en:howto:matrix:privacy
Table of Contents
Notes on the safe use of the Matrix service from Systemli
IP address
- Systemli does not store IP addresses
- Other users chatting with you cannot see your IP address. This also applies to users of other homeservers.
- By default, on calls both users can see the IP address of the other person. Under
Settings > Voice and Video
you can disableAllow Peer-to-Peer for 1:1 calls
to prevent this.
URL-Preview
- Element can generate link previews for links posted to a chat:
- The link preview is generated by your home server. Therefore, this feature is disabled by default in end-to-end encrypted chats, but can be enabled manually in the room settings.
Other metadata
- Other users you are chatting with can see when you are online
- Emoji reactions (e.g. who left a 👍 under which message) are currently not end-to-end encrypted
- Profile pictures are not end-to-end encrypted
Connections with other home servers
- For (group) chats between users of different homeservers, the following information is mirrored to all participating homeservers, even for encrypted chats:
- The member list
- Profile pictures of room members
- Emoji reactions
- Status changes (who joined or left when, who is online/offline when)
- When someone wrote something (not the content, of course)
- When creating a chat you can define in the advanced settings that only Systemli users are allowed to join::
Chat Storage
- To allow users to receive messages from when they were offline and to allow simultaneous use with multiple devices, messages are stored on the Systemli server for 30 days. Encrypted chats are stored in encrypted form 1)
- Other home servers can cache messages for longer or shorter periods of time
- The Element apps for Android and iOS may also store messages longer than 30 days in the local app cache. Systemli has no influence on this. You can clear the local cache of your device in the settings under “Clear cache”.
Widgets
- Element allows you to embed widgets into the chat window.
- When you enable widgets in your chat, the URL of the embedded web page is not end-to-end encrypted 2)
- The website that is embedded as a widget can see your IP address. Therefore, when someone else activates a widget in the chat, you will be asked for your consent before the widget is activated for you.
1)
This also means: After 30 days, even unencrypted metadata (e.g. emoji reactions) are deleted from the Systemli server.
2)
For end-to-end encryption web applications like Croodle polls or Cryptpads, the password for the encryption is sent in the link. Adding such a tool as a widget means sharing the password with the admins of all participating home servers of a group chat, and would thereby negate the end-to-end encryption!
en/howto/matrix/privacy.txt · Last modified: 2023/06/28 02:54 by anarsec