Element.io [Secure Messenger]

[SilkScarf]

Create, Share, Communicate, Chat, and call securely, and bridge to other apps!

Server lists:
https://www.hello-matrix.net/public_servers.php
https://www.anchel.nl/matrix-publiclist/
https://matrixservers.anchel.nl/

Random Servers (We do not necessarily support any political or cultural views prevalent on these servers, they're just here for completeness as a list of public servers):
https://kiwifarms.net/threads/official-kiwi-farms-riot-matrix-server.53185/page-2

---

Sign-up guide:

1. Go to https://riot.im/app/#/register

2. Click 'Custom server,' and replace the 'Home server URL' with "https://matrix.sibnsk.net"

---

F.A.Q:

How do I get rid of the Community Panel on the left-hand side (since it's taking up horizontal space)?
1. Click your name in the upper left corner
2. 'Settings'
3. 'Preferences' section in the left-hand nav-bar
4. Uncheck 'Enable Community Filter Panel'
5. Refresh your browser twice OR close and open your desktop client twice

[SilkScarf]

Known bugs:
Cannot undo invite - https://github.com/vector-im/riot-web/issues/7180

[SilkScarf]

News:

Apr 19, 2019 - Riot is now in use at France's National Cybersecurity Agency (had a bug at launch) - https://www.zdnet.com/article/french-government-releases-in-house-im-app-to-replace-whatsapp-and-telegram-use/

Feb 14, 2019 - THE BIG 1.0 UPDATE IS HERE - https://medium.com/@RiotChat/the-big-1-0-68fa7c6050be

The experimental version of the Riot redesign is out! - http://riot.im/experimental
This is far from complete, but it gives a feel for what the UI will eventually look like.

[Corenat Rovarnus]

THE BIG 1.0 UPDATE IS HERE!
https://medium.com/@RiotChat/the-big-1-0-68fa7c6050be

[SilkScarf]

IT'S FINALLY HERE



PSA:
If you want to hide the Community Panel on the left hand side (since it's taking up horizontal space):
1. Click your name in the upper left corner
2. 'Settings'
3. 'Preferences' section in the left-hand nav-bar
4. Uncheck 'Enable Community Filter Panel'
5. Refresh your browser twice OR close and open your desktop client twice.

[SilkScarf]

Riot is now in use at France's National Cybersecurity Agency (had a bug at launch) - https://www.zdnet.com/article/french-government-releases-in-house-im-app-to-replace-whatsapp-and-telegram-use/

Matrix project lead AMA - https://old.reddit.com/r/privacy/comments/da219t/im_project_lead_for_matrixorg_the_open_protocol/f1mu5h4/

Matrix servers ranked by ping? - https://matrix.org/blog/2020/01/10/this-week-in-matrix-2020-01-10/

[SilkScarf]

BIG 1.6 UPDATE HAS HIT
https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-here/

A lot of great stuff, and most of it has to do with end-to-end encryption (E2EE).

Highlights:
- E2EE enabled by default on all private rooms
- Search enabled in E2EE rooms
- Files will show up in the files pane in E2EE rooms.
- Cross-signing has been enabled. This means that if you add a new device, it no longer needs to be verified by everyone else in the room. Instead, you take the responsibility of verifying it from a known good device of your own.
- Custom theming enabled (https://github.com/aaronraimist/riot-web-themes, https://github.com/vector-im/riot-web/blob/master/docs/theming.md)

[SilkScarf]

Riot.im is now Element.io
(since Riot games company keeps giving them legal trouble)

https://element.io/blog/welcome-to-element/

[SilkScarf]

How to format spoiler/blurred text in Element:
/html normal text <span data-mx-spoiler="reason">spoiler content</span> more normal text

you can also do /spoiler to blur the whole message
/spoiler this is blurry

https://old.reddit.com/r/elementchat/comments/l30x6m/how_do_you_create_spoilers_in_element/

[SilkScarf]

Does Element/Matrix generate link previews on the server, thus bypassing end-to-end encryption on E2EE enabled rooms?
Related links:
https://github.com/vector-im/element-android/issues/481
https://github.com/matrix-org/matrix-spec-proposals/issues/2120
https://docs.t2bot.io/matrix-media-repo/url-previews/index.html
https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html
https://matrix-org.github.io/synapse/latest/media_repository.html#url-previews
https://matrix-org.github.io/synapse/latest/development/url_previews.html

Can URL link previews lead the server or user to execute malware? These links imply yes:
https://www.bilibili.com/video/BV1ba411A7g6/ - Link Previews- How hackers can run any JavaScript code on Instagram
https://www.mysk.blog/2020/10/25/link-previews/
https://securityintelligence.com/articles/link-previews-security-and-privacy/
https://security.stackexchange.com/questions/239928/are-preview-thumbnails-for-links-a-risk
https://gigazine.net/gsc_news/en/20201027-messengers-leak-data-drain-battery/

Other links on link previews:
https://9to5mac.com/2020/10/26/researchers-demonstrate-how-link-previews-in-apps-can-expose-data-from-users/
https://threatpost.com/linkedin-instagram-preview-link-rce-security/160600/
https://www.macrumors.com/2020/10/26/link-previews-may-lead-to-security-vulnerabilities/

Malware in images:
https://blog.reversinglabs.com/blog/malware-in-images
https://security.stackexchange.com/questions/237715/if-malware-can-be-attached-to-an-image-file-then-why-arent-images-a-common-att