I've been thinking about this for a while, that there's kind of not a great solution, that I know of or can think of, for long-form internal political discussions within an organisation. There are of course existing platforms that are not private (like you could have a Facebook group for instance).

There's obviously a lot of encrypted chat apps out there but they're all more "texting" form and are not great for like forum-style discussion.

The best I can think of might be Matrix, but it's more of a chatroom style format and I've not tried using it for this forum-style of discussion which I'm not sure if it works smoothly for.

Tbh a mailing list would kind of be my ideal (I assume there's mailing list software out there that integrates with PGP so we can protect our emails) but so many people in organising spaces are pretty tech-resistant boomers (no offence to the older generation, I'm aware it's a generalisation that doesn't apply to everyone) and it'd be hard to get everyone to use PGP I think. Also email is just not very secure in the first place and would expose a lot of metadata, making it not suitable for organisations that are heavily criminalised or otherwise have a higher threat model. Not to mention that the mail server in question would be able to read the emails sent to the mailing list, as it has to decrypt emails sent to the mailing list in order to encrypt it with all recipients' personal PGP keys. And there's just so many points of failure in terms of all messages to the mailing list getting accessed if just one member gets compromised.

Maybe I'm missing an obvious solution, in which case please tell me of course. But this is just an issue that's crossed my mind over the years as I've watched organisations use insecure platforms for long-form discussion, and I cringe, but I don't think I know the ideal solution either.

  • Abracadaniel [he/him]
    ·
    2 months ago

    I've been considering self-hosted Matrix, in order to keep metadata obscured to anyone outside the org. is that advantage preserved when using a cloud server?

    • Zvyozdochka [she/her, pup/pup's]
      ·
      edit-2
      2 months ago

      As long as the people using your home server aren't messaging people or chatting in rooms from other home servers (aka you've disabled federation) and you can trust your cloud provider not to snoop around, yea, it's a fairly decent solution. Even with disk encryption like LUKS or your file system's built-in encryption, if your cloud provider wanted, they could just dump the memory of your VM and find the password/encryption keys that way.

    • chickentendrils [any, comrade/them]
      ·
      2 months ago

      Not really, you can do obscure things or obscure the hosting server with reverse proxies and mixnetworks. Most cloud hosts aren't sniffing around in your VMs/containers... But they might.