• @Lynda@lemmy.ml
      link
      fedilink
      42 years ago

      I wonder how much longer until governments require corporations to Know Your Customer, especially if they offer crypto.

    • @bluebell@lemmy.ml
      link
      fedilink
      32 years ago

      Yeah signal is good, but the thing I dislike about it is that its centralized and you don’t actually have the option to run your own server. Maybe one of the forks of session like session is a good alternative. But I feel like Signal is the best alternative to things like Whatsapp and Facebook messenger and it is arguably a lot more user friendly that matrix and XMPP.

      • poVoq
        link
        fedilink
        5
        edit-2
        2 years ago

        Compared to the Conversations XMPP client the main “advantage” of Signal in regards to user friendliness is basically that people got used to using their phone numbers for messengers. But that is a bit like printing you phone number on your t-shirt and claiming that is is easier for people to contact you that way…

        Also there is Quicksy.im which is Conversations but with a phone-number… if you really want to remove your privacy like that.

        • @nasp@lemmy.ml
          link
          fedilink
          4
          edit-2
          2 years ago

          Conversations is indeed a far better alternative here…

          • It uses a very popular protocol, xmpp
          • works with e2e encryption for text, files, video, audio,
          • it can be self hosted,
          • it’s fully open source, and has a couple of popular forks (like blabber)
          • devs got no funding from intelligence agencies (like matrix has)
          • it’s highly efficient (unlike matrix) and runs on the cheapest of vps servers / raspberry pi
      • @Lynda@lemmy.ml
        link
        fedilink
        2
        edit-2
        2 years ago

        You can run your own Session server, if you stake it. But Session is about relaying messages, so its not an exclusive server. And because a node is staked, I’m skeptical where Lokinet/Oxen is going (sounds like there’s eventually going to be a business model somewhere in there).

        I think the future needs to go towards something serverless. P2P has its drawbacks (offline messages and battery usage). Server based communication has dependence on someone else’s infrastructure. Blockchain might be a solution, combined with either something like Signal Secret Sender, Whisper, or Tor/Lokinet/I2P/relay. Not sure…but I believe it can be a lot better than what we have.

        Matrix and XMPP is just not streamlined enough for mass adoption like Signal is. If Signal removes the phone number requirement, that will be HUGE. But keep in mind, Signal could easily be blocked.

      • CHEF-KOCH
        link
        fedilink
        1
        edit-2
        2 years ago

        I think the ability to run your own server could be added in the future, if they want that. The beauty about software is that most stuff can be fixed.

    • CHEF-KOCH
      link
      fedilink
      3
      edit-2
      2 years ago

      XMPP had the issue that it did not supported Video and file-sharing as we know it today. They created more XEPs to address it but the client mess made it impossible for people to really use it. There was no OTR for group-chats implemented nor originally planned and other things.

      Above mentioned things changed but in the meantime people switched.

  • @nasp@lemmy.ml
    link
    fedilink
    82 years ago

    I would like to thank the good people of Lemmy here, who helped me avoid the logistical nightmare of setting up a matrix server, and instead choose xmpp. It’s been so fun and easy to get my family on my xmpp server using Conversations/blabber app. Resource usage is minimal, and it works very easily.

  • poVoq
    link
    fedilink
    5
    edit-2
    2 years ago

    Matrix edit: Element aims to be more of a replacement for Slack/Discord than WhatsApp/Signal/Telegram though.

    I think XMPP is probably the better replacement for the latter. With apps like Conversations/Blabber.im and Siskin for iOS the “personal messenger” experience is quite good these days (but not perfect), and with e2ee coming to Movim, there is a strong contender for a convenient to use XMPP webapp as well.

    • @Looki@lemmy.ml
      link
      fedilink
      52 years ago

      Funny thing is, every time Matrix is proposed as an alternative for Slack/Discord, people say the opposite, i.e. that Matrix is more a replacement for WA/Signal/TG.

      After using Matrix for a while, IMO it’s closer to a personal messenger, since you have less focus on collections of channels (Servers, Categories) and more on single groups and PMs. True, there is Spaces and Threading in Beta, but that is a pretty recent development in the Matrix world.

      But the lines get blurrier anyways, so I don’t think it’s useful to discern between these two kinds of messaging platforms any more

      • poVoq
        link
        fedilink
        2
        edit-2
        2 years ago

        Ok, maybe I should have said Element, i.e. their official Matrix web-client. Which is clearly much closer to Slack/Discord and also aimed at being a team-chat client like that. You can argue that it isn’t a very good one, but even more clearly it isn’t a good personal messenger like WhatsApp etc.

    • @nachtigall@feddit.de
      link
      fedilink
      42 years ago

      I share your view that XMPP is superior to Matrix as replacement for WhatsApp (which actually uses XMPP internally but does not participate in federation) in the context of personal/direct 1:1 messaging.

      The reason, though, is more technical. Matrix works like a globally synchronized database - it duplicates the message history to all participants of a chat and is stored on the server which makes it incredibly complex, expensive and error prone. XMPP rather works like a simple relay - the message is only stored until delivery. This makes the server part way more lightweight and adminstration easier as you don’t run out of memory as fast as with matrix. (See more)

      Regarding the clients I don’t like either. Element is too Slack-ish and the more modern clients like FluffyChat are quite buggy. Conversations one the other side looks outdated with a design from like 2015. I would like to see it adopting more recent iterations of material design such as cards or rounded corners.

      After all both protocols unfortunately leak considerable meta data :/

      • @nasp@lemmy.ml
        link
        fedilink
        42 years ago

        Very good break-down.

        Besides the meta-data leaking, I would always use xmpp Conversations app over anything else. I don’t find it too outdated UI wise, but I’m no expert in this area. It does feel intuitive - somewhat like watsapp. But the blabber fork does a sligthly better job in UI

      • @federico3@lemmy.ml
        link
        fedilink
        22 years ago

        Matrix works like a globally synchronized database

        And, among other issues, this is why it leaks tons of metadata and allow for easy correlation attacks and social graph discovery.

  • AceKat
    link
    fedilink
    42 years ago

    I constantly see this argument but let’s face it, it’s very unlikely that enough people will ever switch to something like Matrix. I like decentralization and the matrix protocol is brilliant, but it brings many problems:

    • Many people will have to care enough to host their own servers (which now is not remotely as common as it should be) otherwise everyone will just use the biggest severs, weakening the advantages of decentralization
    • It’s way harder to implement new features that people care about
    • People are not used to Element’s UI and there aren’t clients good enough to compete with Telegram, Whatsapp or even Signal
    • The performance wouldn’t be as good exept for the biggest servers, causing centralization again
    • If people don’t use it, it becomes useless, which is the same problem other alternatives have. This means that people must want to change naturally to it, meaning clients, ease of use and performance would have to be at least on par with what they’re using at the moment

    On the other hand, Signal:

    • Is very similar to the way Whatsapp works, which is what most people are used to
    • The Android and iOS clients are getting better with time (the desktop client needs to abandon electron but it’s hard with only few developers and it’s a lot of work)
    • The protocol is robust and audited
    • It doesn’t leak metadata, as Matrix does
    • Even if it’s centralized and Signal runs their servers on AWS, the only useful information third parties could gather are timestamps and the recipient of the message, not even the sender
    • It’s easy to jump on Signal, the network of contacts already exists and you wouldn’t need to ask for usernames or email addresses
    • Don’t foget that the clients and the server are open source, and even if the Signal Foundation decides to stop working on Signal, shutting down the services (VERY unlikely), we could fork the projects and bring them back up

    Centralization can be problematic, but if it’s done correctly the pros may outweigh the cons, and in my opinion this is the case for Signal, but I’d happy to be proved wrong in future

    • @Looki@lemmy.ml
      link
      fedilink
      12 years ago

      The performance wouldn’t be as good exept for the biggest servers, causing centralization again

      In my experience, self hosted matrix is way faster than matrix.org ^^

      • AceKat
        link
        fedilink
        12 years ago

        It depends on what hardware you host it. Most people can’t affort powerful hardware. My experience with self-hosted matrix on a raspi 4 and on an old desktop pc hasn’t been great, and the problems grow with the number of users

  • @je_vv@lemmy.ml
    link
    fedilink
    12 years ago

    I don’t know if Matrix is the solution for everything. There’s xmpp, on the side of decentralized+federated options, which seems to me better in terms of meta data leaking, and for self hosting, less resource intensive. And on the side of distributed p2p mechanisms, there’s Jami, Briar and others, which should be even better for privacy. The important thing is to make people realize centralized, and not so FOSS solutions (not sharing the actual code being at use, doesn’t seem really open source, for example), plus having to trust the service provider, is not private neither secure…

  • krolden
    link
    fedilink
    12 years ago

    yeah right there’s no way to convince the signal users I know to switch platforms yet again. I tried getting some to switch to xmpp which is much simpler than setting up a matrix account and they wouldn’t do it.

    • Bilb!
      link
      fedilink
      22 years ago

      You’re basically competing with “Simply download the app (Signal) and use it.” That’s a tough thing to motivate anyone to do, and I can’t articulate in a convincing way to anyone I know why it’s better. In practical terms as far as they’re concerned, Matrix are XMPP are not any better and my preference that we didn’t use siloed centralized services is purely abstract to them.

    • @lionelcr@lemmy.ml
      link
      fedilink
      1
      edit-2
      2 years ago

      I chose matrix over signal because of the centralization problem. That being said, I could convert some friends and family to use matrix but a lot of people went to (or already were on it) signal.

      After a few months I decided to install a signal bridge on my matrix server so I guess I’m having kind of best of both worlds, even though it’s not a perfect solution, it is one acomodating both sides.

      EDIT: it really bothered me to use my personal phone number as well so I use an other number I had laying around

      • krolden
        link
        fedilink
        12 years ago

        Well the phone number requirement is one of the best parts of signal IMO. Makes it much easier to find your contacts that are also using signal. Plus there’s no account to create.

        I just use both and its been fine for me.

  • @0x90@lemmy.ml
    link
    fedilink
    12 years ago

    Matrix and XMPP are the best services!

    Please do not forget about Revolt the open source and self hostable, clone of Discord.

    • Halce
      link
      fedilink
      22 years ago

      Shame is, Revolt refuses to support any kind of federation…

      • @Lynda@lemmy.ml
        link
        fedilink
        02 years ago

        Tox is well implemented, but we need something that can handle messages when a recipient is offline, and something that won’t consume a lot of energy on a mobile device. Regardless of what options we have today, we need to push for the next gen of P2P, not accept less.

        • @je_vv@lemmy.ml
          link
          fedilink
          2
          edit-2
          2 years ago

          Well, not exactly, I believe Tox hadn’t moved away from needing a lot of auditing they lack. Seed:

          https://github.com/TokTok/c-toxcore

          https://github.com/TokTok/c-toxcore/issues/426

          https://github.com/TokTok/c-toxcore/issues/210

          https://github.com/TokTok/spec/issues/50

          What it seems is that tox was left behind, compared to other protocols… But most importantly, that they’re really lacking the auditing they need.

          I was a fan long time ago, but now I no longer know… Besides tox, there are other p2p ways to communicate, like Briar and Jami. Though Jami doesn’t use double ratchet encryption, it does offer e2ee, and it’s the only offering multi devices syncing, though it doesn’t really work well yet.

          The other thing about p2p + e2ee communications, is how impractical they become on mobile devices, whether you keep them deactivated, or you get your device battery drawn in half a day or so… But I’m still hoping for they to become better on both aspects, power consumption and multi devices syncing, supporting both, desktop and mobile devices. In the meantime, I settle down with xmpp, :)

          I didn’t like Briar because it isn’t cross platform

          • @Lynda@lemmy.ml
            link
            fedilink
            12 years ago

            I didn’t like Briar because it isn’t cross platform. I didn’t like Jami because the configuration is confusing and the UI on Linux is not good. Tox has issues, but I’m over Tor. It is simple…and very fast…even over Tor. Status.im is another to take a look at. They may have solved the offline issues. Like I’ve said, there still a lot of room for a new generation of messengers.

            • @je_vv@lemmy.ml
              link
              fedilink
              1
              edit-2
              2 years ago

              Yup, there are several options… And I guess, as everything, it’s a matter of taste. I do believe Tox shouldn’t be used when looking for privacy and security, and somehow, perhaps due to lack of developers, that hadn’t changed for quite some time. FYI, there’s a Briar for gnu+linux, though I can’t tell if there’s a desktop version of it (I do know ubuntu touch makes it available for phones). Unfortunately I don’t like status.im, it includes a crypto wallet within, and though it’s OSS, it’s not FLOSS, which I prefer, having an option. I’m hopping for Jami to get more polished, both on the devices syncing and the UI. I have to see what happens with Briar for gnu+linux, and although I lost hope some time back, I’d really like Tox to improve on its security status. BTW, I used Tox (I really had high hopes on it), and there’s no multi-device support. On Android I used both, trifa and antox (it seems antox has been dropped now a days), and on desktop I used qtox. And with no exception, on Android, tox apps, briar, jami, all are power hungry, which is the other thing I’d really like them to improve, but have low expectations given their p2p nature…

              • @Lynda@lemmy.ml
                link
                fedilink
                12 years ago

                Status is something I’m trying to better understand. It solves the P2P problem of offline messages, but I haven’t tried the mobile version to measure battery consumption. I would assume the battery usage is better because Status doesn’t require to be constantly online.

                I think there needs to be a mind set change for these types of apps. The big shift is to refer to these apps/platforms as decentralized/distributed. Decentralization/distributed includes messaging + currency + websites. Status is also built with Ethereum. So if they have the technology already built, it would seem logical a lot of these apps/platforms are going to include similar crypto/blockchain features. And if you don’t like the dapps and wallet, you can disable the features in the app. So far I haven’t seen a downside.

  • ferret
    link
    fedilink
    0
    edit-2
    2 years ago

    I daily drove Matrix for a while and honestly, the UI/UX isn’t so good. Signal is the only platform I can reasonably get people on, and it’s just a better user experience (stickers, nice look, fast messages, link previews, etc.).

    I’m honestly sick of people saying some alternatives are great for everyone when they still have work to do, you can’t even easily make encrypted groupchats on there. So much fragmentation, so little polish - still love the devs but like, be realistic

    • @TaiAurori@lemmy.ml
      link
      fedilink
      22 years ago

      I imagine when someone says Matrix and “UX/UI isn’t good” they usually mean Element, which is the most popular of the multiple clients available (one example being Fluffychat which I hear is somewhat simpler in UX), but choice of client usually doesn’t fix fundamental problems with the protocol itself, so pick your poison.

      On the bright side, it seems the Element team recently started really picking up on the complaints yearning for a good fix-up of the Element UX, so the original issue itself might change up soon.

    • SeerLite
      link
      fedilink
      12 years ago

      you can’t even easily do encrypted groupchats on there

      I’m curious about this. You’re not the first one to say this, but it’s been the complete opposite experience for me. The “Create room” dialog has encryption enabled by default. All group chats I’ve been in (where there aren’t any bridge bots to other services) work perfectly well with encryption enabled.

      I agree the UI/UX sucks though. I’ve been waiting for it to get better for a while but lately I’ve been considering just moving to Telegram.

      • ferret
        link
        fedilink
        2
        edit-2
        2 years ago

        Right now I’m using Signal for people I personally know and Matrix for some big communities (it’s fine for that). I wouldn’t recommend Telegram because of privacy concerns, though it definitely does have the advantage of a large userbase. But I think Signal has a comparable UI/UX to Telegram so it’s worth making it work

    • ᗪᗩᗰᑎ
      link
      fedilink
      02 years ago

      a better user experience (stickers, nice look, fast messages, link previews, etc.). I’m honestly sick of people saying some alternatives a Hard agree. Additional some of his points don’t make sense, like his stance on “what if a better app ever appears” - like, who cares? If there’s a significantly better app, suggest it, if there isn’t, why caution people about something that doesn’t exist?

      He also brings up the point about LibreSignal being shut down by Moxie but doesn’t bring up the fact there are 3rd party clients that exist, which the devs are aware about, but haven’t been shut down/blocked and its been years.

      Anyways, I would disagree with the message as Signal is currently the best private and cross-platform SMS/text replacement available.

  • @the_tech_beast@lemmy.ml
    link
    fedilink
    02 years ago

    Great article and it is strange that Moxie doesn’t really like Signal forks using their servers. Isn’t what Moxie doing against the license of the project?

    Signal is great but as written in the article there are problems with it. But the great thing about Signal is that it is really simple to use and there is nothing to really set up.

    Element on the other hand has a kind of complicated UI. I am fine with the UI but I often hear new people complaining about it.

    The matrix protocol is great and I love the decentralised aspect of it.

    If you install the app on another device, sometimes old messages in an encrypted room won’t appear and then you have to request a key from another session, get the device verified, etc. This process is kinda difficult to understand for me.

  • @Lynda@lemmy.ml
    link
    fedilink
    -12 years ago

    I think it would be nice to have a consumer focused document covering:

    • Product risks.
    • Roadmap of where we want to go.
    • Feature implementation matrix of where we want to go.
    • I would also like to know the challenges to what we want (feasibility? pros/cons?)

    In addition: I don’t want to depend on servers.
    I don’t want the risk of self hosting a server. I don’t want a server that can be blocked. I don’t want to trust client/server code. I don’t want people/admins to know who I am talking to. I don’t want people/admins to know where I’m talking from. I don’t want admins to know about groups, the subject, or the members. I don’t want to depend on an organization that can be controlled by government or ideology. I don’t want to depend on anything that can be shutdown.

    Status and Session seem to be the next evolution (though still not perfect).

  • CHEF-KOCH
    link
    fedilink
    -2
    edit-2
    2 years ago
    • Matrix has no SMS support, it is a weak argument but it is one because some people prefer All-in-One Apps instead of installing 1000 apps.
    • You can use Signal with burner Sim, the old argument … but but it uses your phone number is nonsense.
    • You can use Signal forks that work without phone number like e.g. Molly.
    • It is correct that Matrix uses AWS, azure and co. as servers, however the metadata impact those servers can see or use or abuse is not given. This is proven, same like that the code is considerable good enough. From what I know the Matrix clients … none of them nor the protocol got audited.
    • Skipping each time a new player pops up instead of fixing the existent protocols and clients is not for everyone a solution.
    • Most Matrix clients, at least on Desktop suck, it ends up with using alternative clients and then there is the problem of fragmentation and that those clients might even be more insecure or do not implement all feature.

    I use both Matrix and Signal and they both suck in terms of usability and alternatives clients with better GUIs and resource usage.

    Claiming over and over and over Matrix is the solution when it is not and had multiple times already incidents is cringe. There is metadata leakage, there is the group chat encryption problematic and and and, I do not even mention all problems. It will take years to address all of this.

    • @pinknoise@lemmy.ml
      link
      fedilink
      22 years ago

      You can use Signal with burner Sim, the old argument … but but it uses your phone number is nonsense.

      It’s not that easy to get anonymous SIM-cards in many countrys. Also it’s just incredibly inconvenient and insecure. (enables easy impersonation)

      But yes most matrix clients (and servers) suck big time.

      • CHEF-KOCH
        link
        fedilink
        -2
        edit-2
        2 years ago

        You can buy SIMs online via Monera and Bitcoin.

        It is really that easy, I do not post websites because it is a gray-zone but Google it and you find entire phones without SIM tracking and websites connected to it selling only the SIMs. Every scammer use this method.

        How is that insecure if I may ask. There is no attack scenario, SMS is simply not designed to be secure, you know that before you can send something. Impersonation is on all anonymous networks like Session a problem, this is not an exclusive SMS or Signal problem. God knows how many CHEF-KOCH fakes I already encountered on Telegram and Session. I stopped counting.

        Also secure networks like Session do not stop someone from data exfiltration attacks or if you leak information yourself others can use against you. SO those networks and so-called alternatives are by no means any real alternative, Signal is designed for friends, not strangers. My friends have my real-name and my phone number, not sure about your friends…

        • @pinknoise@lemmy.ml
          link
          fedilink
          22 years ago

          You can buy SIMs online via Monera and Bitcoin.

          I know, there are also sms-gateways and if you’re in the EU you can use a SIM from another EU country for quite cheap. It’s still inconvenient, may leak your location and is probably illegal.

          Impersonation is on all anonymous networks like Session a problem

          Using a mobile number as ID gives a false sense of authenticity. Signal only shows tiny warnings when someones “security code changes” when it should block further communication and show a warning that cannot be clicked away without knowing the implications.

          Also secure networks like Session do not stop someone from data exfiltration attacks or if you leak information yourself others can use against you.

          It’s impossible to defend against this at the software level.

          Signal is designed for friends, not strangers.

          Is your communication with friends less sensitive than that with strangers?

          • CHEF-KOCH
            link
            fedilink
            2
            edit-2
            2 years ago
            • Farming data without opt-in is also illegal and no one cares.
            • Using no authentication at all is also false sense of authenticity because you do not know who you are talking too which disqualifies Session. Another problem is you need to trust others servers, joining them without any chance to verify that these servers are not a honeypot or alt-right.
            • I agree there is no network nor software which prevents data exfiltration attacks. But this shows that the main issue is on users end, not the network.
            • My point is that you to 100 Percent already shared sensitive information, so there is no privacy intrusion if you use Signal. Signal is proven to be secure and the metadata stuff on the servers are so minimal that the feds cannot do anything at all with it. I do not see to suggest other IMs who had leaks in the last + there are no audits or evidence that it is really as secure as you think it is.

            Verification, at some point will so or so become a part in the EU, if not via SMS than age check, ID or whatever they come up with. The dream that you can be fully anonymous than this is what this is about ,not privacy, will end so or so, thanks to alt-right people who abuse every anonymous network to share illegal material, to scam others. The privacy argument is for most nothing but an excuse and the Govt is also not stupid and can see that. How is it helpful suggesting software or alternatives that are ore complicated to setup and you never know who you are talking too better, I do not see it, you run into more problems if you trust anonymous strangers, besides you can block on every Android phone at least Contacts and SMS permission without root if you dislike those permissions or features - some networks or alternatives do not even allow that.

            There are problems on both ends, not only centralization and decentralization does not solve all of mentioned problems. No beginner wants to setup his own server to just chat, and no one I know does that, so at the end of the day it anyway ends up trusting a random stranger with your data because you use his server, network with your data.

            I think Signal is good for beginners, like ever software it is not perfect and like every network nothing is fully anonymous. I do not see how Matrix beats simplicity, functionality and usability - right-now - over Signals for beginners. In fact by default depending on what server you are connected too on Matrix you are less secure. There is absolute no verification, so complaining about that Signals verification process is not perfect while Matrix ones is not existing or flawed is weird.