[em-bee]

The closer you move to the user, the more the threat of creepy buddy watching over metadata of people they know grows.

actually i don't follow that argument. it is more likely that my data gets caught up with someone accessing a larger server than my own server. if someone targets my own server they may as well target all my messaging clients and get all the data from there.

[maqp]

The thing is, if there's three users that know each other, using one server run by one of the three, then by definition there is one person with access to metadata of the 1:1 conversation between the two other users. If you are the one running the server, then your buddies are taking the risk that you're the creepy buddy.

The proper way to address this is with p2p messaging, like Cwtch, where each user is running server for their own account. Cwtch also experimentally supports caching ciphertexts on a server that's hosting the group chats that all members will have access to anyway, so there's no peer metadata to eavesdrop on.

[em-bee]

well, that depends on your threat model. for me, an acquaintance finding out who i am talking to isn't a threat. a threat is profiling by big companies. and already by either running my own server or using a smaller paid email service, that threat is drastically reduced.

in fact this particular threat that you describe is more likely to happen at a university server where a rogue admin may use their privilege to snoop on people they want to stalk for whatever reason, as opposed to the friend that i chose because i trust them, like say the admin of the server of the local linux user group or the hackerspace that i am a member of.

in fact i am more likely to trust anyone that i know in person, simply because even if that person decides to snoop on me we can work that our in person, and the likely hood for it happening is low because it would affect our friendship. and i would guess that this is true for most people.

at some point you have to trust someone, and the closer you are to that person, the easier it will be to resolve problems.

[maqp]

That stalking thing also happens in personal peer networks. For the messaging app to have any relevance, you're going to want most of your peers in and once there's a few hundred people in, there's power to be abused.

University students don't get to run infrastructure of the facility, and at least in my uni, the old beard IT staff members and faculty don't really hang out with the students aside course environments or support groups, so there's a bigger gap. There's also salaries and careers in the line.

But bickering about who's trustworthy is pointless when there's trustless architectures for those situations already.

[em-bee]

That stalking thing also happens in personal peer networks

i am not saying it can't happen, but that the smaller the group the easier it is to assess the risk and the consequences. and for that reason i prefer smaller groups.

in austria and germany hiring students for part time sysadmin work is very common. i did those jobs and on the other hand stories from staff stalking that cute student they saw one day do exist.

But bickering about who's trustworthy is pointless

agreed. it all comes down to personal experience and preference.

when there's trustless architectures for those situations already

the problem is that the choice is not made in a vacuum. what good is a system if my friends don't want to use it. for almost my contacts i had to follow the choices of the others. very rarely someone followed my choice. and when they do i have to consider their technical capacity and tolerance to difficulties.