So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option
Matrix.org is centralized like Signal (you can say Matrix is not centralized on paper, but in practice this isn’t remotely true). Both are stockpiling metadata in the West… what’s worse is Matrix’s eventual consistency model means syncing metadata to all servers is a by-design requirement (& also why all servers & clients are slow). There are options like Snikket to take all the hard parts of self-hosting out of the equation, but finding someone you can trust to host a server might be worthwhile. I would be wary of anything centralized.
Signal is fine to use. These days I mostly recommend Delta Chat though. Delta Chat is free, encrypted, open source, audited, decentralised & federated in the same way as email is as it literally is email, it just looks like a chat, and it will work almost out of the box for anyone who has an email address (which is most people). This includes gmail/icloud/outlook etc. There are also chatmail servers you can sign up on if you’d prefer that.
It is no more complicated to configure than it is to configure any other email client. It has group chats, you can even share applications in the chat such as playing games or collaborate etc, all within the security of knowing your email provider can not read your conversations, whilst you still get the benefit of using the existing infrastructure of email.
Check it out: delta.chat/en/
PS. I’m not affiliated with them in any way. In fact, I have no idea if/how they make money. The service “just works” though.
PPS. They are also present in the Fediverse at @delta
Why would Matrix be the only option? XMPP is significantly better. You can either sign up on a public server or pay a small sum to have your own private server for you and your family for example on https://snikket.org/ or I think https://jmp.chat/ also includes optionally a small server in the subscription.
I’ve always been curious with the differences between XMPP and matrix but i can’t ever find anything explaining it. Why is it in your opinion better?
I know I am just a normie who doesn’t really know internal workings of them… But in my experience, XMPP is just easier to host, the servers are lighter, they don’t store everything they touch forever like Matrix does, and OMEMO doesn’t break like Matrix’s encryption. Synapse would be probably impossible to run on my VPS, while Conduit and Dendrite are not as full-featured.
OMEMO is a mixed bag. Some clients are still preferring older versions that aren’t the best for security & almost every client does a bad job explaining that new keys are being used need to be verified… Gajim only recently gave a decent in-client pop-up for it, but it’s doesn’t work all the time. That said, this is basically the same issue Matrix has in the space. Both are based on libsignal if not outright using it, except Signal gets a point of privilege in basically having just one client …one that must be on Android/iOS according to their statements… so they can do a ‘better’ job managing who, what, & how many keys are being used. Many XMPP clients will recommend blind trust by default just because it can be a real hassle to deal with multiple clients & users coming back to less-often-used devices. There have been proposals to fix it, but I haven’t seen anything really take off (meanwhile considering just using the PGP encryption option as less flaky).
Why is it in your opinion better?
It’s an open protocol, unlike 99% of chat protocols. It’s self-hostable and federated.
It’s IRC’s successor and been around a long time, first popularized by Jabber. Snikket made it even easier to use.
It was also EEEed by Meta and Google to lure users at a given point, with leads some to say “it’s dead” — far from it.
Edit: you may need to ensure OMEO versions are the same across all clients.
Right, but how does that make it better than matrix? it is also an open protocol, and most spaces that i use are on matrix anyway.
attempted to be EEEed is a good sign i guess, since it implies it’s a threat to meta and google though.
Basically Matrix is to Xmpp, what Bluesky is to ActivityPub. Which all the various issues both technically and related to VC and crypto-currency funding.
In addition Matrix uses a federation model that is extremely inefficient, making it hard to run your own server once you have a few users that join larger rooms. And as a side effect of this inefficient federation model that replicates the database onto all participating servers, it tends to centralize all the metadata on the servers (run on AWS under UK jurisdiction) hosted by the for-profit company that is behind Matrix.
And last but not least they rugpulled everyone very recently and made the only fully functional server implementation open-core to upsell larger servers to their proprietary hosted offering.
Interesting, and I didn’t know matrix itself into that much short (though they always had a lifeless corpo feeling…)
I’ve always wanted to create an account but never was able to figure out how (for my chosen servers at least) but know i want to try again. thanks for the info :)
Signal is perfectly fine to use.
I think there is campaign to get people to use signal, while servers are proprietary and other things are questionable.
It is a great operation for convincing the majority.
Servers are always going to be owned by someone. But the data is encrypted with keys not available to the server. Signal isn’t perfect, and I don’t like some stuff they do, but it’s the best design out there that is also relatively user friendly and doesn’t have holes that are easy to exploit by the server owner.
It is not. We are on a privacy sub on lemmy, services that require mandatory phone number are far away from been fine to use.
Can you please provide any data where Signal has been compromised? I’m not saying that the possibility doesn’t exist, but I’ve certainly never seen one single instance where Signal was compromised, so please do share.
Most packages/installs of Signal contain proprietary code. I suggest Molly-FOSS instead.
Molly also has some quality-of-life improvements - such as allowing to enter a device pairing link manually instead of scanning a QR code (thus allowing use in a VM for registration without a smartphone), or being able to use a generic Socks proxy instead of Signal’s own solution. Not only does that allow running Signal over Tor without using Orbot as a “VPN”, but is also more versatile (I wouldn’t want to set up a separate proxy just for Signal, and also their implementation is apparently inferior to some advanced obfuscation solutions).
P.S. Also idk if this has been fixed, but Signal’s app bugged out during registration and got stuck on “no google services” warning on my Graphene device, yet Molly went through flawlessly.
In signal, You can turn off phone number visibility and make it so that you are only searchable by username or qr code. Yes, it’s centralized, but signal is a nonprofit project with generally good guiding ideals. I use matrix for some things and signal for everything else.
Yeah, but it is still just one account per number, so it would make managing alts annoying. Not only is the main client (as well as the major unofficial ones, haven’t found one that doesn’t do that) not support multiacc directly, forcing use of profiles or VMs, but you’re also at risk of whoever rents the associated phone number after you deleting the account (that or you could pay a recurring fee just to retain the number, which is just wasteful).
