuff of Qanon conspiracies. Again not saying it’s wrong, but if you can’t see how disorganized this article is, I don’t know what to tell you.

    • poVoqOP
      link
      fedilink
      73 years ago

      Yes the article sucks, but if you google a bit you can find that the central point is true: Matrix was originally developed while the two main people behind it were working at Amdocs and Amdocs even allowed them to do so during working hours while still being paid. Why would a commercial company do that especially when it doesn’t become a product sold by them at all (and it doesn’t look like it was ever intended to be)?

      And that Amdocs has been used by Mossad for various purposes is also more or less undisputed.

    • @Jojonintendo@lemmy.ml
      link
      fedilink
      43 years ago

      It definitely looks like the typical article that drops some random facts for the conspiranoic minds to connect the dots.

  • Dessalines
    link
    fedilink
    93 years ago

    Certainly a bit concerning. Here’s what hodgins said about that funding 4 years ago:

    Yup, to elaborate: many of the core matrix.org team have dayjobs with various subsiduaries of Amdocs, who pays our salaries but lets us work fulltime on Matrix. It’s analogous to Intel or someone paying for developers to work on the Linux kernel. Matrix.org itself is fiercely independent of Amdocs or any other corporate interest, and we’re in the (neverending) legal process of getting it incorporated as a proper non-profit in the UK (technically, a limited by guarantee company) with a formal charter to act as a neutral guardian of the project, protocol and ecosystem.

    Oh, and to answer the question of ‘how is it planning to turn a profit’: we’re playing the long game. If Matrix is successful, it has potential to be equivalent to the Web itself, but for realtime comms. Just as the Web is a non-profit decentralised protocol that can support an industry of commercially viable companies: so for Matrix too.

    Overall tho, its not nearly as concerning a case as signal, since matrix is easily self-hostable, and decentralized, whereas all of signal’s data must pass through the one and only usable server in the US.

    • poVoqOP
      link
      fedilink
      1
      edit-2
      3 years ago

      Overall tho, its not nearly as concerning a case as signal, since matrix is easily self-hostable, and decentralized, whereas all of signal’s data must pass through the one and only usable server in the US.

      Yes, but it might make for a strong case to disable all federation with matrix.org (if that is even possible).

  • Helix
    link
    fedilink
    8
    edit-2
    3 years ago

    It has had independent security audits though.

    • GadgeteerZA
      link
      fedilink
      23 years ago

      And has EU (GDPR) grant funding and is used by French government…

      • poVoqOP
        link
        fedilink
        53 years ago

        AFAIK the security audit was for the specific implementation of those servers used by the French government only, so the matrix.org servers (that change all the time anyways) are not covered by that.

        Oh and being used by EU governments means little, the NSA has pretty much completely infiltrated the EU security apparatus as recent news from Denmark and previous info from the Snowden files haven shown. The same it probably true for Mossad.

        • GadgeteerZA
          link
          fedilink
          13 years ago

          One can self-host Matrix I suppose so there is always that option. I don’t think the independent audit was of the French gov’s own Matrix server? Why would they get such an audit done when they set it up and self-hosted it? I understood that was of the main public Matrix servers and commissioned by Matrix?

          Yes I did not mean that the EU is not infiltrated (we know the German Chancellor’s own phone was spied on by her US allies) but I meant there is better legal privacy protection through the GDPR laws. Without any doubt, it is still better for the French government to host their own Matrix instance with E2EE that they can set themselves, than using any other public service outside. That was very much the point of them doing that exercise, and they even produced their own mobile app clients.

          • poVoqOP
            link
            fedilink
            43 years ago

            Unless you disable all federation on your selfhosted homeserver and self-host the identity server as well (by default on the matrix.org servers), Matrix by design will still mirror a lot of metadata onto any server connecting, which is nearly always matrix.org due to the relatively centralized nature of the Matrix federation.

            As for audits, there seems to have been a security audit only of the olm library that is used for e2ee, and not the rest of the software or the infrastructure. And that audit was in 2016…

            All I could find on other audits is that the infrastructure used by the French government for their Tchap fork of Matrix was security audited according to the Matrix developer.

  • @Slatlun@lemmy.ml
    link
    fedilink
    63 years ago

    It is open source and you can host it yourself, right? Maybe just my ignorance (not a developer), but can’t someone just read the code rather than trying to detect malicious behavior?

  • @TheAnonymouseJoker@lemmy.ml
    link
    fedilink
    53 years ago

    I really doubt they are backdoored, as they are self hostable platforms with audited encryption, so that takes these organisations out of the equation.

    This sounds like Tor is backdoored by FBi just because DARPA funds it. What instead they have done is create a free chaotic network with many honeypot traps, where users have to be clever about using it.

    • poVoqOP
      link
      fedilink
      73 years ago

      Yes and matrix looks a bit the same as it is really difficult to avoid having your metadata mirrored on the official matrix.org servers.

  • Katie Ampersand
    link
    fedilink
    33 years ago

    Upvoting so people can discuss this, but it certainly looks like the kind of post that picks random stuff, puts it together without context and creates a weird conspiracy