I'm new to the idea of distributed hash tables. Question: If a project is built on top of a DHT (like @Jami), does that mean message metadata is basically open to the public? Is a DHT-based system a bad choice for people trying to avoid metadata leaks (i.e. third parties knowing who I talk to and how often)?
But all DHT are not perfect. OpenDHT (used by Jami) doesn't focus on metadata protection for now, and you can determine a few things:
1. When someone is receiving messages (but you can't know the sender, it's in the encrypted part)
2. If a message is big (but the size is randomized by random (via RSA)
3. And with a malicious node, you can get the ip putting datas (but it can be a proxy node, not the real sender)
And for now, I think it's all.
Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.