Heads up to all #Riot users: with the recent attack on @matrix' infrastructure, it's possible that Riot's Google Play version got compromised. This doesn't affect Riot's F-Droid version. Just as Riot started to do now, F-Droid has always signed all its apps on an inaccessible, offline machine. For more information, see riot.im/reinstall

To avoid maintenance overhead, however, it's likely to happen that F-Droid users must also change the app in near future. Still, there's no need to act now.

@fdroidorg @matrix Who's behind Matrix? How does it compare to Mastodon? Is it safe?

@pj
As far as being "safe", then yes, if you avoid the electron app (or at least firejail it; electron has a horrible security record). Most of the difficulty happens at the homeservers, and seem to be mostly the result of naive and insecure federation code. One gotcha to note is that while messages can be encrypted, attachments NEVER are, and worse, they're world-accessible (a "feature" for some uses though)
@fdroidorg @matrix

Follow

@fdroidorg @matrix
Small update: according to the Matrix folks, attachments ARE encrypted these days, and cues in Riot's interface would appear to support that statement, but I haven't had a chance to look under the hood and verify personally (so ymmv)

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!