The problem is federation in general. This is exactly why it’s a general privacy and GDPR nightmare… even if you hate corporations and use all alternative stuff, you’re still handing all your data over to them in the end anyways, because you (or most other) servers you federate with, federate with them too. And when servers (like matrix.org) use MITM-as-a-service providers like Cloudflare, they can see all the TLS-decrypted data too. Even with e2ee enabled for a room, the only thing that’s encrypted is the message itself (not the sender, or timestamps, etc.), basically there’s lots of other metadata that can be gathered without the message contents.
There’s also a big problem with servers defederating from each other, so in that case you never really know who or if anyone else is even seeing your messages… basically you’re just choosing which wind to piss into.
The problem is federation in general. This is exactly why it’s a general privacy and GDPR nightmare… even if you hate corporations and use all alternative stuff, you’re still handing all your data over to them in the end anyways, because you (or most other) servers you federate with, federate with them too. And when servers (like matrix.org) use MITM-as-a-service providers like Cloudflare, they can see all the TLS-decrypted data too. Even with e2ee enabled for a room, the only thing that’s encrypted is the message itself (not the sender, or timestamps, etc.), basically there’s lots of other metadata that can be gathered without the message contents.
There’s also a big problem with servers defederating from each other, so in that case you never really know who or if anyone else is even seeing your messages… basically you’re just choosing which wind to piss into.