Stefano @reed@fosstodon.org

Paper describing GrimoireLab, finally published in @PeerJCompSci https://peerj.com/articles/cs-601/ With @sduenasd @_valcos_ @dizquierdo @acstw @sanacl @alpgarcia GrimoireLab is a software development analytics toolset, come & know how it can help you

Privacy-wise, Matrix is worse than Slack for public rooms.

Don't hit respond yet, read further.

With this whole freenode mess, some of the online communities I'm part of moved to Matrix. Despite how much I personally love IRC (that's top-notch privacy-wise for public rooms), I have to admit the overall Matrix UX is order of magnitude better and more in line withthe 2021 standards. It lowers the barrier of entry, and I'm all in for that!

However, there's a *massive* catch: the read status. Every time you can see a message on a public room, Matrix will show your avatar next to the said message to materialize you "read" (at least saw) it,

There's currently no way to disable this feature, be it on synapse or dendrite. The read status gets broadcasted to *all the room participants*, including bots.

Some bots are autojoining all the big room as soon as your open them. It's not clear who operate them, they don't ask nobody's consent before joining. You can assume this presence data is actively getting stored and mined by them, it's trivial to do. I implemented such a POC in a couple of hours yesterday night (I obviously turned it off and deleted the data after showing it to some friends).

Back to my initial punch line: this situation is worse than it it is with Slack. At least, with Slack, my read status stays between me, Slack corp and the people they decide to share the data with. With Matrix, it's open bar, private data for everyone.

The Vector team seem not to care too much [1] and are not considering this situation as urgent.

We absolutely need a way to disable these read status on a per room (or space?) level. As free software devs, we should be able to protect our peers and users privacy. My presence status, be it on a public chat is definitely *not* a public data that should carelessly be shared.

[1] https://github.com/vector-im/element-web/issues/2527

« When #Hackers Were Heroes » on #CACM https://cacm.acm.org/magazines/2021/4/251341-when-hackers-were-heroes/fulltext

🌟 Feel free to follow @fedeproxy to keep in touch with the #fedeproxy forge federation project.

During today's meeting, there was a consensus on creating a mastodon account dedicated to #fedeproxy It is exclusively used to boost and never toots. The #fedeproxy community is horizontal and does not have, by definition, a spokesperson.

https://fedeproxy.eu/blog/2021/01/10/manifesto/

The #fedeproxy #forge federation project needs #diversity, from the start. Do you want to join?

Boost appreciated.

Test any website for third party cookies, ad-trackers, keyloggers and more https://themarkup.org/blacklight