- cross-posted to:
- tech@pawb.social
- cross-posted to:
- tech@pawb.social
I don’t consider myself exceptional in any regard, but I stumbled upon a few cryptography vulnerabilities in Matrix’s Olm library with so little effort that it was nearly accidental.
It should not be this easy to find these kind of issues in any product people purportedly rely on for private messaging, which many people evangelize incorrectly as a Signal alternative.
FWIW, current versions of the reference client (Element) don’t use the Olm library (libolm), which is now deprecated.
From the README:
Also, from the latest weekly update:
Nevertheless, if you’re using a third-party Matrix client that depends on libolm, you might want to contact its developers, or switch.
How I know if Fractal the gnome app use that library?
It uses matrix-rust-sdk (written by Element) and that uses the new vodozemac, so you’re safe
I doubt Fractal uses libolm, since it’s a Rust app, but you could ask the developers to be certain.
https://gitlab.gnome.org/World/fractal