Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
I would like to thank the good people of Lemmy here, who helped me avoid the logistical nightmare of setting up a matrix server, and instead choose xmpp. It’s been so fun and easy to get my family on my xmpp server using Conversations/blabber app. Resource usage is minimal, and it works very easily.
Matrix is quite good. Other alternatives are Briar and Anonymous Messenger. https://briarproject.org https://anonymousmessenger.ly
I hope they eventually become multi-platform, and good support.
Signal just proven again that the feds cannot get any data.
https://signal.org/bigbrother/santaclara/
Yeah signal is good, but the thing I dislike about it is that its centralized and you don’t actually have the option to run your own server. Maybe one of the forks of session like session is a good alternative. But I feel like Signal is the best alternative to things like Whatsapp and Facebook messenger and it is arguably a lot more user friendly that matrix and XMPP.
You can run your own Session server, if you stake it. But Session is about relaying messages, so its not an exclusive server. And because a node is staked, I’m skeptical where Lokinet/Oxen is going (sounds like there’s eventually going to be a business model somewhere in there).
I think the future needs to go towards something serverless. P2P has its drawbacks (offline messages and battery usage). Server based communication has dependence on someone else’s infrastructure. Blockchain might be a solution, combined with either something like Signal Secret Sender, Whisper, or Tor/Lokinet/I2P/relay. Not sure…but I believe it can be a lot better than what we have.
Matrix and XMPP is just not streamlined enough for mass adoption like Signal is. If Signal removes the phone number requirement, that will be HUGE. But keep in mind, Signal could easily be blocked.
Compared to the Conversations XMPP client the main “advantage” of Signal in regards to user friendliness is basically that people got used to using their phone numbers for messengers. But that is a bit like printing you phone number on your t-shirt and claiming that is is easier for people to contact you that way…
Also there is Quicksy.im which is Conversations but with a phone-number… if you really want to remove your privacy like that.
Conversations is indeed a far better alternative here…
I think the ability to run your own server could be added in the future, if they want that. The beauty about software is that most stuff can be fixed.
I wonder how much longer until governments require corporations to Know Your Customer, especially if they offer crypto.
Afaik there was some shady stuff with Signal. Idk if it’s even true, but I think that centralisation just sucks for privacy and just by having common sense this is an issue. I think that signal it’s a pretty good alternative compared to Whatsapp, Instagram Direct, Facebook Messenger or SMS (if someone uses that) . But I think that we need to move to a decentralized alternative.
deleted by creator
XMPP had the issue that it did not supported Video and file-sharing as we know it today. They created more XEPs to address it but the client mess made it impossible for people to really use it.
This has changed but in the meantime people switched.
Video, voice , files - all e2e ecrypted now on conversations (xmpp) using OMEO
Works well
Not every client supports OMEO and none of those clients got an independent audit.
https://omemo.top/
Skip Signal, skip Matrix, go independent, go P2P.
Use Briar, the only messaging system that protects your metadata and does not need servers.
Does Briar work well? I have never tried it
with what? tox?
Tox is well implemented, but we need something that can handle messages when a recipient is offline, and something that won’t consume a lot of energy on a mobile device. Regardless of what options we have today, we need to push for the next gen of P2P, not accept less.
Well, not exactly, I believe Tox hadn’t moved away from needing a lot of auditing they lack. Seed:
https://github.com/TokTok/c-toxcore
https://github.com/TokTok/c-toxcore/issues/426
https://github.com/TokTok/c-toxcore/issues/210
https://github.com/TokTok/spec/issues/50
What it seems is that tox was left behind, compared to other protocols… But most importantly, that they’re really lacking the auditing they need.
I was a fan long time ago, but now I no longer know… Besides tox, there are other p2p ways to communicate, like Briar and Jami. Though Jami doesn’t use double ratchet encryption, it does offer e2ee, and it’s the only offering multi devices syncing, though it doesn’t really work well yet.
The other thing about p2p + e2ee communications, is how impractical they become on mobile devices, whether you keep them deactivated, or you get your device battery drawn in half a day or so… But I’m still hoping for they to become better on both aspects, power consumption and multi devices syncing, supporting both, desktop and mobile devices. In the meantime, I settle down with xmpp, :)
I didn’t like Briar because it isn’t cross platform. I didn’t like Jami because the configuration is confusing and the UI on Linux is not good. Tox has issues, but I’m over Tor. It is simple…and very fast…even over Tor. Status.im is another to take a look at. They may have solved the offline issues. Like I’ve said, there still a lot of room for a new generation of messengers.
Yup, there are several options… And I guess, as everything, it’s a matter of taste. I do believe Tox shouldn’t be used when looking for privacy and security, and somehow, perhaps due to lack of developers, that hadn’t changed for quite some time. FYI, there’s a Briar for gnu+linux, though I can’t tell if there’s a desktop version of it (I do know ubuntu touch makes it available for phones). Unfortunately I don’t like status.im, it includes a crypto wallet within, and though it’s OSS, it’s not FLOSS, which I prefer, having an option. I’m hopping for Jami to get more polished, both on the devices syncing and the UI. I have to see what happens with Briar for gnu+linux, and although I lost hope some time back, I’d really like Tox to improve on its security status. BTW, I used Tox (I really had high hopes on it), and there’s no multi-device support. On Android I used both, trifa and antox (it seems antox has been dropped now a days), and on desktop I used qtox. And with no exception, on Android, tox apps, briar, jami, all are power hungry, which is the other thing I’d really like them to improve, but have low expectations given their p2p nature…
Status is something I’m trying to better understand. It solves the P2P problem of offline messages, but I haven’t tried the mobile version to measure battery consumption. I would assume the battery usage is better because Status doesn’t require to be constantly online.
I think there needs to be a mind set change for these types of apps. The big shift is to refer to these apps/platforms as decentralized/distributed. Decentralization/distributed includes messaging + currency + websites. Status is also built with Ethereum. So if they have the technology already built, it would seem logical a lot of these apps/platforms are going to include similar crypto/blockchain features. And if you don’t like the dapps and wallet, you can disable the features in the app. So far I haven’t seen a downside.
Matrix and XMPP are the best services!
Please do not forget about Revolt the open source and self hostable, clone of Discord.
Shame is, Revolt refuses to support any kind of federation…
Matrixedit: Element aims to be more of a replacement for Slack/Discord than WhatsApp/Signal/Telegram though.I think XMPP is probably the better replacement for the latter. With apps like Conversations/Blabber.im and Siskin for iOS the “personal messenger” experience is quite good these days (but not perfect), and with e2ee coming to Movim, there is a strong contender for a convenient to use XMPP webapp as well.
I share your view that XMPP is superior to Matrix as replacement for WhatsApp (which actually uses XMPP internally but does not participate in federation) in the context of personal/direct 1:1 messaging.
The reason, though, is more technical. Matrix works like a globally synchronized database - it duplicates the message history to all participants of a chat and is stored on the server which makes it incredibly complex, expensive and error prone. XMPP rather works like a simple relay - the message is only stored until delivery. This makes the server part way more lightweight and adminstration easier as you don’t run out of memory as fast as with matrix. (See more)
Regarding the clients I don’t like either. Element is too Slack-ish and the more modern clients like FluffyChat are quite buggy. Conversations one the other side looks outdated with a design from like 2015. I would like to see it adopting more recent iterations of material design such as cards or rounded corners.
After all both protocols unfortunately leak considerable meta data :/
And, among other issues, this is why it leaks tons of metadata and allow for easy correlation attacks and social graph discovery.
Very good break-down.
Besides the meta-data leaking, I would always use xmpp Conversations app over anything else. I don’t find it too outdated UI wise, but I’m no expert in this area. It does feel intuitive - somewhat like watsapp. But the blabber fork does a sligthly better job in UI
I daily drove Matrix for a while and honestly, the UI/UX isn’t so good. Signal is the only platform I can reasonably get people on, and it’s just a better user experience (stickers, nice look, fast messages, link previews, etc.).
I’m honestly sick of people saying some alternatives are great for everyone when they still have work to do, you can’t even easily make encrypted groupchats on there. So much fragmentation, so little polish - still love the devs but like, be realistic
He also brings up the point about LibreSignal being shut down by Moxie but doesn’t bring up the fact there are 3rd party clients that exist, which the devs are aware about, but haven’t been shut down/blocked and its been years.
Anyways, I would disagree with the message as Signal is currently the best private and cross-platform SMS/text replacement available.
I constantly see this argument but let’s face it, it’s very unlikely that enough people will ever switch to something like Matrix. I like decentralization and the matrix protocol is brilliant, but it brings many problems:
On the other hand, Signal:
Centralization can be problematic, but if it’s done correctly the pros may outweigh the cons, and in my opinion this is the case for Signal, but I’d happy to be proved wrong in future
In my experience, self hosted matrix is way faster than matrix.org ^^
It depends on what hardware you host it. Most people can’t affort powerful hardware. My experience with self-hosted matrix on a raspi 4 and on an old desktop pc hasn’t been great, and the problems grow with the number of users
I think it would be nice to have a consumer focused document covering:
In addition: I don’t want to depend on servers.
I don’t want the risk of self hosting a server. I don’t want a server that can be blocked. I don’t want to trust client/server code. I don’t want people/admins to know who I am talking to. I don’t want people/admins to know where I’m talking from. I don’t want admins to know about groups, the subject, or the members. I don’t want to depend on an organization that can be controlled by government or ideology. I don’t want to depend on anything that can be shutdown.
Status and Session seem to be the next evolution (though still not perfect).
I think Jami is one of the best contenders, on the serverless p2p sides, :)
I use both Matrix and Signal and they both suck in terms of usability and alternatives clients with better GUIs and resource usage.
Claiming over and over and over Matrix is the solution when it is not and had multiple times already incidents is cringe. There is metadata leakage, there is the group chat encryption problematic and and and, I do not even mention all problems. It will take years to address all of this.
It’s not that easy to get anonymous SIM-cards in many countrys. Also it’s just incredibly inconvenient and insecure. (enables easy impersonation)
But yes most matrix clients (and servers) suck big time.
You can buy SIMs online via Monera and Bitcoin.
It is really that easy, I do not post websites because it is a gray-zone but Google it and you find entire phones without SIM tracking and websites connected to it selling only the SIMs. Every scammer use this method.
How is that insecure if I may ask. There is no attack scenario, SMS is simply not designed to be secure, you know that before you can send something. Impersonation is on all anonymous networks like Session a problem, this is not an exclusive SMS or Signal problem. God knows how many CHEF-KOCH fakes I already encountered on Telegram and Session. I stopped counting.
Also secure networks like Session do not stop someone from data exfiltration attacks or if you leak information yourself others can use against you. SO those networks and so-called alternatives are by no means any real alternative, Signal is designed for friends, not strangers. My friends have my real-name and my phone number, not sure about your friends…
I know, there are also sms-gateways and if you’re in the EU you can use a SIM from another EU country for quite cheap. It’s still inconvenient, may leak your location and is probably illegal.
Using a mobile number as ID gives a false sense of authenticity. Signal only shows tiny warnings when someones “security code changes” when it should block further communication and show a warning that cannot be clicked away without knowing the implications.
It’s impossible to defend against this at the software level.
Is your communication with friends less sensitive than that with strangers?
Verification, at some point will so or so become a part in the EU, if not via SMS than age check, ID or whatever they come up with. The dream that you can be fully anonymous than this is what this is about ,not privacy, will end so or so, thanks to alt-right people who abuse every anonymous network to share illegal material, to scam others. The privacy argument is for most nothing but an excuse and the Govt is also not stupid and can see that. How is it helpful suggesting software or alternatives that are ore complicated to setup and you never know who you are talking too better, I do not see it, you run into more problems if you trust anonymous strangers, besides you can block on every Android phone at least Contacts and SMS permission without root if you dislike those permissions or features - some networks or alternatives do not even allow that.
There are problems on both ends, not only centralization and decentralization does not solve all of mentioned problems. No beginner wants to setup his own server to just chat, and no one I know does that, so at the end of the day it anyway ends up trusting a random stranger with your data because you use his server, network with your data.
I think Signal is good for beginners, like ever software it is not perfect and like every network nothing is fully anonymous. I do not see how Matrix beats simplicity, functionality and usability - right-now - over Signals for beginners. In fact by default depending on what server you are connected too on Matrix you are less secure. There is absolute no verification, so complaining about that Signals verification process is not perfect while Matrix ones is not existing or flawed is weird.
yeah right there’s no way to convince the signal users I know to switch platforms yet again. I tried getting some to switch to xmpp which is much simpler than setting up a matrix account and they wouldn’t do it.
You’re basically competing with “Simply download the app (Signal) and use it.” That’s a tough thing to motivate anyone to do, and I can’t articulate in a convincing way to anyone I know why it’s better. In practical terms as far as they’re concerned, Matrix are XMPP are not any better and my preference that we didn’t use siloed centralized services is purely abstract to them.
I chose matrix over signal because of the centralization problem. That being said, I could convert some friends and family to use matrix but a lot of people went to (or already were on it) signal.
After a few months I decided to install a signal bridge on my matrix server so I guess I’m having kind of best of both worlds, even though it’s not a perfect solution, it is one acomodating both sides.
EDIT: it really bothered me to use my personal phone number as well so I use an other number I had laying around
Well the phone number requirement is one of the best parts of signal IMO. Makes it much easier to find your contacts that are also using signal. Plus there’s no account to create.
I just use both and its been fine for me.