Half-Shot
commented
6 years ago matrix.org and vector.im are situated in the US.
What gave you that idea? They aren't. Everything we are running ourselves is in the EU.
Closed ilu33 closed 6 years ago
Half-Shot
commented
6 years ago matrix.org and vector.im are situated in the US.
What gave you that idea? They aren't. Everything we are running ourselves is in the EU.
ilu33
commented
6 years ago The cloudflare IP adresses. I didn't see "cloudflare" when I opened the ticket but I see it now. I know it's protection, but it's still a US service. Users can't see which data is where. And this needs careful explanation privacy-wise for a chat program. And by "explanation" I don't just mean "DDoS". I mean explaining how the data is still inaccessible for US authorities.
We are already excluding matrix.org users in some of our rooms.
ara4n
commented
6 years ago Cloudflare may be a US service, but its servers are deployed globally, and they do not store or route data between nodes. So, matrix.org's IP of 104.24.207.27 or 104.24.206.27 resolves via anycast routing to the nearest cloudflare node, which if you're in europe will be in europe. This then routes the traffic straight through to our servers, which are hosted in Frankfurt. So, the data never leaves the EU.
ilu33
commented
6 years ago I amended my earlier post. This explanation is probably valid but has to be included in the privacy declaraion. Cloudflare is still a third party service.
Your privacy notices on Matrix.org and riot.im omit that you transfer data outside European Union. That's an important fact and you need to provide that information.
Actually, you might prefer to avoid that situation altogether. Since on almost every homeserver users registered at matrix.org join it's generally worrysome that matrix.org and vector.im are situated in the US. You couldn't find a european hoster? And since it looks like GB might hard-brexit without any "deal" - when saying "european" I don't mean GB.