• 100 Posts
  • 813 Comments
Joined 1 year ago
cake
Cake day: February 10th, 2024

help-circle

  • Thankfully, it’s not that simple.

    A centralised service is an easy target for a government. (This is where Signal stands.) A decentralised one is significantly harder, because the government would have to be constantly discovering and processing every node in the network as new ones appear. (This is where Matrix stands, although it doesn’t have many public servers yet.) Fully peer-to-peer decentralisation makes it harder still, because there are as many nodes as there are users, with network addresses that often change. (Some of these exist today, but are mostly experimental with few users. Matrix has done some proof-of-concept work in this area as well.)

    On top of decentralisation, tunnels like VPN and Tor can be helpful in avoiding ISP-imposed blocks.




  • mox@lemmy.sdf.orgtoTechnology@lemmy.worldTime to get serious with E2E encrypted messaging
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    4
    ·
    edit-2
    5 minutes ago

    Signal is easier to use, more private, and faster.

    Unfortunately, it is also effectively tied to Google services due Signal’s app distribution and push notification channels on Android (which most people on Signal use), and as a centralised service, it is vulnerable to shutdown or network-level metadata monitoring by anyone with sufficient access/influence at Signal or their data center provider (such as a government who doesn’t like encrypted messaging).

    (Edit: rephrased for clarity)


  • Matrix is good for private general messaging. The fact that it’s decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.

    Two things to be aware of:

    • Some non-message bits (e.g. room topic text and membership) have not yet been moved to the encrypted channel, so those could be read by the administrator of a homeserver that participates in your chat room. Since most people care primarily about keeping the message content private, this is an acceptable trade-off to get all the things that Matrix offers.
    • The upcoming Matrix 2.0 features and design choices simplify the UI and fix some occasional errors. It might be worth waiting until this stuff officially lands in the client apps before bringing your contacts to Matrix, for a better experience all around.



  • And? The GNU General Public License and every project that uses it (including Linux) have also been likened to cancer, as have many other things that impose and spread their conventions/restrictions/requirements when added to larger systems.

    The phrase “going viral” works similarly. These metaphors may not be pretty, but they are not uncommon or inaccurate, either. Stirring up drama around their use doesn’t help the project or the community.












  • SimpleX has some interesting ideas, but also some shortcomings for people who want a practical messaging service. For example:

    • It is funded by venture capital, which calls into question its longevity, and even if it does manage to stick around, suggests that it will be leveraged to exploit people once the user base is large enough.
    • Its queue servers delete messages if they are not delivered within a certain time frame (21 days by default). Good luck if you take a vacation off-grid for a few weeks.
    • No multi-device support. (This means a single account accessed concurrently from multiple independent devices.) The closest it comes is locally tethering a mobile device to a computer.
    • Establishing new contacts requires sharing a large link or QR code, which is not always convenient.
    • No support for group calls.

    I would not recommend it for talking to family members and people in general, which is what OP requested.



  • a compromised or hostile home server can still take over the room

    A compromised server could affect a denial of service attack against its users, of course. The attacker could do the same thing by simply turning off the server. That’s true on all platforms that use servers. A reasonable response would be to switch to a different server.

    That admin (or even a newly minted user) can then send events

    Exactly what events do you think would be dangerous?

    or listen on the conversations.

    No. End-to-end encryption ensures that only the intended endpoints can read the messages. Older Matrix clients have a setting to block the user from sending messages to unverified devices/sessions, in case they somehow don’t understand the meaning of a bright red warning icon. I think newer ones (e.g. Element X) enforce that mode; if you’re concerned about this, you could check for yourself, but…

    not everyone will pay attention to unverified warnings

    …unfortunately, there are no guarantees when trying to fix human behavior. If you need a messaging app to make it hard for your contacts to do something obviously foolish, then I suggest waiting until Matrix 2.0 is officially released and implemented in the clients. The beta versions of Element X, for example, look like everything is locked down to avoid human mistakes like the one you’re describing.