mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-07-01 09:12:39 +00:00
update: Move Element to Social Networks page (#3013)
Signed-off-by: Jonah Aragon <jonah@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
redoomed1
@ -202,7 +202,7 @@ Censorship online can be carried out (to varying degrees) by actors including to
|
||||
|
||||
Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship.
|
||||
|
||||
People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
|
||||
People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../social-networks.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
|
||||
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
@ -183,44 +183,6 @@ These messengers do not have forward secrecy[^1], and while they fulfill certain
|
||||
|
||||
</div>
|
||||
|
||||
### Element
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Element** is the flagship client for the [Matrix](https://matrix.org/docs/chat_basics/matrix-for-im) protocol, an [open standard](https://spec.matrix.org/latest) for secure decentralized real-time communication.
|
||||
|
||||
Messages and files shared in private rooms (those which require an invite) are by default E2EE, as are one-to-one voice and video calls.
|
||||
|
||||
[:octicons-home-16: Homepage](https://element.io){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://element.io/help){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/element-hq){ .card-link title="Source Code" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1083446067)
|
||||
- [:simple-github: GitHub](https://github.com/element-hq/element-android/releases)
|
||||
- [:fontawesome-brands-windows: Windows](https://element.io/download)
|
||||
- [:simple-apple: macOS](https://element.io/download)
|
||||
- [:simple-linux: Linux](https://element.io/download)
|
||||
- [:octicons-globe-16: Web](https://app.element.io)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Profile pictures, reactions, and nicknames are not encrypted.
|
||||
|
||||
With the integration of [Element Call](https://element.io/blog/we-have-lift-off-element-x-call-and-server-suite-are-ready) into Element's web app, desktop apps, and its [rewritten mobile apps](https://element.io/blog/element-x-experience-the-future-of-element), group VoIP and video calls are E2EE by default.
|
||||
|
||||
The Matrix protocol itself [theoretically supports forward secrecy](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy)[^1], however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history.
|
||||
|
||||
The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest). The [Olm cryptographic ratchet](https://matrix.org/docs/matrix-concepts/end-to-end-encryption) used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet).
|
||||
|
||||
### Session
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
@ -9,23 +9,43 @@ cover: social-networks.webp
|
||||
- [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }
|
||||
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
|
||||
|
||||
These privacy-respecting **social networks** allow you to participate in online communities without giving up your personal information, like your full name, phone number, and other data commonly requested by tech companies.
|
||||
These privacy-respecting **social networks** allow you to participate in online communities without giving up your personal information like your full name, phone number, and other data commonly requested by tech companies.
|
||||
|
||||
A growing problem among social media platforms is censorship in two different forms. First, they often acquiesce to illegitimate censorship requests, either from malicious governments or their own internal policies.
|
||||
A growing problem among social media platforms is censorship in two different forms. First, they often acquiesce to illegitimate censorship requests, either from malicious governments or their own internal policies. Second, they often require accounts to access walled-off content that would otherwise be published freely on the open internet; this effectively censors the browsing activities of privacy-conscious users who are unable to pay the privacy cost of opening an account on these networks.
|
||||
|
||||
Second, they often require accounts to access walled-off content that would otherwise be published freely on the open internet. This effectively censors the browsing activities of privacy-conscious users who are unable to pay the privacy cost of opening an account on these networks.
|
||||
|
||||
The social networks we recommend solve the issue of censorship by operating atop an open and decentralized social networking protocol. While it is possible for your account to be banned or silenced by an individual server, there is no central authority which can censor your account across the entire network. They also don't require an account merely to view publicly available content.
|
||||
The social networks we recommend solve the issue of censorship by operating atop an open and decentralized social networking protocol. They also don't require an account merely to view publicly available content.
|
||||
|
||||
You should note that **no** social networks are appropriate for private or sensitive communications. For chatting directly with others, you should use a recommended [instant messenger](real-time-communication.md) with strong end-to-end encryption, and only use direct messages on social media in order to establish a more private and secure chat platform with your contacts.
|
||||
|
||||
## Decentralization
|
||||
|
||||
Decentralized social networks are built on an architecture that is fundamentally different than mainstream social media platforms, yet quite similar to the underlying structure of email. Instead of opening an account under a single, unified service like you would for Facebook or Discord, you instead choose an independent, public server to join. The server you join can communicate with and discover other servers; this aspect of decentralization is also known as *federation*.
|
||||
|
||||
A significant benefit of this decentralized model is that there is no central authority which can censor your account across the entire network, though it is possible for your account to be banned or silenced by an individual server.
|
||||
|
||||
A caveat of this decentralized model is that each server is its own legal entity, with its own privacy policy, terms of use, administration team, and moderators. While many of these servers are far *less* restrictive and more privacy-respecting than traditional social media platforms, some can be far *more* restrictive or potentially *worse* for your privacy. Typically, the software on which the social network runs does not discriminate between these administrators or place any limitations on their powers.
|
||||
|
||||
## Censorship Resistance
|
||||
|
||||
While censorship in decentralized social networks does not exist on a network level, it is very possible to experience censorship on a server level depending on a server's administrator. Administrators have the power to *defederate* from other servers, which leads to limiting the content you can view and the people you can interact with.
|
||||
|
||||
If you are greatly concerned about an existing server censoring your content, the content available to you, or other servers, you generally have two options:
|
||||
|
||||
1. **Host the social network software yourself.** This approach gives you the exact same censorship resistance as any other website you can host yourself, which is fairly high.
|
||||
|
||||
2. **Use a managed hosting service.** We don't have any specific recommendations, but there are a variety of hosting services which will create a brand-new server on your own domain (or occasionally a subdomain of their domain, but we recommend against this unless registering your own domain presents too much of a burden to your privacy).
|
||||
|
||||
Typically, hosting providers will handle the *technical* side of your server, but completely leave the *moderation* side up to you. This often represents a better approach than self-hosting for most people because you can benefit from greater control over your own server without worrying about technical problems or unpatched security vulnerabilities.
|
||||
|
||||
You should look closely at your hosting provider's terms of service and acceptable use policies before registering. These are often far more broad than typical hosted server rules, and they are far less likely to be enforced without recourse, but they can still be restrictive in undesirable ways.
|
||||
|
||||
## Mastodon
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Mastodon** is a social network based on open web protocols and free, open-source software. It uses the **:simple-activitypub: ActivityPub** protocol, which is decentralized like email: users can exist on different servers or even different platforms but still communicate with each other.
|
||||
**Mastodon** is a social network based on open web protocols and free, open-source software. It uses the **:simple-activitypub: ActivityPub** protocol, which is decentralized like email: Users can exist on different servers or even different platforms but still communicate with each other.
|
||||
|
||||
[:octicons-home-16: Homepage](https://joinmastodon.org){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://docs.joinmastodon.org){ .card-link title="Documentation" }
|
||||
@ -40,29 +60,11 @@ We chose to recommend Mastodon over other ActivityPub software as your primary s
|
||||
|
||||
2. Mastodon is largely usable with most content types. While it is primarily a microblogging platform, Mastodon easily handles longer posts, image posts, video posts, and most other posts you might encounter when following ActivityPub users who aren't on Mastodon. This makes your Mastodon account an ideal "central hub" for following anyone regardless of the platform they chose to use. In contrast, if you were only using a PeerTube account, you would *only* be able to follow other video channels, for example.
|
||||
|
||||
3. Mastodon has fairly comprehensive privacy controls. It has many built-in features which allow you to limit how and when your data is shared, some of which we'll cover below. They also develop new features with privacy in mind. For example, while other ActivityPub software quickly implemented "quote posts" by merely handling links to other posts with a slightly different embed modal, Mastodon is [developing](https://blog.joinmastodon.org/2025/02/bringing-quote-posts-to-mastodon/) a quote post feature which will give you more fine-grained control when your post is quoted.
|
||||
3. Mastodon has fairly comprehensive privacy controls. It has many built-in features which allow you to limit how and when your data is shared, some of which we'll cover below. They also develop new features with privacy in mind. For example, while other ActivityPub software quickly implemented "quote posts" by merely handling links to other posts with a slightly different embed modal, Mastodon is [developing](https://blog.joinmastodon.org/2025/02/bringing-quote-posts-to-mastodon) a quote post feature which will give you more fine-grained control when your post is quoted.
|
||||
|
||||
### Choosing an Instance
|
||||
|
||||
To benefit the most from Mastodon, it is critical to choose a server, or "instance," which is well aligned with the type of content you want to post or read about. While censorship in Mastodon does not exist on a network level, it is very possible to experience censorship on a server level depending on your server's administrator.
|
||||
|
||||
It is critical to understand that Mastodon is not a single, unified service in the way that X (Twitter) or Facebook are. Each server is its own legal entity, with its own privacy policy, terms of use, administration team, and moderators. While many of these servers are far *less* restrictive and more privacy-respecting than traditional social media platforms, some can be far *more* restrictive or potentially *worse* for your privacy. The Mastodon software does not discriminate between these administrators or place any limitations on their powers.
|
||||
|
||||
We do not currently recommend any specific instances, but you may find advice within our communities. We recommend avoiding *mastodon.social* and *mastodon.online* because they are operated by the same company which develops Mastodon itself. From the perspective of decentralization, it is better in the long term to separate software developers and server hosts so that no one party can exert too much control over the network as a whole.
|
||||
|
||||
If you are greatly concerned about an existing server censoring your content or the content you can view, you generally have two options:
|
||||
|
||||
1. **Host Mastodon yourself.** This approach gives you the exact same censorship resistance as any other website you can host yourself, which is fairly high. Mastodon even [integrates with the Tor network](https://docs.joinmastodon.org/admin/optional/tor) for more extreme scenarios where even your underlying hosting provider is subject to censorship, but this may limit who can access your content to only other servers which integrate with Tor, like most other hidden services.
|
||||
|
||||
Mastodon benefits greatly from a large and active self-hosting community, and its administration is comprehensively documented. While many other ActivityPub platforms can require extensive technical knowledge to run and troubleshoot, Mastodon has very stable and tested releases, and it can generally be run securely without issue by anyone who can use the Linux command line and follow [step-by-step instructions](https://docs.joinmastodon.org/admin/prerequisites).
|
||||
|
||||
2. **Use a managed hosting service.** We don't have any specific recommendations, but there are a variety of Mastodon hosting services which will create a brand-new Mastodon server on your own domain (or occasionally a subdomain of their domain, but we recommend against this unless registering your own domain presents too much of a burden to your privacy).
|
||||
|
||||
Typically, Mastodon hosting providers will handle the *technical* side of your instance, but they completely leave the *moderation* side up to you. This means that you will be able to follow any content you like, although it may expose you to more spam or unwanted content because you will not have the dedicated moderation team many larger instances will have.
|
||||
|
||||
This often represents a better approach than self-hosting for most people, because you can benefit from greater control over your own instance without worrying about technical problems or unpatched security vulnerabilities.
|
||||
|
||||
You should look closely at your hosting provider's terms of service and acceptable use policies before registering. These are often far more broad than typical hosted instance rules, and they are far less likely to be enforced without recourse, but they can still be restrictive in undesirable ways.
|
||||
To benefit the most from Mastodon, it is critical to choose a server, or "instance," which is well aligned with the type of content you want to post or read about. We do not currently recommend any specific instances, but you may find advice within our communities. We recommend avoiding *mastodon.social* and *mastodon.online* because they are operated by the same company which develops Mastodon itself. From the perspective of decentralization, it is better in the long term to separate software developers and server hosts so that no one party can exert too much control over the network as a whole.
|
||||
|
||||
### Recommended Privacy Settings
|
||||
|
||||
@ -74,7 +76,7 @@ There are a number of privacy controls under the **privacy and reach** tab here.
|
||||
|
||||
- [ ] **Automatically accept new followers**: You should consider unchecking this box to have a private profile. This will allow you to review who can follow your account before accepting them.
|
||||
|
||||
In contrast to most social media platforms, if you have a private profile you still have the *option* to publish posts which are publicly visible to non-followers, and which can still be boosted and seen by non-followers. Therefore, unchecking this box is the only way to have the *choice* to publish to either the entire world or a select group of people.
|
||||
In contrast to most social media platforms, if you have a private profile you still have the *option* to publish posts which are publicly visible to non-followers and can still be boosted by non-followers. Therefore, unchecking this box is the only way to have the *choice* to publish to either the entire world or a select group of people.
|
||||
|
||||
- [ ] **Show follows and followers on profile**: You should uncheck this box to hide your social graph from the public. It is fairly uncommon for the list of people you follow to have some genuine benefit to others, but that information can present a risk to you.
|
||||
|
||||
@ -103,17 +105,93 @@ It is very rare for social media posts older than a few weeks to be read or rele
|
||||
When publishing a new post, you will have the option to choose from one of these visibility settings:
|
||||
|
||||
- **Public**, which publishes your content to anyone on the internet.
|
||||
- **Quiet public**, which you should consider equivalent to publicly posting! This is not a technical guarantee, merely a request you are making to other servers to hide your post from some feeds.
|
||||
- **Quiet public**, which you should consider equivalent to publicly posting! This is not a technical guarantee, but merely a request you are making to other servers to hide your post from some feeds.
|
||||
- **Followers**, which publishes your content only to your followers. If you did not follow our recommendation of restricting your followers, you should consider this equivalent to publicly posting!
|
||||
- **Specific people**, which only shares the post with people who are specifically mentioned within the post. This is Mastodon's version of direct messages, but should never be relied on for private communications as we covered earlier, since Mastodon has no E2EE.
|
||||
- **Specific people**, which only shares the post with people who are specifically mentioned within the post. This is Mastodon's version of direct messages, but should never be relied on for private communications as we covered earlier since Mastodon has no E2EE.
|
||||
|
||||
If you used our recommended configuration settings above, you should be posting to **Followers** by default, and only posting to **Public** on an intentional and case-by-case basis.
|
||||
|
||||
## Element
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Element** is the flagship client for the **:simple-matrix: [Matrix](https://matrix.org/docs/chat_basics/matrix-for-im)** protocol, an [open standard](https://spec.matrix.org/latest) that enables decentralized communication by way of federated chat rooms. Users can exist on different homeservers but still communicate with each other.
|
||||
|
||||
[:octicons-home-16: Homepage](https://element.io){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://element.io/help){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/element-hq){ .card-link title="Source Code" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1083446067)
|
||||
- [:simple-github: GitHub](https://github.com/element-hq/element-android/releases)
|
||||
- [:fontawesome-brands-windows: Windows](https://element.io/download)
|
||||
- [:simple-apple: macOS](https://element.io/download)
|
||||
- [:simple-linux: Linux](https://element.io/download)
|
||||
- [:octicons-browser-16: Web](https://app.element.io)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
### Choosing a Homeserver
|
||||
|
||||
To benefit the most from Matrix, it is critical to choose a homeserver which is well aligned with the subject(s) you want to chat about. We do not currently recommend any specific homeservers, but you may find advice within our communities or third-party resources like [*joinmatrix.org*](https://servers.joinmatrix.org). We recommend avoiding *matrix.org* because they are operated by the same company which develops Matrix itself. From the perspective of decentralization, it is better in the long term to separate software developers and server hosts so that no one party can exert too much control over the network as a whole.
|
||||
|
||||
### Recommended Privacy Settings
|
||||
|
||||
From Element's web or desktop app, go to :gear: → **All settings** to find these sections:
|
||||
|
||||
#### Sessions
|
||||
|
||||
By default, when you log in to Element on a new device, the session name will be automatically populated with the Matrix client and platform you used for login. This information may be visible to other users depending on the Matrix client they use.
|
||||
|
||||
To prevent revealing information about your personal device to others unnecessarily, consider emptying the session name; this will change the session name to the randomly generated alphanumeric Session ID instead.
|
||||
|
||||
#### Preferences
|
||||
|
||||
- [ ] Uncheck **Send read receipts**
|
||||
- [ ] Uncheck **Send typing notifications**
|
||||
|
||||
You should uncheck these options to reduce the exposure of metadata to other users when chatting in a public room.
|
||||
|
||||
#### Voice & Video
|
||||
|
||||
- [ ] Uncheck **Allow Peer-to-Peer for 1:1 calls**
|
||||
- [ ] Uncheck **Allow fallback call assist server (turn.matrix.org)**
|
||||
|
||||
If you do decide to use Element for one-to-one communication, we recommend unchecking these settings to prevent the exposure of your IP address to the other party.
|
||||
|
||||
#### Security & Privacy
|
||||
|
||||
##### Manage integrations (scalar.vector.im)
|
||||
|
||||
A Matrix integration manager connects Matrix to third-party services such as bots, bridges, and other enhancements. Element collects information to provide these services to those using an integration manager; you can review its detailed [Privacy Notice](https://element.io/integration-manager-privacy-notice) for the exact information Element collects and the ways it uses such information.
|
||||
|
||||
As an end user on a public homeserver, you can consider unchecking the **Enable the integration manager** option, which does not affect the visibility of bots or other third-party services. As a homeserver administrator, consider whether the additional parties with which you share your data are worth the extra functionality.
|
||||
|
||||
##### Sessions
|
||||
|
||||
- [ ] (Optional) Uncheck **Record the client name, version, and url to recognize sessions for easily in session manager**
|
||||
|
||||
Unchecking this option may make it more diffcult to discern your active sessions if you logged in to your Matrix account on multiple devices.
|
||||
|
||||
#### Encryption
|
||||
|
||||
- [x] (Optional) Check **In encrypted rooms, only send messages to verified users**
|
||||
|
||||
With this setting enabled, unverified users (i.e., those who have not used the **Verify User** function) and unverified devices of verified users will not receive your messages in a room with encryption enabled. This may limit the messages you can view and the people you can interact with.
|
||||
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
- Must be free and open source software.
|
||||
- Must be free and open-source software.
|
||||
- Must use a federated protocol to communicate with other instances of the social networking software.
|
||||
- Must not have non-technical restrictions on who can be federated with.
|
||||
- Must be usable within a standard [web browser](desktop-browsers.md).
|
||||
|
||||
@ -603,7 +603,6 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
|
||||
- { .twemoji loading=lazy } [Signal](real-time-communication.md#signal)
|
||||
- { .twemoji loading=lazy } [Briar](real-time-communication.md#briar)
|
||||
- { .twemoji loading=lazy } [SimpleX Chat](real-time-communication.md#simplex-chat)
|
||||
- { .twemoji loading=lazy } [Element](real-time-communication.md#element)
|
||||
- { .twemoji loading=lazy } [Session](real-time-communication.md#session)
|
||||
|
||||
</div>
|
||||
@ -615,6 +614,7 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji loading=lazy } [Mastodon](social-networks.md#mastodon)
|
||||
- { .twemoji loading=lazy } [Element](social-networks.md#element)
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
|
Before Width: | Height: | Size: 1.1 KiB After Width: | Height: | Size: 1.1 KiB |
Reference in New Issue
Block a user