My concern is in the opposite direction of what everyone appears to be interpreting, despite what I thought was clear wording in my initial post.
It's not that govt/LE uses Matrix. It's that Matrix/Element actively seeks out partnership with govt/LE (to the extent of presenting on stage at a police conference), suggesting they are particularly interested in a relationship with authorities and personally sympathetic to these authorities, at the management/director level.
This is not a position I expect from an organization that is determined to build secure communications potentially used by activists, people living in oppressive/authoritarian regimes, etc... If I was a member of such a high-risk group, I don't think I would be putting my faith in this org to produce something I can actually consider truly secure.
I would guess the reason for that would be that those platforms are willing to pony up real cash and the actual communication protocol itself is no less secure when they use it. See also: Tor, famously developed/funded by the government
>If I was a member of such a high-risk group, I don't think I would be putting my faith in this org to produce something I can actually consider truly secure.
If I were in such a high-risk group, I wouldn't be putting my "faith" in anyone. Rather, I'd personally make damn sure my sensitive communications couldn't be spied upon.
I'd also point out that repressive/authoritarian regimes don't care about the rule of law and/or personal privacy, so they can just come to your house and take you away without any proof that you're working against the state.
What's more, they can also confiscate any systems/devices you (or others) may have in an attempt to discover the identities of your "co-conspirators." And they can torture you to give up those names, even if the names you give up aren't actually involved at all.
You seem to believe that there's some sort of magical software that can keep someone safe if a government or well-funded private actor wants to get you. News flash: there is no such animal.
From a personal perspective, I do share some of your misgivings about the appearance of sympathies with LE / authorities. It doesn't -feel- all that great to see. But at the end of the day to me it boils down to what another commenter said. If it's good enough for them, it is probably good enough for me. Someone has to pay the bills so the show can go on.
If the problem is that we're not trusting $LE_GOV_AGENCY to use the technology because it may hide abuses of authority, the root problem is that we can't trust $LE_GOV_AGENCY for reasons external to their choice of communication tooling. And that's not a problem I think we can solve with technology alone.
Plus, 'We can't allow X/Y/Z to use encrypted chat because they could do awful things' is a bit of a double-edged sword I personally don't feel comfortable wielding lest it be wielded against my own 'high-risk group'.
Disclaimer: SRE at Element, but I've been running a Matrix homeserver of my own since before I joined the company
The reason we "actively seek out partnership with govt/LE" is simply because they are by far the primary customer segment who actually have an clear need for self-hosted interoperable end-to-end encrypted communication and are willing to pay for it. If we don't find organisations who are willing to pay Element for services, then quite simply we can't pay people to work on Matrix and Element as their dayjob, and the whole thing would switch into best-effort volunteer run activity (although I'd presume most of the team would feel pretty burnt if that happened and go spend their freetime on something else). About 80% of Element's revenue comes from public sector, and without it the project simply wouldn't exist.
Hopefully, eventually, the rest of the world will wake up to the fact that sleepwalking into using Teams and Slack (or WhatsApp) is a catastrophe in the making. It's only a matter of time before someone publishes a torrent of every line of Teams scrollback or Slack scrollback for some high-profile organisation; the breach has probably already happened; the breacher is just waiting for the best strategic moment to drop the information bomb.
But until then, Element makes payroll by selling to folks like the French and German Governments, the United Nations, etc. They pick Element because it is high trust, and they can audit it and run it themselves. And there is categorically no way that I or other senior management at Element would destroy the company (let alone Matrix) by breaking that trust by letting someone undermine its privacy.
Separately: I'm literally years overdue in publishing Element's internal ethics guidelines publicly, which spells out precisely who we do and don't do business with. For what it's worth, the high level summary is:
* We don't sell to criminals (under UK/US/EU law)
* We don't sell to sanctioned (by UK/US/EU) or abusive govts or organisations
* We don't sell to orgs who explicitly encourage use which goes against our terms of service.
Our definition of abusive governments/orgs are those who commit human rights abuses or, who commit international atrocities (as defined by the UN), or contracts which primarily support the above.
Most western governments (including their police forces) do not fall into this bracket.
It's not that govt/LE uses Matrix. It's that Matrix/Element actively seeks out partnership with govt/LE (to the extent of presenting on stage at a police conference), suggesting they are particularly interested in a relationship with authorities and personally sympathetic to these authorities, at the management/director level.
This is not a position I expect from an organization that is determined to build secure communications potentially used by activists, people living in oppressive/authoritarian regimes, etc... If I was a member of such a high-risk group, I don't think I would be putting my faith in this org to produce something I can actually consider truly secure.