The actual security and privacy policies for matrix can often be confusing for new users. We will analyze the various ways that your privacy can be threatened or improved by various steps.
When connecting with a server, it is necessary that the server knows how to reply to the client. Matrix is a federated network, meaning that users connect to servers, and servers connect to other servers. It's like e-mail. The first step in being secure involves (a) picking the right server, and (b) taking necessary precautions when interacting with the server. We will be using the terms “server” and “node” interchangeably as well as the terms “client” and “user”.
Ideally, as many people as possible host their own Matrix servers. If every affinity group hosts their own server, or every cause, or simply more “general purpose” servers are available, this improves the security of the network. Why is having multiple servers a good thing?
Brickshop.io is not the only Matrix server. The servers provided by https://matrix.org, https://privacytools.io are recommended by our team. A more complete list of servers can be viewed on The-Federation.info, which claims to index several thousand servers.
Along with selecting a good server (or hosting your own!) and potentially masking your IP address, we suggest not assigning your e-mail address or phone number to your account, and also picking a unique username. A lot of instances in doxxing are due to people picking the wrong username. While it's your choice whether you use your Twitter name or pick a punny name relating to your political orientation, picking short, unique, and generic names reveals the least to potential adversaries. The author prefers randomly generated, 3-6 letter nouns, which can be easily randomly generated online.
In addition to selecting a good server and good username, it's also recommended to create a secondary account. As mentioned earlier, a big feature of Matrix is that it allows for multiple servers to seamlessly link. As also mentioned, limiting yourself & your affinity group to one server alone comes with security pitfalls. By creating accounts with multiple usernames on multiple servers, you can enhance your OPSEC by limiting what your accounts say in the places where they say them. If you use one account on one server for public and unencrypted messages, and a second account on a second server for private and encrypted messages, it is very difficult for adversaries to link the accounts together.
It needs to be constantly repeated: whatever is said in a public chatroom may as well be said on Telegram, Twitter, Facebook, Instagram, or any other chat protocol that is not end to end encrypted and private. In the context of security, what is said from your account cannot be “plausibly denied.” While what someone claims you said in a private and encrypted chatroom can be denied, what your account posts in a public room cannot be denied so easily, especially not if you do not take care to hide your IP Address.
To be as safe as you can be in a public chatroom:
Public chatrooms are not inherently dangerous and we should not shy away from reaching out to the masses, especially with important or “high level” ideas. However, when discussing very specific occasions or individuals, consider creating a private message with encryption or rotating to a private and secret chatroom. A general rule of thumb for the more wild side of the internet is this: “If you wouldn't like to see your message next to your name and face in a newspaper or court record, don't say it.” No matter how much a server promises security (whether it's Telegram, any Matrix server, Discord, etc) you should always be very cautious about any message you send across unencrypted lines.
Private and encrypted chatrooms on Matrix are about as safe as end2end encrypted rooms on Telegram, Whatsapp, and Signal. When in doubt, communicate face to face with cell phones and other devices (Smart TVs, tablets) in another room.
A “high trust” chat means a chatroom where you are able to “vet” every member of the room; that is, you've “verified the key” of the devices of the users. Unlike Signal, Matrix uses interface patterns to encourage that you verify the identities of the users you're talking with.
In the Riot client, there is a feature to prevent sending messages to devices that you have not verified. Imagine you are in an encrypted chatroom with 40 people and you have personally verified 10 of their identities. If you toggle this setting, it means only 10 members of the room will see your message and the other 30 will be left in the dark. While the other 30 may be able to guess what you said based on context clues, this is still a much safer method of communication than sending a “sensitive” message to the entire room, and only limits your sensitive message to the people that you have decided to trust on your own criteria.
This special feature:
Room → Privacy →
Never send encrypted messages to unverified sessions in this room from this session
is unique to Matrix/Riot to our knowledge.
When in doubt, again consider face-to-face communication in an electronics-free area in a safe location. Operational security is never so simple as just trusting an algorithm. The best we can hope for in the realm of digital communications is “plausible deniability” and even that has its drawbacks.