This article is a critique of a video by Upper Echelon you can watch on YouTube or Odysee. It is about Matrix, a tool I use and promote, being used by criminals, specifically pedophiles for their insidious activity. However, this video contains misinformation and a lack of understanding of how this software works.
First, I'd like to state that at least at the time of writing I've watched Upper Echelon for I think a few years and this is not a hit piece on some idiot I just discovered but a critique of someone I've generally liked. So let's start. One of the first things brought up in this video is that Matrix is "connected" to governments and this is even in the title of the video. The video mentions how Matrix and the client Element are funded and used by various governments and government agencies but no point is made other than just stating that this is ironic since criminals also use the software. Later in the video, mention of government use is brought up again but I will get to that point in a later section.
The next portion of this video brings up that criminals use Matrix for nefarious means and then discusses some technical details about the censorship resistance and how logging of activity to enact this resistance goes against the 'private and secure' perception of the Matrix protocol. This doesn't mean that Matrix itself is unsafe and unprivate. You can still have safety and privacy without ephemerality. What's important is that people understand how protocols and software works and act accordingly. It is discussed how logs of rooms can be scraped and analyzed to further the point of an illusion of privacy and compares it to how blockchains are falsely classified as private. However to do this, the room must either be unencrypted or you must already be a member of an encrypted room. This isn't really a point against Matrix having an illusion of privacy since any encrypted chat of any protocol or software can be scraped provided you have access to said chat. Obviously if you have the decryption keys, you can use the decrypted state to do what you want with the data. You can't however just go in and scrape other encrypted rooms since you don't have access to the decrypted data without the keys. Comparing this to a blockchain's illusion of privacy is a false comparison.
Next, Mr. Echelon brings up a point that is objectively wrong. He states "It doesn't matter who you are or what homeserver you run. If you operate a portion of the Matrix network, your infrastructure can and probably is being used to support and spread this material actively. Because of the way it's designed, if you have a personal homeserver and someone from that homeserver goes and joins a room designed to share illegal content, your homeserver now gets roped into seeding that room.". This point is false because it does matter what homeserver you run. Admins of homeservers can choose to close access and registration under their homeserver and even choose to defederate from the rest of the network. This point can only be true if you either run a homeserver with public registration or a closed-registration federated homeserver where another person as been allowed an account. Private and defederated homeservers are never brought up in the video. Later in the video, he states "Any homeserver can be used to distribute illegal content. Matrix is by design a media proxy meaning that any homeserver on the Matrix network can be made to display and download content from any other homeserver...". Again, this is false for the already stated reasons.
A possibly somewhat valid point is made but only with a specific homeserver. He brings up that the Matrix.org homeserver removed a lot of rooms used for illegal content and removed the ability to create rooms on the homeserver for some time but critiques the Matrix.org homeserver for de-indexing and not fully deleting some rooms. Assuming this is true, it is indeed suspicious that rooms would be just delisted but there's no context provided whether these are confirmed to be rooms that exist for the purposes of pedophilic activity. This also shows homeservers can choose to delete content and rooms hosted on them so if like stated previously, a homeserver is used to "support and spread" bad stuff, admins can still stop it on their own homeservers.
Now we get into the 'solution' to the problem, that being hashlists. The same system that all the giant privacy-invasive corporations use is promoted as a solution to preventing child porn on Matrix. However, in the video it's stated this would only work in public, unencrypted rooms and since Matrix is intended to be used with encryption, this is a non-solution. And there're reasons why this system won't work for Matrix regardless. The biggest reason hashlists won't work is because almost anyone with a modicum of privacy literacy is going to either completely avoid or not post risky content anywhere that uses this system and there would likely be lists for any homeservers or clients that use hashlists to any degree. And let's not forget that Matrix and its clients are all libre/open source so if there were to be anything like hashlists or really anything that could even remotely be considered a type of surveillance could just be forked or have a new piece of software written removing it. Most people that use Matrix including myself are the kinds that won't be okay with their stuff being hashed and sent to a centralised and proprietary database to be analyzed. In the video, it is asked why Matrix isn't using these 'well-established' and 'industry standard' protocols even though they work with governments. It's because these 'well-established' and 'industry standard' protocols are primarily if not exclusively used with centralised systems that could actually take action using this system. The governments themselves also use Matrix since it's seemingly safe enough and they aren't going to use something that essentially scans their messages. Matrix is decentralised and this hashlist system could only be used in one part of the Matrix system that could easily be avoided. It would be useless. Hashlists will not and cannot be a solution.
In the video, Upper Echelon says he got the majority of this information from a source that wishes to be anonymous. This raises some suspicion in me. Before being contacted by this source, I am assuming that Upper Echelon either only heard of or had never heard of Matrix. Because of this, I believe there is a heavy negative bias implanted by this source which affected the information presented in the video seeing as it's wrong many times and misunderstands Matrix. I question the source's motive. I have absolutely no evidence of what the source's motive may be but it could be as innocent and ignorant as a person simply trying to 'save the kids' without regard to privacy or knowledge of how certain things work or it could be as insidious as some state actor targeting a well-known and mostly positively received YouTuber to spread a negative message about Matrix as some sort of psyop.
Regarding how to actually stop harmful criminals using Matrix, I have no idea. But here's the thing most privacy-centric people are too scared to say: Anything privacy-respecting that's worth a shit is going to be used by criminals. I want to stop sickos like pedophiles from spreading child porn but I'm not compromising my own privacy and security because something I use could also be used by them. Matrix for the time being fits my needs and I will still use and promote it.
The comments on YouTube are mostly people either critical and correcting the misinformation in the video or just spouting "honeypot" or "it glows" probably learning about the existence of Matrix from this video. Odysee comments are mostly critical. Regarding the comments accusing Matrix of being a glowing honeypot, the code's all available. Anyone able to read the source code can verify and modify it. There could certainly be rooms and homeservers that are themselves honeypots but Matrix itself isn't. Should it ever start implementing suspicious features, people would likely find out considering how popular it is and how many people work on various parts of it.
Ironically, despite making plenty of videos about misinformation, this video seems to spread it itself. It's objectively wrong at certain points, provides a false solution, and pulls the whole "Criminals and pedophiles use it so it's bad." crap trying to emotionally influence you towards the matter. In regard to these things, Upper Echelon's words at the end of each video say it best: Question everything.
Written 2024-6-21 Published 2024-7-1