====== Private Communication & Matrix Setup ======

This page summarises ideas around private communication, the EU "ChatControl" debate, and the move towards self-hosted Matrix infrastructure.

===== The Problem: Client-Side Scanning & ChatControl =====

A recurring concern is the trend towards **client-side scanning** on general-purpose devices:

  * Proposals like ChatControl aim to detect abusive content by scanning:
    * Messages.
    * Photos and attachments.
    * Possibly other local data.
  * Scanning happens on user devices, **before** encryption, meaning:
    * End-to-end encryption is undermined if content is already analysed on the endpoint.
    * The scanning infrastructure can be repurposed for other forms of surveillance.

Key risks:

  * **Mass surveillance of everyone**, not only suspects.
  * A dependency on large, opaque AI classifiers that can:
    * Produce false positives.
    * Be silently updated to flag other content categories.
  * Politically sensitive targeting:
    * Once the mechanism exists, it can be repurposed for dissent, minority groups, etc.

The consensus is that this is **incompatible with robust privacy** even while sharing the goal of fighting abuse.

===== Design Goals for Private Communication =====

From discussions, a good communication setup should:

  * Use **end-to-end encryption by default**.
  * Be **self-hosted** where feasible, to avoid third-party data mining.
  * Use **open protocols and free software** to:
    * Allow auditing.
    * Avoid lock-in.
  * Support **bridges** to other networks (Telegram, IRC, XMPP) when people can’t move immediately.

===== Matrix as a Communication Hub =====

Matrix came up as a candidate for a self-hosted hub:

  * Modern, federated protocol with E2E encryption.
  * Servers (homeservers) such as:
    * Synapse (mature).
    * Conduit or Dendrite (more lightweight / experimental).

A typical small-scale design:

  * **Homeserver**:
    * Runs Matrix (Synapse or Conduit) on a Debian server.
    * Uses PostgreSQL as backend.
  * **Client**:
    * Element desktop/mobile for daily messaging.
    * Element Call or Jitsi integration for voice/video.
  * **Reverse proxy**:
    * nginx on `matrix.example.com` with TLS, reverse-proxying to the homeserver.

===== Self-Hosting Considerations =====

Important operational points:

  * **Resource usage**:
    * Matrix servers can be memory-hungry with many rooms; tune retention and enable pruning.
  * **Backups**:
    * Back up the database and config; remember that E2E keys on clients are critical.
  * **Key management**:
    * Encourage users to enable cross-signing and backup their keys.
  * **Updates**:
    * Keep your homeserver and reverse proxy updated for security.

The overall direction is to move away from opaque corporate silos towards **federated, E2E-encrypted, self-hosted communication**, acknowledging the extra admin overhead as the price of privacy.