Why disroot.org shutdown their Matrix server:
@takebackourtech | https://takebackourtech.org
Earlier in 2021, I started seeing red flags surrounding the recently popularized Matrix protocol, thanks to a series of papers done by LibreMonde. Although I shared the research, many Matrix users saw it as an unfounded attack. This lead me to find and champion alternatives like XMPP.
Now disroot, an organization who ran a Matrix server for quite some time has shut down their Matrix instance due to privacy concerns.
β translated from Spanish
the reasons we decided to close our matrix instance were two:
1. the amount of enormous information that data from the users that we were forced to store (initiation and closing of session, interactions, publications and addresses exposed of users in public rooms, etc.) indefinitely and with the aggravation that the information also remains in the participating servers. and also the growing number of bots that polished mapping the network.
2. the ridiculously large amount of resources it required and increased with its use. about closing the instance, less than 100 users were costing us 5 gb of ram (not counting the branch that consumed the database) and 170 gb of space on the users information disk.
summarizing, it seemed to us that the amount of data accumulated was dangerously large and the resources dismedied for what is basically a text chat software.
We never thought that these problems were deliberately planned, but inherent in the matrix structure. And for us, they became unacceptable above all in relation to the commitment we have to the care of the information of the users.
There are six documents confirming that it was the best decision. It is advisable to read them completely and you can find them here:
https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org
in a part of them can be read:
"after a new research and analysis based on our first document, and despite the changes that have occurred since, we believe that new vector ltd and the Matrix.org foundation cic, which represent matrix.org and vector.im:
- they don't meet the gdpr of the eu
- do not follow the guidelines, best practices and explicit requirements described in the ico guide on gdpr for those who have daily responsibilities.
- fail to defend the fundamental principles of gdpr: legality, equity and transparency.
- are not able to process gdpr data requests correctly and in a timely manner.
- discriminate against non-tecnicxs in gdpr-related issues.
- they are trying to retain data and responses from individuals who are entitled to them, removing such data from their system before completing so requests for gdpr, being a lay crime of data protection for 2018.
- they are using misleading communications, capturing policies and terms of services hard to understand to limit the scope of data requests only to home server services, while providing several other independents.
This document includes disclosure of a personal data violation by Matrix.org.
if you currently have a #matrix account on any server, not only in matrix.org, we strongly recommend that you consider whether you need to file a complaint with the English authority of rgpd, regarding the processing of Matrix.org of your data so far. "
In particular, it seems to me that after several years things have not improved too much in the most important aspects: the care and protection of the data of the users.
#im
@takebackourtech | https://takebackourtech.org
Earlier in 2021, I started seeing red flags surrounding the recently popularized Matrix protocol, thanks to a series of papers done by LibreMonde. Although I shared the research, many Matrix users saw it as an unfounded attack. This lead me to find and champion alternatives like XMPP.
Now disroot, an organization who ran a Matrix server for quite some time has shut down their Matrix instance due to privacy concerns.
β translated from Spanish
the reasons we decided to close our matrix instance were two:
1. the amount of enormous information that data from the users that we were forced to store (initiation and closing of session, interactions, publications and addresses exposed of users in public rooms, etc.) indefinitely and with the aggravation that the information also remains in the participating servers. and also the growing number of bots that polished mapping the network.
2. the ridiculously large amount of resources it required and increased with its use. about closing the instance, less than 100 users were costing us 5 gb of ram (not counting the branch that consumed the database) and 170 gb of space on the users information disk.
summarizing, it seemed to us that the amount of data accumulated was dangerously large and the resources dismedied for what is basically a text chat software.
We never thought that these problems were deliberately planned, but inherent in the matrix structure. And for us, they became unacceptable above all in relation to the commitment we have to the care of the information of the users.
There are six documents confirming that it was the best decision. It is advisable to read them completely and you can find them here:
https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org
in a part of them can be read:
"after a new research and analysis based on our first document, and despite the changes that have occurred since, we believe that new vector ltd and the Matrix.org foundation cic, which represent matrix.org and vector.im:
- they don't meet the gdpr of the eu
- do not follow the guidelines, best practices and explicit requirements described in the ico guide on gdpr for those who have daily responsibilities.
- fail to defend the fundamental principles of gdpr: legality, equity and transparency.
- are not able to process gdpr data requests correctly and in a timely manner.
- discriminate against non-tecnicxs in gdpr-related issues.
- they are trying to retain data and responses from individuals who are entitled to them, removing such data from their system before completing so requests for gdpr, being a lay crime of data protection for 2018.
- they are using misleading communications, capturing policies and terms of services hard to understand to limit the scope of data requests only to home server services, while providing several other independents.
This document includes disclosure of a personal data violation by Matrix.org.
if you currently have a #matrix account on any server, not only in matrix.org, we strongly recommend that you consider whether you need to file a complaint with the English authority of rgpd, regarding the processing of Matrix.org of your data so far. "
In particular, it seems to me that after several years things have not improved too much in the most important aspects: the care and protection of the data of the users.
#im
Take Back Our Tech
Let's use technology that doesn't use us. We publish regular in-depth series about friendly & effective technology, and how it could change our lives.