As said in another comment it’s testing for improving thr Wikipedia website. I personally find it to be significant improvement. Having shorter lines that are easier to read is really great.

I don’t think that calling other people “normies” is a great idea. It is very rare to be able to convince someone while showing a lack of respect for them.

The app already had E2EE at that point, this only marks the release of the v2 of their protocol, which is now considered state of the art for asynchronous messaging.

Finally, since the client is a binary distributed by Whisper, it’s not possible to verify that the client and server use the published protocol independently.

What are you talking about? The official client is open source and has reproducible builds.

Yes, the government can force them to give them encrypted garbage, and they will comply. They will also give the metadata with it, but there are multiple mechanisms in the app (client-side) to make sure that the server can’t even access most of the metadata, because it’s either not sent or encrypted.

So I guess for really sensitive matters you have to make sure your collaborators know how to stay safe

This is a really bad idea. The software you use should be usable safely without any knowledge of security if you want it to be really effective outside of security conscious people. And even security conscious people make mistakes.

And of course if your use-case really required a web-client you could just self-host it

That’s not an option for 99.99% of the population.

Fair point, but having a smaller team of highly competent devs (their job requirements are quite high if you look on their website) does allow them to innovate quicker and keep an overall high level of quality.

And it’s not like telegram were there code is completely unusable and the server is propretary. There are already a bunch of forks of Signal that exists (session being one of the main).

You don’t have to use matrix with a browser client

But the presence of a browser client seriously undermines the security of the whole platform. People don’t know that they should not use the browser client. If it were a third party client it wouldn’t undermine the seriousness of Matrix, but the browser client is an official one, which shows that Matrix takes security much less seriously than Signal.

only super easy and seamless with one client, i.e. the webbased Element

But the Webbased client’s security model is simply broken. E2EE in the browser is simply not possible.

What do you mean by that?

I know matrix, and it’s much lower overall quality, significantly less secure and popular, and is very unlikely to ever become popular until they really rethink their UX.

I didn’t know them before. Maybe they can become a serious FLOSS competitor to citymapper one day!

Self hosting of the synapse server is pretty well documented. There even is an ansible script to speed it up.

I know. But I don’t have a server, don’t really want to pay for one. I also know that Matrix is very resource hungry. I know some sysadmin stuff, and it is time consuming, especially when it’s down and you don’t know why and you need it running because you have some important document that you need quickly etc…

Then there is the matter of security. I’m not going to be able to quickly react to issues, I’m not going to update it on time, and as soon as it crashes all the people that I would have managed to make migrate would immediately go back to whatever we used previously.

All that for a really mediocre UX and overall security compared to Signal. No thanks.

I don’t know what runs on matrix.org either unless I self-host, which I don’t do, because it’s way too time consuming and is much less reliable.

And Signal has mechanisms to prevent mapping user networks such as Sealed sender, which matrix and XMPP don’t have.

Federation makes it much harder to keep metadata private, though you could technically achieve the level of privacy found in Signal, it’s not easy.

In practice, Signal is a lot better at protecting your metadata than Matrix and XMPP.

Now that matrix has a lot of different clients and implementation, of would be super hard for them to implement something like Sealed Sender, which Signal was able to deploy very easily. I find it very unlikely that matrix will end up fixing its privacy issues. While Signal will be able to evolve and fix them. They are currently working on usernames for example.

I’ve found signal fans to be more fanatical in their loyalty to it than most advocates of other privacy apps

It’s because all criticism I’ve seen of Signal is at best circumstantial, and have nothing concrete despite the app being open source, with reproducible builds, under a ton of international scrutiny. I have read part of their code. I have understood the protocol itself for some of my classes.

It’s one of the rare FLOSS project that is actually good enough in terms of UX to actually reach popular adoption. We shouldn’t shoot it down.

On the side there are some concerning security issues with Matrix which I detail here. Signal is much much more attentive to the security of their implementation.

the server code being not federated means you effectively can’t (or won’t) self host.

This doesn’t matter if the app is designed to not require a trusted server

Threema has generated IDs, Matrix has usernames, Telegram has usernames. Why can’t Signal?

Because they originally worked by encrypting SMS, which required phones numbers. Internet messaging arrived later, and they are working on usernames in a similar way to how Telegram does it if I understand correctly.

In this comment you say founded. I can accept that it’s a typo.

More like Signal

But based on them defending signal from critics as recently as a few years ago.

Link?

2ndly, open source doesn’t mean too much for centralized services that aren’t self hostable

There are forks that exists such as Session. Open Source is important

• CIA Funding:
• • This is a non-issue. The OTF also funds: Briar, Tor, Wireguard, Delta Chat, Bind9, CGIProxy, CertBot, K-9 Mail, Tails, NoScript, QubesOS, The Guardian Project, and a host of other essential privacy tools/software. You’re telling me they’re all compromised just because they’re getting funded? I don’t buy it.

Even if it were not the case, Signal was founded 3 years before it started receiving funding from the OTF.