Over the last few days we've had constant requests to respond to @[email protected]'s 'The ecosystem is moving' blog post & recent 36c3 talk - we've tried to articulate Matrix's viewpoint over at

It’s true that if you’re writing a messaging app optimised for privacy at any cost, Moxie’s approach is one way to do it. However, this ends up being a perversely closed world - a closed network, where unofficial clients are banned, with no platform to build on, no open standards, and you end up thoroughly putting all your eggs in one basket, trusting past, present & future Signal to retain its values, stay up and somehow dodge compromise & censorship… despite probably being the single highest value attack target on the ‘net.

This is exactly the issue I have with Signal, and of course the completely unacceptable policy of requiring a phone number as identification. Great response!

Keep up your great work!

@harald @matrix How can Marlinspike even call phone numbers "user-owned identifiers"?? If I want to port my phone number from one provider to another, I have to go buy a new SIM card, and then call both companies, and beg their customer service agents for permission to move. And if a bad actor clones my SIM, or just manages to convince a level-1 service rep that he's me, then he gets to steal my phone number forever.

Well said @matthew. I think Matrix is doing the best job at building the best future in this department

The talk is available via peertube (ironically a federated service) and YouTube.
I've seen the talk but not read his blog post and the arguments brought in the talk are even more ridiculous.
He discontinued p2p video/voice because clients could discover each others IPs. (A fact that is only sometimes true and can be mitigated by the use of additional services) but still defends the use of phone numbers as identifiers to share with everyone you want to talk to.

@matrix The more moxie opens his mouth, the less I trust him to build and maintain a secure messaging platform. Signal is kind of a basic first measure, I would never trust any centralized network with something I actually wanted to be private. But neither would I trust matrix yet, maybe once the client has it's own built in server and mixing servers. Right now the very basic torchat seems to be the only real option for secure/anonymous coms and I'm not sure I trust that.

@curufuin @matrix Well for the truly paranoid there's matrix over #tor. For mere obfuscation #Yggdrasil may be faster though.

@grin @matrix I think for the truly paranoid there is the Snowden method. Like talk in person, phones on the microwave. 🤷🏻‍♂️. But I suppose it just depends on your threat model and what you want to worry about.

@matrix ye 'that' Moxie's talk .... where he reveals he don't understand art production (finished pieces is something the public thinks they see, not the artists) nor the people that want decentralized systems ... nor freedom nor SPoF indeed

@matrix reminds me of torvalds vs. tanenbaum, but switched.

@stereo heh - so does that make us the microkernel? :D always seemed amusing that the punchline to that debate was Android = torvalds and iOS = tanenbaum; turns out both can work...

Thanks @matrix for the detailed blog on why #decentralised vs #centralised ecosystem. Seems like Moxie of signal missed the fundamental thing called #freedom to choose the server you like, the client you like for messaging. Thats the freedom you also see on #Federated messaging like #Fediverse systems of #Mastodon, #Pleroma , #Peertube etc.

Maybe Moxie could talk on the situation of the kurds at #37c3 .
At least that would make sense.

@matrix What's not to love about the fact that a talk titled "The ecosystem is moving" gets people to explain the details of exactly that movement & to accelerate it?

Humanity needs both #Matrix- & #Signal-like systems in healty competition for ideas & implementations :-)

Sometimes using tounge-in-cheek pokes, but more importantly standing together against #SurveillanceCapitalism!

Sign in to participate in the conversation's Mastodon is one server in the network