Open platforms like Matrix often claim to provide secure messaging, but their design reveals significant vulnerabilities. Matrix servers store metadata, exposing sensitive information about who communicates with whom and when. This metadata can be exploited to compromise user privacy. Additionally, Matrix’s open architecture allows users to configure their own servers and clients, which introduces the risk of insecure implementations that can jeopardize the security of the entire platform.
Compounding these issues, Matrix relies on the Tor network to route communications. While Tor is designed for anonymity, it has been repeatedly targeted by malicious actors running compromised relays to deanonymize users. SecureCrypt eliminates these risks by avoiding open configurations that rely on user-managed servers or relays. Instead, SecureCrypt delivers a fully secure, out-of-the-box solution with device-based hardware protections, cellular network-level encryption, tamper-proof features, and no metadata retention. Built for uncompromising security, SecureCrypt is designed to protect users from vulnerabilities inherent in open platforms.
Matrix unfortunately, it is far from being secure. On the Matrix website, there have been some admissions made in regards to how insecure their decentralized model actually is.
"Open systems (Matrix) are less secure because you have no control over the quality of the implementations - if anyone can bring their own client or server to the table, all it takes is one bad implementation to compromise everyone in the vicinity.
It’s also true that Matrix servers currently store metadata about who’s talking to who, and when, as a side-effect of storing and relaying messages on behalf of their users"
Source: https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom ".. it’s also true that because anyone can develop a Matrix client or server and connect to the global network, there’s a risk of bad quality implementations in the wild. There are many forks of Riot on the app stores - we simply can’t vouch for whether they are secure. Similarly there are Matrix clients whose E2E encryption is partial, missing, or unreviewed. And there are a wide range of different Matrix servers run by different people with different agendas in different locations, which may be more or less trustworthy." Source: https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom
It's hard to believe after reading this, how one could not have serious doubts to the overall security of open systems. Users who seek out a secure messaging solution cannot be expected to correctly configure what is supposed to be a completely secure environment to begin with.
This is why firms like SecureCrypt spend millions of dollars and take years of research to properly develop the most secure messaging solution currently available on the market.
With our unique security features like device based hardware protections, and cellular network protections not found elsewhere, SecureCrypt has rapidly become one of the industries leading solutions for true end-to-end encryption, network level protections, and tamper-proof hardware. Using a dedicated secure device is the best way to keep your privacy protected.
If you are using Matrix, it is also imperative to understand that it relies on the Tor network for routing of all communications, which allows it to be a decentralized solution.
On December 3rd, 2021 it was reported by The Record that a "mysterious threat actor is running hundreds of malicious Tor relays"
Source:
https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/
This highly disturbing finding - and the findings previously mentioned in this article - should make those who are using Matrix deeply concerned about the lack of security of the Matrix platform, and the Tor relays that power it.
The article goes on to mention:
"Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users." Source: https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/
Matrix does not encrypt metadata, and thus gives any ill-intentioned actor all the information they need to tie your Matrix ID to your real life identity on that factor alone.
SecureCrypt has been developed by computer engineers, cryptography experts, and data scientists whose only area of expertise is secure messaging mobile applications. That is all they do. Our security team is comprised of 10 full time developers and engineers who have been working on mobile secure messaging applications for over 14 years.
When properly configured, a system which uses no server storage, does not retain backups of messages or any conversations, uses no cloud storage alongside encrypting all data at-rest and in-transit with all encryption keys created by the user on device is still the most secure solution.
Our company is a privately owned entity, and because we charge for our service you are not the product. With free apps, you are the product.
Our motivation has been clear from the start. SecureCrypt provides a quality service, and we benefit by always striving to the be the best. This is how we keep our clients secure, and safe while attracting new clients.
コメント