Updated: Mar 6
Decentralized platforms like Matrix have become a popular new "secure messaging platform" Unfortunately, it is far from being secure. Clever advertising, the use of 'buzzwords' and hyperbole have managed to convince people that decentralized messaging is more secure than other models. However, this could not be further from the truth. On the Matrix website, there have been some admissions made in regards to how insecure their decentralized model actually is.
"Open systems (Matrix) are less secure because you have no control over the quality of the implementations - if anyone can bring their own client or server to the table, all it takes is one bad implementation to compromise everyone in the vicinity. It’s also true that Matrix servers currently store metadata about who’s talking to who, and when, as a side-effect of storing and relaying messages on behalf of their users" Source: https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom ".. it’s also true that because anyone can develop a Matrix client or server and connect to the global network, there’s a risk of bad quality implementations in the wild. There are many forks of Riot on the app stores - we simply can’t vouch for whether they are secure. Similarly there are Matrix clients whose E2E encryption is partial, missing, or unreviewed. And there are a wide range of different Matrix servers run by different people with different agendas in different locations, which may be more or less trustworthy." Source: https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom
It is hard to believe after reading this that anyone who knows anything about security, even in the least, would choose to use Matrix as a secure messaging solution. Yet they are, and in greater and greater numbers. Users who seek out a secure messaging solution cannot be expected to correctly configure what is supposed to be a completely secure environment to begin with. This is why firms like SecureCrypt spend millions of dollars and take years of research to properly develop the most secure messaging solution currently available on the market.
With our unique security features like hardware protections not found elsewhere, SecureCrypt has rapidly become one of the industries leading solutions for true end-to-end encryption, network level protections, and tamper-proof hardware.
If you are using Matrix, it is also imperative to understand that it relies on the Tor network for routing of all communications, which allows it to be a decentralized solution.
On December 3rd, 2021 it was reported by The Record that a "mysterious threat actor is running hundreds of malicious Tor relays"
This highly disturbing finding - and the findings previously mentioned in this article - should make those who are using Matrix deeply concerned about the lack of security of the Matrix platform, and the Tor relays that power it.
The article goes on to mention:
"Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users." Source: https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/
The decentralized vs. centralized debate is just another attempt to commodify security, using hyperbole, myths, and outright lies to sell inherently insecure products that have been demonstrated insecure from the beginning, and only getting much worse.
There is a popular misconception in the field of secure messaging that decentralization is more secure than centralized messaging. This could not be further from the truth.
When properly configured, a Zero-Trust environment which uses P2P (Peer-to-Peer) technology alongside a centralized platform makes for the most secure option. P2P achieves what decentralized environments do; one user speaking to another with no messages or calls routed through a central server. There is nothing inherently insecure about centralized platforms. If built with security as the main focus, they can be far more secure than decentralized platforms ever could. SecureCrypt uses 512-bit ECC encryption to secure all messages, calls, file transfers, and metadata.
Matrix does not encrypt metadata, and thus gives any ill-intentioned actor all the information they need to tie your Matrix ID to your real life identity on that factor alone.
SecureCrypt has been developed by computer engineers whose only area of expertise is secure messaging mobile applications. That is all they do. Our security team is comprised of 10 full time developers/engineers who have been working on mobile secure messaging applications for over 10 years.
The choice is clear. If you or your enterprise needs a real secure messaging solution, whose only purpose is to achieve what other platforms cannot achieve, true anonymity and device security - at the network, device, and application level - you need SecureCrypt.