What I’m looking for ultimately is a universal chat type app like Beeper that can handle Signal and SMS, however, reading this about it gives me pause. It would be nice if I could get all my peeps on matrix, but since it was so hard to get them on to Signal, I think the best I can hope for is something than can handle matrix, signal, and sms. Which brings me back to the title, how exactly do Matrix bridges work and are they secure?
EDIT: SMS is insecure by its very nature, yes?
Oh boy. I think I’m really out of my depth here. I just downloaded Element and was fiddling with it a bit and found it to be kind of confusing. Maybe I oughta just stick with Signal despite centralization and signalcoin. Would be nice to be able to get SMS on the desktop tho, so I don’t have to go hunting for my phone everytime I have to do 2FA (which, admittedly, is not that often). In any event, thanks to @wxboss@lemmy.sdf.org & @GlowingLantern@feddit.de.
What did you find confusing about Element? The most confusing part for most people is the federation but since you’re on Lemmy, I assume that’s not the case for you.
I’m gettin’ old, and it’s an “old dog new tricks” type thing. However, I’ve still got it installed and probably just need to fiddle around with it some more. Getting Mrs. Hedge and my peeps to switch is going to be tough tho, hence me asking about the Signal bridge . . . Are “rooms” the same as “groups”?
so I don’t have to go hunting for my phone everytime I have to do 2FA
Automatically forwarding the SMS to the desktop, could turn that 2FA into 1FA.
E2EE only exists up to the bridge, not the whole way to your client
I just want to clarify that most bridges can be set up to have E2EE between the Matrix client and the bridge (regardless of whether the bridge supports encrypted chats on the bridged service because not all do, e.g. Facebook), but it is true that the bridge itself has to decrypt and translate between Matrix and the 3rd party chat service, so as you mentioned trusting who hosts bridges or doing it yourself is really important.
most bridges are open source and you can host them yourself, the risk that unauthorised parties can gain access to the data is fairly low
…as long as you keep them up to date and follow some basic security practices. There is nothing stopping you from self-hosting an outdated vulnerable version exposed to the public.
Third parties are a risk of unauthorized access, but may be more likely to follow security practices in order to avoid getting fined (according to the legislation of wherever they’re hosted).
This is a great point that you bring up. I subscribe to an IRC channel that has bridges to both Telegram and Matrix. My feelings at this point, is that the weakest link is going to be of the most concern. But how all this technology interoperate with each other and how they actually handle privacy/security together is a question I cannot answer.
EU’s Digital Markets Act might interest you :p
