the author literally picked random projects from github tagged as matrix, without considering their prevalence or whether they are actually maintained etc.
if you actually look at % of impacted clients, it’s tiny.
meanwhile, it is very unclear that any sidechannel attack on a libolm based client is practical over the network (which is why we didn’t fix this years ago). After all, the limited primitives are commented on in the readme and https://github.com/matrix-org/olm/issues/3 since day 1.
That is exactly what it says. They knew about security issues in their library and didn’t fix them for years. This isn’t being ignorant, this is negligence.
I do, use Signal if you care about privacy. They are the only game in town when it comes to reasonably secure chat software. Sure, I would prefer a federated alternative but I haven’t found one yet that is always end-to-end encrypted, open source, implements forward secrecy, and is user friendly enough to be used by my grandmother.
Don’t use Matrix the devs knew about sidechannel vulnerabilities and ignored them for years. This is peak negligence and should immediately disqualify you from touching anything security related.
From your link.
That is exactly what it says. They knew about security issues in their library and didn’t fix them for years. This isn’t being ignorant, this is negligence.
You do not have a solution.
I do, use Signal if you care about privacy. They are the only game in town when it comes to reasonably secure chat software. Sure, I would prefer a federated alternative but I haven’t found one yet that is always end-to-end encrypted, open source, implements forward secrecy, and is user friendly enough to be used by my grandmother.
Thanks