Updated: Oct 23
Decentralized platforms like Matrix have become a popular new "secure messaging platform" Unfortunately, it is far from being secure. On the Matrix website, there have been some admissions made in regards to how insecure their decentralized model actually is.
"Open systems (Matrix) are less secure because you have no control over the quality of the implementations - if anyone can bring their own client or server to the table, all it takes is one bad implementation to compromise everyone in the vicinity. It’s also true that Matrix servers currently store metadata about who’s talking to who, and when, as a side-effect of storing and relaying messages on behalf of their users" Source: https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom ".. it’s also true that because anyone can develop a Matrix client or server and connect to the global network, there’s a risk of bad quality implementations in the wild. There are many forks of Riot on the app stores - we simply can’t vouch for whether they are secure. Similarly there are Matrix clients whose E2E encryption is partial, missing, or unreviewed. And there are a wide range of different Matrix servers run by different people with different agendas in different locations, which may be more or less trustworthy." Source: https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom
It's hard to believe after reading this, how one could not have serious doubts to the overall security of decentralized systems. Users who seek out a secure messaging solution cannot be expected to correctly configure what is supposed to be a completely secure environment to begin with.
This is why firms like SecureCrypt spend millions of dollars and take years of research to properly develop the most secure messaging solution currently available on the market.
With our unique security features like hardware protections not found elsewhere, SecureCrypt has rapidly become one of the industries leading solutions for true end-to-end encryption, network level protections, and tamper-proof hardware.
If you are using Matrix, it is also imperative to understand that it relies on the Tor network for routing of all communications, which allows it to be a decentralized solution.
On December 3rd, 2021 it was reported by The Record that a "mysterious threat actor is running hundreds of malicious Tor relays"
This highly disturbing finding - and the findings previously mentioned in this article - should make those who are using Matrix deeply concerned about the lack of security of the Matrix platform, and the Tor relays that power it.
The article goes on to mention:
"Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users." Source: https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/
There is a popular misconception in the field of secure messaging that decentralization is more secure than centralized messaging. This could not be further from the truth.
Matrix does not encrypt metadata, and thus gives any ill-intentioned actor all the information they need to tie your Matrix ID to your real life identity on that factor alone.
SecureCrypt has been developed by computer engineers whose only area of expertise is secure messaging mobile applications. That is all they do. Our security team is comprised of 10 full time developers/engineers who have been working on mobile secure messaging applications for over 10 years.
When properly configured, a system which uses no server storage, does not retain backups, uses no cloud storage alongside encrypting all data at-rest and in-transit with all encryption keys created by the user on device is still the most secure solution.
Our company is a privately owned entity, and because we charge for our service you are not the product. With free apps, your data is the product. Our motivation has been clear from the start. SecureCrypt provides a quality service, and we benefit by always striving to the be the best. This is how we keep our clients secure, and safe while attracting new clients.
The choice is clear. If you or your enterprise needs a real secure messaging solution, whose only purpose is to achieve what other platforms cannot achieve, true anonymity and device security - at the network, device, and application level - you need SecureCrypt.