Commit 5d08f736 authored by pedrolab's avatar pedrolab

maximus insights about matrix

parent afe738b7
......@@ -12,6 +12,7 @@
- [script to upgrade static riot](#script-to-upgrade-static-riot)
- [Data](#data)
- [Test federation](#test-federation)
- [other installation guides](#other-installation-guides)
- [known problems](#known-problems)
- [notifications](#notifications)
- [todo / extra](#todo--extra)
......@@ -34,6 +35,7 @@
- [bots](#bots)
- [do your own piwik analitics on matrix](#do-your-own-piwik-analitics-on-matrix)
- [dark things about matrix and riot](#dark-things-about-matrix-and-riot)
- [extra notes](#extra-notes)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
......@@ -742,3 +744,32 @@ relevant notes:
## extra notes 2019-2-22
Here follows a backup of the insights from [Maximus]( and [this is the link to the original conversation](!$
Given the inability to implement and document a functional Matrix protocol by New Vector and resolve security vulnerabilities that are public for years, mxhsd will no longer try to implement the Matrix protocol. Instead it will implement what we (Kamax) think makes sense and document as we go. ->
In no specific order:
- State resets which can be used to abuse permissions or create states that never existed (it was used last year to take over Matrix HQ per ex)
- The value of depth is not checked/validated properly, leading to possible room takeover attacks
- Until very recently, malicious/fake evens could be injected
- There are amplification/proxying attacks via the /send_join and /media endpoints
and that's just what's on top of my head - I didn't bother to keep scores in the end
there are also a whole set of (D)DoS attacks on a server by abusing server ACLs, max values of various fields and the likes
I've spent several years in the Matrix ecosystem and built a bunch of projects on it, and at least one for each spec (Client, Server, Application, Push). There is much more to it than what I just listed, but it would be a waste of time to discuss them further. I've already written things like a [Server ACL feature review]( or just explained the various issues to length in various rooms and on my [18 months as a Matrix dev manifesto](
In terms of how to solve the issues, I know several ways to solve them personally, but they tend to be all related so it's faster to just take a different approach, which I am now doing using The Grid project (fork of Matrix) and this rewrite of mxhsd now called Gridepo.
I have tried my best to also report those issues and talk to the MAtrix dev about them before going down this road but to no avail. Matrix is deeply insecure and not privacy friendly at all. The only reason it has been getting away with it so far is because there is no alternative implementation that truely challenges the protocol and the implementations. If you look in the client world per example, many are just copying what Riot is doing instead of following the spec. In terms of servers, there hasn't been any successfully federated server ever until mxhsd & construct came along.
Given that we have to reverse engineer everything all the time, we just know were all the issues are, and we are now taking action to solve them the best way we can: forking.
As for promoting Riot, my personal opinion is that it just promotes a closed protocol/ecosystem as Riot is actually not Matrix compatible and very bad in terms of privacy. One of the worse horror story is that everytime you switch to a room, a HTTP call is made to with a token directly used to retrieve your Matrix ID. They can know exactly when you do something, your Matrix ID, etc. This can also be hijacked by a third-party potentially as there is no safeguard in place to prompt the user about sharing their personal info (All this done via the /openid endpoints).
This is the kind of thing that shows me there is no path forward in Matrix as the ecosystem is simply dominated by Riot and Synapse which do not follow the spec themselves and block any implementation that stick to the spec to actually be able to do anything. So you are force to implement the custom ways of Riot and synapse (whatever you build) which prevents from solving the security issues even if you wanted to.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment