Oh, this is so f***ing gold. This post is a juice concentrate of the many reasons why Matrix sucks:

Self-hosting a Matrix server for 5 years

Among others: Users cannot be deleted This is simply not an option in the API. Server admin can perform a "deactivate" (disable login) and "erase" (remove related data, which claims to be GDPR-compliant) on user accounts, but the accounts themselves stay on the server forever. LOL. Here is my take on why you should trash Matrix and use XMPP, or ta least Signal instead:

Tommaso Gagliardoni's Homepage

#im #matrix #jabber #xmpp #signal #privacy #security #enshittification #cypherpunk

Tommaso Gagliardoni 3 weeks ago

In a rare show of sanity, the Swiss Data Protection Officer has severely restricted the use of international cloud services – particularly hyperscalers like AWS, Google, or Microsoft – for Swiss federal authorities!

heise online

Switzerland: Data Protection Officers Recommend Broad Cloud Ban for Authorities

According to the Data Protection Conference, federal offices may only use US hyperscalers like AWS, Google, or Microsoft to a limited extent.

#security #privacy #cloud #politics #digitalsovereignty #bigtech #google #aws #microsoft #azure #amazon #switzerland

Tommaso Gagliardoni 3 weeks ago

Sorry, I don't want to share my opinion on the matter, just posting to be on this thread which has the potential to achieve legendary divisiveness status 😂 Kidding apart, one argument I didn't see discussed which is potentially against hybrids, at least for encryption, is the possibility of better kleptographic attacks: 📄.pdf The idea is that you can design a circuit that uses e.g. ECDH to embed kleptographic data on ML-KEM public keys. In a pure ML-KEM hardware implementation, this would be easy to spot, because of the conspicuous amount of EC-related circuitry that shouldn't be there. But with a hybrid, that's much more difficult to spot. DISCLAIMER: I AM NOT ARGUING FOR HYBRID VS NON-HYBRID, JUST REPORTING THE FACT, FOR THE LOVE OF GOD PLEASE DO NOT JUMP AT MY THROAT.

Tommaso Gagliardoni 4 weeks ago

The results of the 2025 elections for the president and board members at the International Association for Cryptologic Research (IACR) have been botched because the results of the super-secure cryptographic e-voting system cannot be retrived due to the "accidental loss" of a decryption key.

IACR News item: 21 November 2025

While human mistakes happen, this accident comes under very troubling circumstances. Why an e-voting system of an association like IACR does not support t-out-of-n threshold decryption? Why is a system where a single party can collude to invalidate the vote considered acceptable? Wouldn't be wiser to freeze to the date of November 20th the eligibility status for voting instead of "calling to arms" IACR members who had previously decided to opt out from Helios emails? Does the identity of some of the candidates to Director represent a problem for IACR? #iacr #crypto #cryptography #politics #evoting