[therealtbs]

Yes, everyone is in complete hysterics exactly because Facebook is evil (by the definition "harmful or tending to harm" (OED) or "morally reprehensible" (Merriam-Webster)). Just remember the recent(-ish) Oculus controversy, where they forced everyone who bought their hardware to sign in with Facebook and in some cases (soft-)bricked users devices because their Facebook accounts did not have enough activity [1]. Especially because Palmer Luckey (founder of Oculus) when answering questions about the acquisition in 2014 said that Facebook would not do such a thing [0].

I personally am scared because the language being used here is not at all specific to the scenario mentioned here ("hosted clients"). I understand that anything more specific would probably be rejected by their legal team. I am afraid that some 5 years down the line they'll be able to do something worse without notifying users because the TOCs and privacy policies are written in this ambiguous language.

Regarding alternatives, I can't really speak on the security/privacy of any of them but from what I can gather, Matrix does have E2E-encryption functionality [2] so I'm not quite sure how it is less secure than Signal (provided you host your own server and/or have a reasonable degree of trust in the server-operator of your conversation-partner).

[0] https://www.cgmagonline.com/2020/08/19/oculus-founder-facebo...

[1] https://www.eurogamer.net/articles/2020-10-15-oculus-quest-2...

[2] https://matrix.org/blog/2020/05/06/cross-signing-and-end-to-...

[saurik]

And when Facebook is doing something evil, I actively blast them for it; in particular, I have been extremely vocal with everyone I know about many aspects of the Oculus account issue, which I consider to be extremely evil when combined with their closed store model and DRM setup with developer account revocation (etc. I am somewhat famous for being a broken record on some topics, so I will try to avoid going into too much depth ;P).

Obviously, though, (but maybe not to you?!?) this is a completely unrelated issue to the WhatsApp "changes" this week: trying to use "Facebook is evil, so everything they do is evil" is not only ridiculously disingenuous--to the point of undermining the ability to make these kinds of arguments at all and still be taken seriously :(--but doesn't even satisfy basic questions like "ok, and do you also consistently use this frame with Apple and Google?" (both of whom are also evil to the point of being morally reprehensible).

As for Matrix: they do not have a solution for metadata yet, and even have gone so far as to claim that maybe they will never figure it out (due to being a federated system). Your metadata just ends up getting semi-permanently logged on various machines, and there is nothing you can do about it at this time. AFAIK, Signal has implemented solutions to this (even, I believe, fixing the subtle thing I used to complain about where their server technically had a temporary in-memory metadata log for rate limiting).

https://github.com/matrix-org/synapse/issues/2188

https://github.com/matrix-org/synapse/issues/4565

(I have now provided a bit more quoted detail in this other comment, which i will link to rather than cause a lot of replication spam.)

https://news.ycombinator.com/item?id=25687395

[dunefox]

Facebook logs all metadata that is available from WhatsApp as well. I'd rather have my metadata on matrix servers than on FB servers - at least it's not connected to my phone number, which is tied to my real identity. Also, matrix doesn't upload my entire contact list to Facebook. If it's secure enough for the german military and the entire french government, it's certainly secure enough for me.

[rmrfstar]

> Your metadata just ends up getting semi-permanently logged on various machines, and there is nothing you can do about it at this time.

Sealed sender means that an eavesdropper who can introspect into RAM inside Signal's AWS infrastructure is no better off than a network eavesdropper who passively sniffs ingress/egress.

That doesn't mean they can't build a reasonably accurate metadata database covering most people--people who communicate from a limited number of mobile ips to a limited number of mobile ips.

Signal is way better than matrix, but let's not pretend it has totally solved the metadata problem.

[injidup]

Extremely evil was when an entire population was wiped off the earth in the industrial genocide of the Third Reich. Facebook or WhatsApp changing its TOS is irritating but it is not "extremely evil" I just realised that this is the same absolute language that incited the violence we saw on Wednesday. If something is "extremely evil" then there are very few constraints short of the Geneva convention and probably not that you should be bound by in your response. The point is language matters and so enough with calling everything we disagree with "evil".

[ncmncm]

It was carefully explained to me that Facebook only wishes they could be as evil as Google is, now, or as Microsoft used to be able to be. Nowadays, even Microsoft and Russia wish they could afford to be as evil as Google; and even the spooks have had to outsource theirs.

(I use "evil" in the technical sense: not necessarily intending to exterminate humanity, but wanting to be able to -- or anything short of that -- if they did.)