Hi Guys,

The team behind the Matrix communication platform has published a security warning about two critical-severity vulnerabilities that break its end-to-end encryption. If exploited, a remote attacker can run man-in-the-middle attacks that expose message contents in a readable form. Stop using the following clients until you have updated them to the latest versions:

  • Element
  • Beeper
  • Cinny
  • SchildiChat
  • Circuli
  • Synod.im.

Do not perform verification with new devices until you have upgraded – this is CRITICAL.

The following clients are using different encryption implementations that are safe to use.

  • Hydrogen
  • ElementX
  • Neko
  • FluffyChat
  • Syphon
  • Timmy
  • Gomuks
  • Pantalaimon

You can read the complete advisory HERE, but the two flaws were discovered and responsibly disclosed by researchers at Royal Holloway University London, University of Sheffield, and Brave Software. The issues have been fixed, but it makes me think about other issues in this system (or any other system) that have not been discovered yet.

If you have something sensitive that you want to share, such as your grandmother’s top secret age-old cake recipe, do not trust any technology to share it unless you know what you are doing. And even if you know what you are doing, you still need to be careful.

Also, we finally get to use our Matrix image!

All the best,
Max Roberts,
Incognito Privacy Care Team