I am really struggling to replace facebook messenger / whatsapp for a few casual conversations. My friends and I are all wanting to move away. We are not heavy users of this but need it to work. I think the requirements are:

  • floss client for android, linux, windows

  • persistent history across devices

  • reasonable security

  • don’t need to self host server

  • can send a message to offline user, they get it when they come online

  • not tied to or reliant on phone number / cell service

  • ETA: end user documentation explaining how to set up and common troubleshooting

tried:

  • matrix: the thing with having to keep track of room keys and stuff is too complicated. every time someone uses a new device it is a ton of issues and we could never quite get it ironed out

  • signal: tied to phone number, no history across devices

  • xmpp: similar to matrix the key situation is confusing, also no cross device history

  • ETA: simpleX: a lot of people here are mentioning simpleX. It didn’t come up in previous investigations so will give it a shot.

    • ETA 2: It doesn’t seem to have persistent history across devices. Clarification?

I actually didn’t think this would be such a problem but it is breaking us. we don’t need a lot of sophisticated features like voice, video, moderation, 1000s of participants, spam protection etc that seem to be of concern to the projects. just simple text chat.

  • rufus@discuss.tchncs.de
    link
    fedilink
    arrow-up
    8
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Have a look at:

    https://www.messenger-matrix.de/

    You could also use Matrix or XMPP without all the complicated e2ee stuff, room keys etc. It’s encrypted on transport. It won’t be super safe and have the highest level of privacy this way, but easier to use. You just have to remember not to enable room encryption. And maybe use SchildiChat instead of Element.

    • linuxPIPEpower@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      That is a great chart. Do you think it’s up to date? One issue I had was trying to discern very old from current materials.

      Thanks, we don’t need high level security, just a reasonable modern attempt at it. Due diligence. I had a hard time understanding what kind of encryption we “should” use.

      I tried SchildiChat and I liked it except for all the problems that seems inherent to matrix.

      • rufus@discuss.tchncs.de
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Sure, this chart is updated from time to time. (The guy who published it also has a very nice german tech blog: https://www.kuketz-blog.de/ ) But it only contains widely adopted messengers and focuses on open-source. So it doesn’t necessarily contain every good messenger out there.

        I know. Matrix is quite good. I learned how to operate it, so that’s alright for me. But I know there are a few annoying things in there. And I think they did a few design decisions with the encryption that make it difficult to use. In the years I’ve been using it I’ve been annoyed many times by incompatible verification techniques or missing encryption support in some clients/libraries. It’s getting better but I can understand why you would prefer something else. I’m not an expert on messengers, I hope some of the other suggestions here work for you.

        • linuxPIPEpower@discuss.tchncs.deOP
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I’m not an expert on messengers

          me neither! and I have not desire to become one. :D

          It has been a big surprise to see how involved you have to get and how much complex understanding is required just to chat. And in my group of friends I am one of the more power user types. If I struggle to use something, then I can’t recommend it to others. So far everyone is really discouraged and I think it is reflecting quite badly on the concept of moving away from corporate/proprietary solutions. And FLOSS. It seems like just not viable for average users. :(

          In this kind of situation we don’t have unlimited chances to try all different options one by one. because in requires a coordinated effort for multiple people to make accounts, set up devices, learn new software etc. People do not have time for that on demand. I think for most people, you have 1 shot at this kind of thing, if any. And if they are not FLOSS-type people they will be basing their opinions of all of FLOSS alternatives on the experience.

          Patience is wearing thin. I think if the next thing we try doesn’t work, then it’ll be back to facebook/whatsapp/sms for the next 10 years. So I want to find a viable suggestion or be able to manage expectations and adapt to what is realistic.

          • rufus@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            1 year ago

            Well, I get your frustration. But I also disagree.

            There are several different things at play. first of all I think Matrix has made some non-optimal design decisions with their protocol. For example I think e2e-encryption should have been mandatory for clients to support from day one. With like 2 mandatory verification processes that are well-documented and taught to the users.

            The second thing is, some clients are bloated and also expose weird stuff to the user. For example the device-keys (session-/room- whatever). That should be build on-top the encryption and handled without the user knowing anything about it.

            That would leave us with 3 concepts to understand:

            1. How to do the emoji-verification to verify new devices and other people
            2. You need to do 1 backup to make sure you don’t ever lose access to your account, just write down a sequence of words or characters on paper or do a screenshot
            3. a screen that shows you which devices are logged into your account with a button to delete them. No further handling of cryptographic keys

            And I think with a few limitations that are due to the history of Matrix’s development, they strive to become that and aren’t far away from it. I don’t think it’s too complicated. I’ve taught 15 year old kids how to do the emoji-verification and why that’s important.

            And it is important… If you take end to end encryption seriously, there is no way around verifying the other end once. You can see which messengers take it seriously and which don’t. For example WhatsApp doesn’t ask you this. And it can’t ever detect if this is really the person they claim to be. The only thing it can do is assume it and make sure the person at the other end doesn’t change. And the backup is non-negotiable, too. You either do that yourself, or let your provider do it. But then they have access to your messages.

            And this isn’t Matrix’s or XMPP’s fault. security and convenience are somewhat on opposing ends and you can’t have both at the same time. It’s somewhat like this, and it’s a limitation of how the world is:

            You’re free to choose where you want to be on that triangle. You can have something with many features and very secure. But that won’t be easy to use. Or you want something easy, but it won’t ever be secure. Matrix tries to be everywhere, but that can’t work. You can just disable encryption on Matrix, this will do away with all of that complicated stuff immediately, at the cost of some security. But you could also use WhatsApp or iMessage to talk to your friends. My grandma could use it, but it has other downsides.

            I’ve been with the FLOSS people and advocating for freedom and empowerment of the user for quite some time. It’s always a struggle. You always have to actively fight for your freedom. And if you want to stay in control of your data, you have to take matters into your own hands, to some degree. And that is some work. You have to learn concepts and gain a certain amount of literacy. The other option is to give up parts of your autonomy.

            With that said, I still think Matrix could do a better job and make it easier. I think it’s usable. But I’d be happy, too, if I could recommend it to more of my friends without there being any catch. In fact, I recommended it to other people and like 3 friends use it, my dad, my spouse and like 15 other people I know from real-life. They’re not all tech-savy and it works. There have been some issues, but that was some time ago and issues have become less and less over time.

            • lascapi@jlai.lu
              link
              fedilink
              arrow-up
              3
              ·
              1 year ago

              You resumed very well the triangle.

              My dream is to build an app/service which is easy to use as Signal but compatble with matrix and xmmp.

            • linuxPIPEpower@discuss.tchncs.deOP
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              I did the emoji thing and even though I went through it correctly it did not proceed reliably. A problem with the client? Network issue? Who knows. Sometimes it works after a few attempts and other times not.

              Encryption keys didn’t work because my password manager ended up with several keys all associated with the same account but I didn’t know what each one was for. (And did the keys each also have another password too? I might be thinking of something else.) They were for the account or the device or the conversation or the client or the session? And my friends were having similar issues; even when I get it set up someone else is having a problem.

              I guess with all these things, it gets easier once you get going and stable. You can’t do the emoji thing without having a logged in client available. If everyone is bouncing around clients it’s a mess. There is nothing stable for any of us to join onto. I have used the occasional established matrix community and I don’t have these issues in that case. A lot of the complications come from the fact that we are trying to move together.

              I’ve been with the FLOSS people and advocating for freedom and empowerment of the user for quite some time. It’s always a struggle. You always have to actively fight for your freedom. And if you want to stay in control of your data, you have to take matters into your own hands, to some degree. And that is some work. You have to learn concepts and gain a certain amount of literacy. The other option is to give up parts of your autonomy.

              I mean the other other option would be to take care of each other and struggle collectively. I do not really think we get freedom one by one. I believe that to be in alignment with FLOSS.

              Philosophically it’s kind of regressive to say that lost autonomy is deserved by people who fail to learn to the standards you think are reasonable in the areas you think they should know about. There is way too many things in the world we can’t all know about all of them.

              • rufus@discuss.tchncs.de
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                1 year ago

                I did the emoji thing and even though I went through it correctly it did not proceed reliably.

                Oh. That’s not how it’s supposed to be. I self-host my own (Synapse) matrix server. So I wouldn’t know if there are issues with the network or something like that with the established, big servers.

                several keys all associated with the same account […] (And did the keys each also have another password too?)

                Yeah, That’s too many details. It should be: you sign up for a new account, keys are generated and you are requested to back up your master key. Maybe that backup can be protected with an additional password, I don’t really know. From that point cross signing and all cryptography should kick in automatically. Everything should be handled without the user needing to worry about additional keys. And in my oppinion the additional inner workings should be hidden from the user. At that point you’re set and once you log in with a different device or add a friend, a popup should open telling you to verify the other user/device with the emojis.

                If everyone is bouncing around clients it’s a mess.

                That is the most annoying thing with Matrix. I’ve also had this happen. Some time ago I had clients not support emoji verification. Or I try to write a bot in python and it runs on a server with no means of displaying emojis. I think Matrix isn’t strict enough to handle the diversity of clients. In theory diversity is a good thing, but for Matrix… I’ve also had some issues with that exact thing.

                […] struggle collectively. I do not really think we get freedom one by one.

                That is especially true for messengers and social media. There is the network effect. A platform has little to no benefit if it doesn’t connect people and it’s just you ;-)

                Philosophically it’s kind of regressive to say that lost autonomy is deserved by people who fail to learn to the standards you think are reasonable in the areas you think they should know about. There is way too many things in the world we can’t all know about all of them.

                I agree. I have compared this to the Age of Enlightenment before. There is some basis we need to agree on. Everyone has to agree they want freedom and be ready to put in some work and face the struggles. But not everyone needs to become a computer expert and have this as their primary hobby. Just being a follower should be alright, the only thing is you can’t be annoyed by change and experiencing a dry spell every now and then. I think this is consensus and also how it works with parts of the FLOSS ecosystem. There are clubs and individuals who operate the servers and handle all the difficult and tedious parts of hosting. Not everybody can, or wants to do this. As a user it is your obligation to know how to operate your computer and smartphone. But it shouldn’t be overly complex. That takes away from the spirit and makes it inaccessible for some people. And we want the opposite of that, spread the freedom amongst everyone who is willing to participate.


                I really don’t know what to recommend to you. Don’t resign and let the technical difficulties keep you from getting what you want. It’s the right choice. Maybe you find something better than Matrix for your use-case. I’m kind of in another situation, so my experience doesn’t necessarily apply to your situation. Maybe have one person do the work, try out a few servers and Apps/clients and pave the way for the rest of the group. It definitely doesn’t work if it’s an uncoordinated effort and there are sub-optimal choices and traps out there. And it will scare some people off (rightfully) if they have to start over for the third time.

                With our group, we have tested matrix for some months with two people, then a third and then a friend of mine invited all the other people. Most of them use matrix.org as their Homeserver. And we keep the room unencrypted for maximum compatibility. We don’t give admin rights to everyone, that would lead to confusion. One person manages the room and they put in the effort to learn how to manage the room and help people get the app installed on their phones and join the room.