| ▲ | broken-kebab 12 hours ago |
| A protocol can mandate forced deletion. A particular client implementation may ignore it, or some users may circumvent it, so it would be a weaker kind of feature, but still a feature. And depending on circumstances it can be quite useful. |
|
| ▲ | nicoco 11 hours ago | parent | next [-] |
| An open protocol can mandate indeed, but that is still in the realm of pinky promise security. A better design for a privacy-friendly chat protocol is to not write a lot of stuff on a lot of different remote servers when that's not necessary IMHO. One of matrix's selling points is to be censorship-proof though; in that case copying stuff as much as possible makes a lot more sense. |
| |
| ▲ | broken-kebab 11 hours ago | parent [-] | | >pinky promise security You are right, though I still prefer "weak feature" as a term :) There's enough value in such things. Cryptography crowd is concentrated on omnipotent Eve breaking ciphers, and that wrench from xkcd, but I dare to claim that majority of both commercial and private leaks happen just because well-intentioned users don't have enough capacity to keep track of all the things, and proverbially think twice. Features like "unsend", or timed deletion are indeed laughable on their purely technical merits, but do wonders saving users from grave mistakes anyway. | | |
| ▲ | davorak 10 hours ago | parent [-] | | It's hard to explain to a non technical user. Something like "We tried to delete the message, but some of the people who received your message might still have a copy." Does not sound great and is going to be hard for a non technical user to understand and hard to implement in a way that a non technical user will find satisfying. So if I was a dev on matrix/element and this feature came across my plate I would have to weigh it against features that I know can be implemented in a way which make technical and non technical people feel satisfied and better about the application. | | |
| ▲ | wkat4242 9 hours ago | parent [-] | | That is exactly what happens in WhatsApp though. Maybe the message isn't there anymore but it used to say pretty much exactly that. |
|
|
|
|
| ▲ | Almondsetat 11 hours ago | parent | prev | next [-] |
| A protocol can only support, never mandate. If I send you "DELETE MSG #4829" and you do nothing and reply with "200 OK; DELETE MSG #4829", nobody observing the protocol's messages will ever know what happened. Sure, an omniscent being could say "but he internally broke protocol, he didn't delete the message!", but by definition if something cannot be verified inside the protocol, it is outside of protocol. |
| |
| ▲ | nicoco 11 hours ago | parent | next [-] | | Sure. In practice, in federated networks bad actors end up being blacklisted. It does not provide any "formal" guarantee, but… it tends to work fine enough. For this specific "deletion request" feature, of course it should always be seen as a convenience thing, and absolutely not about security. As with many engineering things, it's tradeoffs all the way down. For instant messaging, a federated approach, using open protocols, offers what I value most: decentralisation, hackability, autonomy, open source. My options in this space are Matrix or XMPP. I have not attempted to self-host a matrix server, but have been very happy with my [prosody](https://prosody.im/) instance for almost a decade now. | | |
| ▲ | AJ007 10 hours ago | parent [-] | | I don't know what's wrong with XMPP other than the network effect collapsed when the GMail chat thing was killed, while the mobile client options were poor for a very long time. Matrix has the appearance of being a drop in replacement for Slack or Discord, but the design decisions seem so compromised that the only explanation is they did manage to establish a (somewhat weak) network effect? It certainly is not a good look for an open source project to be running on Slack or Discord (free/cheap plans rugpulled or to be soon.) Then that leaves IRC, which has a network effect collapsing at a much slower pace. I never got far enough to try hosting a matrix server, but reading the linked post -- Matrix definitely is not GDPR compliant. The combination of whatever end form of ChatControl the EU gets along with possibly hundreds of other laws across the world and individual US states makes me think the days of a public facing non-profit or small startup running a project like this are over. (Or maybe the future of open source is funding lawyers while the development is all done for pennies by AI?) | | |
| ▲ | wkat4242 9 hours ago | parent [-] | | The GDPR is being neutered anyway because the EU caved in to Trump. Not being chatcontrol compliant? That's a feature not a bug. Nobody wants that anyway. Just another stupid US lobby (Thorn). A big organisation won't be able to run matrix for everyone no but that's the cool thing about it. People can run their own for smaller groups of people. |
|
| |
| ▲ | broken-kebab 11 hours ago | parent | prev [-] | | I don't know such definition frankly. And to the best of my knowledge there are plenty of things which people call "protocols" strongly prescribing actions non-verifiable in the very sense you used. That said I'm not here for a terminological discussion. We may call it green cheese, but it's still a useful feature. | | |
| ▲ | Almondsetat 11 hours ago | parent [-] | | Nobody claimed it isn't a useful feature. The only claim I made is that it cannot be mandated with an open protocol, so if you expect 100% adherence in the name of privacy, you're setting yourself up for disappointment. | | |
|
|
|
| ▲ | miloignis 10 hours ago | parent | prev | next [-] |
| True, and Matrix has the weaker version of the feature: https://spec.matrix.org/v1.16/client-server-api/#redactions
It should absolutely work in normal situations across all servers and most all clients. |
|
| ▲ | zenmac 11 hours ago | parent | prev [-] |
| People should related to anything federated like email. If you send something it is in someone else's computer now. With matrix or any e2ee protocols it is depending on pinky promise of the client to modify it. I thought the whole Snapchat fiasco already taught us that. Did we forget? |
| |
| ▲ | XorNot 3 hours ago | parent [-] | | There's a difference between "I have an active adversarial actor" as a security model and "sometimes I send something I don't want to and want to delete it, the people watching are friends and acquaintances and are not deliberately preprepared to collect kompromat". When I delete a message off Signal chat, the expectation is that the chat members are agreeing by social contract to abide by that. |
|
