It is, which is why I’m removing it. You can expect this from CNET, Techradar and bullshit outlets like that.

This is VPN marketing material mouth pieces 101.

Just be mindful decentralization doesn’t inherently mean there is privacy.

Seems like a step up from “Covenant Eyes” with weirdo politicians sharing their porn habits with their children.

At this point I have to wonder whether the “Signal is CIA funded” narrative is not just butthurt Russian trolls mad at the fact it’s also used by spies and informants for secure communication.

It’s probably also media’s fault for this. They only publish when a bad person does a bad thing on the internet with it, not all the millions of users who don’t do bad things. That would be boring.

Yes the article is FUD and sloppy. This is what Matthew Hodgson (Arathorn) had to say about it:

Talking of sloppiness, that hackea.org article is a huge steaming pile of FUD about Matrix.

For what it’s worth, the team who came up with Matrix was originally based in two separate startups: one in the UK doing VoIP, one in France doing mobile dev. Both got acquired by Amdocs in 2010, but we ended up forming an independent “incubated startup” first to build telco apps, and then we came up with the idea of Matrix in ~2013. We then built out Matrix until 2017 when Amdocs killed our funding, having run out of patience for what amounted to generous FOSS philanthropy.

We then set up New Vector (now Element) as an entirely independent UK/FR startup, and have received zero funding from Amdocs since. To be crystal clear: Amdocs has zero privileged influence or control over Matrix (or Element, for that matter), and has zero access to the Matrix servers we operate as Element. And besides - the whole point of Matrix is that you can and should run your own servers so you can pick who to trust, even if you don’t trust the project itself.

you have to attach your matrix ID to your phone number

Yes, this is FUD, it’s not necessary, and entirely opt-in. Also you don’t even need to connect to the identity server.

I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. https://tutanota.com/encryption

These are only primitive algorithms, the actual implementation is custom and specific to Tutanota, which mean it will only work with Tutanota as nothing else will implement it.

There is no way to do key distribution outside of Tutanota’s service.

That is the nature of any federated protocol.

E2EE works well enough within rooms and that is likely where private data is to be anyway. As long as you Matrix and assume that everyone can see your Matrix ID and room IDs you’ll be okay.

XMPP isn’t any better in that regard.

Probably another point is that the encryption for Matrix/Element has undergone multiple audits, one in 2016 and another one of their newer rust library. Whereas telegram just has not. There was this also a not too long ago. MTProto is also used nowhere else, whereas a lot of encryption has been influenced by the Double Ratchet which is well understood.

The other thing worth noting is that Matrix is the foundation for other products which many governments use for secure communications.

Keep in mind LocalCDN will make your fingerprint more unique. HTTPS Everywhere is unmaintained and no longer needed… and you certainly don’t need Decentraleyes, thats a duplicate of LocalCDN and is also unmaintained.

If you’re going to use Arch use Arch. It is incredibly dangerous to be blindly trusting things in AUR, when they can be contributed by anyone.

However, it then goes on to say that only moderate or advanced users should use Arch

Yes because there is less QA, there is nobody testing those things before they are released to you. It also requires you to make a lot of selections which unless you know what components to choose (I also use Arch) would be not great for a newbie user.

I find this funny as many corporate servers use Debian, and I don’t really see any huge security issues since the 90’s waving red flags of warnings and issues.

A lot of them are Ubuntu these days, or Centos. In a corporate environment you tend to be running a lot of containerized workloads because you want redundancy, and high availability.

By following this guide, it really leaves no option for beginner linux enthusiasts. I (we) recommend not folloing this guide as it reads like privacy paranoia propaganda piece.

TLDR being there is no reason to look beyond Fedora or Ubuntu for a newbie user. That is the point that it makes. These other obscure distributions don’t provide anything that you need.

Just a reminder, we specifically recommend against Garuda due to their unsafe usage of Chaotic-AUR.

VPNs are still worth it for that purpose, particularly torrenting… Not sure who is saying this but they are wrong.