Thank you for posting the response to that disclosure, I were low-key waiting for it since I saw Soatok's post.
Not a cryptographer, so can hardly discuss merits of described problems, however knowing reporter's history with disclosures to Matrix I kept a large chunk of salt while reading his most recent blog post regarding issues I can't verify myself with what I know.
While I respect reporter's expertise, his blog posts are personal and they read more like a rant, which is fair, this is a furry blog post first and foremost after all (and I've done my own share of ranting on mine). But it (rantyness, not the type of blog) takes away from trust in what they are writing, as this feels like making points for already prepared conclusion rather than finding issues out of genuine point of concern. And this seems to work in disfavor of how grounded his arguments are. When looking for issues out of spite the bar for research you are willing to do is lower.
Still interested if he will respond to points brought up by this blog post (EDIT: He did).
At least one point I do have to grant to Soatok though even with my expertise, despite terrible choice of repositories he has chosen as representation for his blog post, Matrix ecosystem does have an issue with using depreciated Olm library which again, is a security library still used in clients such as nheko and Neochat (both of which are the only ones I currently consider using).
Frisk
npub195…4y4xs
2026-02-19 01:04:09 UTC
in reply to nevent1q…zgc2
Author Public Key
npub1954cl2ygy3mgsc42lq2v0tu2up8xkl2mj9c2pj9l8fsf7wxe25rqz4y4xsSeen on
wss://relay.momostr.pinkPublished at
2026-02-19 01:04:09 UTCEvent JSON
{
"id": "00f6eb1a07cd97ac6fc9cdeb610998fefbf6137c4b2c34f390df536a5c6581c0",
"pubkey": "2d2b8fa88824768862aaf814c7af8ae04e6b7d5b9170a0c8bf3a609f38d95506",
"created_at": 1771463049,
"kind": 1,
"tags": [
[
"p",
"d94510b6ff3160c54dd7cf65ccaa86f6396eb3b04849817c4b559fde80d22bca"
],
[
"e",
"372620354a89dc5644dec9ba38020db4e38d3a537c95cb0377c319b906bff570",
"",
"root",
"d94510b6ff3160c54dd7cf65ccaa86f6396eb3b04849817c4b559fde80d22bca"
],
[
"proxy",
"https://woof.tech/@Frisk/116094602393684062",
"web"
],
[
"proxy",
"https://woof.tech/users/Frisk/statuses/116094602393684062",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://woof.tech/users/Frisk/statuses/116094602393684062",
"pink.momostr"
],
[
"-"
]
],
"content": "Thank you for posting the response to that disclosure, I were low-key waiting for it since I saw Soatok's post.\n\nNot a cryptographer, so can hardly discuss merits of described problems, however knowing reporter's history with disclosures to Matrix I kept a large chunk of salt while reading his most recent blog post regarding issues I can't verify myself with what I know.\n\nWhile I respect reporter's expertise, his blog posts are personal and they read more like a rant, which is fair, this is a furry blog post first and foremost after all (and I've done my own share of ranting on mine). But it (rantyness, not the type of blog) takes away from trust in what they are writing, as this feels like making points for already prepared conclusion rather than finding issues out of genuine point of concern. And this seems to work in disfavor of how grounded his arguments are. When looking for issues out of spite the bar for research you are willing to do is lower.\n\nStill interested if he will respond to points brought up by this blog post (EDIT: He did).\n\nAt least one point I do have to grant to Soatok though even with my expertise, despite terrible choice of repositories he has chosen as representation for his blog post, Matrix ecosystem does have an issue with using depreciated Olm library which again, is a security library still used in clients such as nheko and Neochat (both of which are the only ones I currently consider using).",
"sig": "cc68f89fe27ebe3db0cd696cd6525270f7dd5080ad30eb37170226dac74e3befb47094e5e81dc6fd0ff20ab995fed51b0223b15175f056f5bb0ce3f8676945d3"
}