If they can send me over the second half of my thesis I would appreciate it enormously! 😀
The analytics tools that I am personally uncomfortable with involve dynamic, changing forms of data. I run GPSLogger on my phone (without a SIM card) and continuously log the GPS data to a text file. This data is then synced to my computer when WiFi is available. I can display this data on a map using gpx-viewer, and show very detailed tracking data of myself.
I have explored this map with some friends/family. They get to see a time-stamped movie of my life - my trips to work, to the shop, when I go out, if I go on a trip, etc. The data displayed in this manner is somewhat intimate, personal information. Anyone I have shown this to has said that they would not be so comfortable with such a map of their lives existing… Well, if they are carrying a active phone with a SIM card, it does.
To think that a company like Google can own such a map for a very large number of people makes me uncomfortable. On top of that, each of those map trajectories can be associated with an individual and their personality… They have the ability to pick out specific trajectories on the basis of the political ideologies or shopping behaviors of the personas behind them. This is extreme. I am of the opinion that the convenience afforded by a these technologies does not justify the allocation of that super-power to the companies that enable the technology.
A few years ago Facebook enabled a “Graph search” feature. This allowed users to create search queries such as"Friends of friends of X who like the page “X” and went to school near Z". That tool seemed super cool on the surface, but it quickly became obvious how something like that could be easily exploited. Later on in Snowden’s book I learned about XKeyscore from the NSA, which is like an extra-powerful no-consent-needed graph search that is available to some people. This is not just targeted ads.
I guess that what I am trying to convey is… For me, making the privacy-conscious choice is about not contributing to the ecosystem of very concrete tools that give super-powers to groups of people that may not have my best interest in mind. In my mind it is something very tangible and concrete, and I find many of those convenience tradeoffs to be clearly worth it.
I have used XMPP for some time now and I tried Matrix for a bit, but have stuck with XMPP until now.
I found it practically very easy to set up a prosody XMPP server in a raspberry pi. In XMPP you have the core standard that is kept quite minimal and then you can extended your implementation using XMPP extension protocols (XEPs) in a highly modular fashion. This approach of building on top of a light core using well-documented extensions I like very much.
With Matrix, JSON is used instead of XML. I think that JSON is a nice format when trying to look under the hood at how the message data is structured. XML is a bit of a pain to look at in my opinion. And I think JSON might be more efficient in how it moves the data around. So, that is a big positive for me. But I Matrix appears to be more focused on being feature rich than on having a flexible modular structure. While it does have extensions, successful extensions do have a chance of being eventually integrated into the core protocol. This makes the core feel bloated to me, because I have very minimal requirements.
In terms of security, in XMPP you start with the core and then you select the type of encryption that you like (OpenPGP, OMEMO, etc). OMEMO encryption has plausible deniability built into its design, and for me, plausible deniability is a property that I consider important for messaging. The modular approach to XMPP also means that these are choices that one gets to make in an active manner, and the protocols are open protocols that come from outside of XMPP. With Matrix you get their encryption protocol as part of the core - it is a protocol that they designed and that you need to accept to use their tool with encryption. It is probably a good protocol, but I don’t think it has plausible deniability built in, and that’s a choice you did not get to make.
As for moderation, I don’t know. Do they mean moderation tools, or the actual absence of moderators and unmoderated communities? Because the latter is more a property of the people using the tool that the tool itself. You can have your own private communities.
If someone asks me, I could recommend Matrix but would rather recommend XMPP, depending on what they are looking for specifically.