Tightening up Privacy in Matrix

Hi all,
A few weeks ago there was some
discussion around the privacy
of typical Matrix configurations, particularly how Riot’s default config uses
vector.im as an Identity Server (for discovering users on Matrix by their email
address or phone number) and scalar.vector.im as an Integration Manager (i.e.
the mechanism for adding hosted bots/bridges/widgets into rooms). Firstly, the reason Riot is configured like this is for the user’s convenience:
in general, we believe most users just want to discover other people on Matrix
as easily as possible, and a logically-centralised server for looking up user
matrix IDs by email/phone number (called third party IDs, or 3PIDs) is the only
comprehensive way of doing so. As should also be obvious, these
issues are categorically not malicious: Matrix (and Riot) literally exists to give users full control and autonomy over their communication, and privacy is a key part of that.

Source: matrix.org