“Signal is being blocked in Venezuela and Russia. The app is a popular choice for encrypted messaging and people trying to avoid government censorship, and the blocks appear to be part of a crackdown on internal dissent in both countries…”

  • whyNotSquirrel@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    50
    ·
    4 months ago

    could matrix.org be as easily blocked, since it’s decentralized I’m wondering?

    At least it means that Signal is working as intended if they are blocking it, I guess that they don’t have back doors.

      • TarantulaFudge@startrek.website
        link
        fedilink
        arrow-up
        27
        ·
        4 months ago

        I can answer this! All matrix calls are over https APIs. Ports and addresses are stored in a text file on the base domain or in DNS txt entry.

        • ivn@jlai.lu
          link
          fedilink
          English
          arrow-up
          5
          ·
          4 months ago

          Thanks, nice to have someone knowledgeable.

          Would you say matrix is censorship resistant? I’ve very limited knowledge of it but given what you said I imagine that if I was trying to block matrix I would just need to query the url of the text file and check the DNS text entry, if either exist just add the domain to the blocklist.

          • ArcaneSlime@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            4 months ago

            I was trying to block matrix I would just need to query the url of the text file

            Ok this raises a question for me. How do you find a url like this which wouldn’t be like, “linked on their site” or something? I know it must be possible to like dump a URL list for a site to a textfile, I’m just wondering how.

            Like say I want to find all the super secret pages on www.subgenius.com, they link some but say www.subgenius.com/pam1/pamphlet.html wasn’t directly linked (it is, but pretend lol) but could be accessed by the URL, how would I find that URL? Can you just run like someprogram -a www.subgenius.com -o subgenius.txt because that would be cool.

            • ivn@jlai.lu
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              4 months ago

              Maybe I’ve misunderstood how it works. I thought that when connecting to a matrix instance you would point to the domain name and the text file would be on a standard location (as with /robots.txt or all the files in /.well-known/) so it would be easily discoverable. In fact I just checked and matrix does use /.well-known/ so one should be able to identify matrix servers by querying these URLs. Unless their is a way to use a non-standard location, but that would require further configuration on the client I guess.

              And just to answer your question, the only way to find some hidden file would be to brute force. This could obviously be extremely time consuming if the URL is long and random enough, especially if you add rate limiting (this last thing could be circumvented by using multiple IPs to scan, which would be easy for a state actor).

              Edit: I’ve just realized I wasn’t answering to the same person, the first part of the message was more for @TarantulaFudge@startrek.website

              • TarantulaFudge@startrek.website
                link
                fedilink
                arrow-up
                2
                ·
                4 months ago

                Yeah the main thing is that the ports and addresses can change and it’s nbd. From a firewall perspective, it’s impossible to block them all. Especially when the clients are doing mundane https requests. Even if the server goes down or partial connectivity, the channel can still be used.

                • ivn@jlai.lu
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  4 months ago

                  But this seems easy to automatically block, no? If a client is querying an unknown domain check for some Matrix related data in /.well-known/ and add it to the block list if there is. And since the servers are publicly advertising the port used you just need to periodically check the list of known matrix domains you are creating in the first step.

                  Russia is already doing DPI and blocking ESNI so that seems easy. A more widespread usage of ECH would help everyone, as is Signal advocating, but that’s not the case yet.

    • foremanguy@lemmy.ml
      link
      fedilink
      arrow-up
      17
      arrow-down
      1
      ·
      4 months ago

      Matrix is in fact decentralized but in reality it is not so much, I don’t know the number exactly but the majority of users use the matrix.org server

              • ivn@jlai.lu
                link
                fedilink
                English
                arrow-up
                5
                ·
                4 months ago

                I mean, that’s not specific to Matrix. Telemetry is the tool used to get the numbers, so I don’t see how you would collect numbers on servers that don’t report numbers.

                  • ivn@jlai.lu
                    link
                    fedilink
                    arrow-up
                    3
                    ·
                    4 months ago

                    But you would miss all the numbers from non-federated instances.

                • CaptainSpaceman@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  4 months ago

                  Im surprised there are zero calls to any official matrix server(s) from those instances.

                  Not even random API for metadata, update status, etc?

                  Telemtry is a word. It only means as much as it means in each context, and without full context it means little atm.

                  Do you have a resource where I could learn more about what data Matrix considers telemetry?

                  • ivn@jlai.lu
                    link
                    fedilink
                    English
                    arrow-up
                    4
                    ·
                    4 months ago

                    The whole point of not being federated is not to call the other servers. I don’t run a server but I hope it’s not calling home if specifically configured to not be federated.

      • wurstgulasch3000@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        4 months ago

        People who live in countries where DNS and IP blocks are common probably use a different server. I’ve been running my own for over a year and it works like a dream

      • TarantulaFudge@startrek.website
        link
        fedilink
        arrow-up
        12
        arrow-down
        3
        ·
        4 months ago

        It cannot be easily blocked especially if you use your own homeserver every homeserver replicates the channel and it can operate without the original server! That’s why signal and telegram are inherently flawed.

    • ArcaneSlime@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      4 months ago

      To be devils advocate in a sense, this may mean that it doesn’t have any backdoors that Russia or Venezuela can use, but the NSA or something still could have one of their own.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        4 months ago

        Matrix doesn’t have encryption as the default

        Also Signal doesn’t have any backdoors. I can say that with high certainty as it has been audited more than any other messager.

        • TarantulaFudge@startrek.website
          link
          fedilink
          arrow-up
          4
          ·
          4 months ago

          It doesn’t matter if it is a business entity operating under a government then you can never really know because gag orders. Centralized servers can be blocked. Telegram and Signal apps could have a back door. This is why open stack is important. And not just the code. Also encryption is default for p2p one on one conversations. It’s not in channels by default because it can complicate public use.