In my experience, Matrix has a lot of misleading functionalities that drive people into enough of a false sense of security to out themselves.
I’m curious as to what these are, as I’m setting up a matrix server right now.
Have you looked into https://element.io/en/server-suite/community ?
I run my own server for friends and family. And there are more abd more optional addons that may have made that server suite a more sane place to start when selfhosting. I have not evaluated it tho, but thought you should know about it.
Stoat seems to be the one my friend group is most interested in, currently I’m waiting to see which one is better in the next couple of months or so.
Stoat has to fix their self-hosted version before I’ll touch it again.
Currently hosting a couple of zulip instances for communities that had been on discord. I really like the way it handles topics/threading and they make hosting a breeze. I reported in an upgrade recently and it was < 30 minutes between me reporting it and getting code to solve my issue pushed to the repos. Wild.
10/10 recommend if voice/video are not a focus.
Zulip is confusing as hell to use.
Fluxer is the most promising one so far. It doesn’t have easy self-hosting yet, but it’s in development. What exists so far is pretty good though.
It’s roadmap is amazing, I’m hoping it will go far
Weird how they are good at digging up the past relationship between the matrix team prior donators with the mosad. but failed to mention not even once that matrix’s biggest advantage is its federated nature.
So imagine you have a selfhosted matrix server and you want to invite a friend over for a chat but this friend already has an account at his other friend’s server. in Matrix he doesn’t have to make an account on every server their interlocutor is in, he just sends his messages, like its done over email, or here on lemmy (fediverse). this is an advantage other software like fluxer of stoat don’t have. and I doubt they will able to add it anytime soon, as the work needed is probably huge and would need years of work to make a proper secure e2e federate messaging solution.
Guy literally told people the criteria he was using, one of which was searching for things like that because that’s the reason for the video in the first place, the Discord exodus due to deep state ties. He admits his knowledge is limited. Weird how hard it is for some people to see things from someone else’s point of view.
Uh what the fuck how about any connection to mossad should be a death sentence for a software project
So should some of Lemmy’s, and yet here we are.
Tbf, there were no alternatives at the time when most people moved here. Now there is one with Piefed, I really should move my server.
There is no known state or corporate connection to Lemmy or Piefed, unlike Matrix.
Yep, and yet almost anyone who has spent any time on Lemmy knows what I’m referring to (whether they recognize it and do so as a problem is another matter)
I know what you’re referring to, and I agree it’s likely off-putting to many, but not agreeing with the developer’s politics is on an entirely different level compared to suspecting a platform may be developed and compromised by state actors.
I understand the concern, and I find it fishy that the matrix team didn’t try to address that (maybe they did but I just didn’t come across that)
but on the other hand many governments and ministries like the French MOD have deployed matrix locally for their private use. not sure they want to use a software that the mossad can directly tap into
French MOD have deployed matrix locally for their private usage. not sure they want to use a software that the mossad can directly tap into
I wouldn’t put any stock into that as a metric of if it’s safe or not, since France was happy to buy a contract for Pegasus, another Israeli surveillance software adopted widely by EU governments such as France, Germany, and Spain.
EU governments were also happy to adopt Microsoft products despite the security implications, and even way back in the 80’s used Promis, which had a known US/Israeli backdoor in it (there’s a really great documentary about Promis on netflix, surprisingly, though I’d recommend sailing to watch it, yarr).
EDIT: changed to more accurately represent how Matrix operates.
The issue is that due to the way Matrix is structured, it essentially spreads copies of unencrypted metadata to every instance participating in those rooms, So it’s federated, but difficult to actually keep metadata from being spread around
even if you don’t federate with the main Matrix server, if any server you do federate with dies, it’ll get spread there. You’d have to be extremely cautious who you federate with to avoid that, or not federate at all, which defeats the purpose.As an alternative, Movim, which uses XMPP and is also federated, does not spread meta data around like that.
XMPP is a shitshow of its own, very fragmented architecture. different incomplete implementations. each server can chose which features (extensions) to turn on and which not) so you can’t be sure that the person you are trying to talk to on the other server can have access to the same features, like threads or voip.
I have previously read that omemo 2 implementation is insecure. my previous experience with it 4 years ago made me give up after encrypted messages were getting lost when messaging between different clients
there is no one flagship app for XMPP that works cross platefrom and has all features implemented. heck I can’t even find a windows that support voip. and their will be none. cause xmpp has lost all traction.
As for Movim, I hate using web apps. bad user experience in general. add to that I don’t remember it ever having been audited
I have previously read that omemo 2 implementation is insecure.
It’s not insecure. The origin of that myth is this blog, however the creator deleted a response left by one of the OMEMO developers, which explained that the newer versions of OMEMO were essentially open betas, and that when a final stable release is made, only then should the client developers implement a newer version.
The Blog author’s response to deleting that comment was:
“I’ll make an edit later about the protocol version thing, but I’m not interested in having questions answered. My entire horse in this race is for evangelists to f** off and leave me alone. That’s it. That’s all I want.”
Which I think shows it was done in bad faith.
You can read a longer response I left in regards to that here, if you’re interested.
there is no one flagship app for XMPP that works cross platefrom and has all features implemented.
The Movim client is installable on all platforms as a PWA, which prevents confusion. But if you use other clients, it is true that they have differing feature support.
heck I can’t even find a windows that support voip. and their will be none.
Movim is that client. It supports Group voice/video calls and screensharing w/ audio share (a recent addition, which currently requires a chromium based browser to share the audio). Sure, it’s not a native app, but neither is Discord (it’s just another Electron app).
We need a federated solution now, otherwise we’ll all just hop to another centralized platform with all the pitfalls that brings.
As for Movim, I hate using web apps. bad user experience in general.
As the video mentions, it’s worth some inconvenience for the privacy, and currently there is no other federated Discord alternative besides XMPP and Matrix (and matrix has way too many issues to even consider, IMHO).
The community adopting Movim or supporting it with donations and bug reports will help it develop and become more polished, and there are efforts to standardize a common XMPP package platform to make deployment simpler and easier. The entire landscape for Discord alternatives all have their downsides, XMPP is the only current option that could become a long-term, permanent solution.
I’ve had matrix and element set up on my personal domain for a while, but I’ve only used them for evaluation so far. The system and network resources used are HUGE…
I’ve been setting up movim and a seperate xmpp server for a little while, and I have some initial opinions:
- xmpp (prosody) appears to be much better optimised than matrix (synapse)
- matrix and element are much easier to set up
- movim is a huge PITA to deploy yourself (especially in a container… you’re basically on your own at the moment)
- xmpp requires tcp ports and ssl certs that should be easy to set up… unless you’re on a cgnat network. Matrix can be set up through a cloudflare tunnel with https no problem, but xmpp requires some networking elbow grease.
- the mandatory certificates probably make the xmpp network safer?
- Even with the mautrix discord bridge copying the exact layout of discord channels into element, movim seems more familiar to me. I haven’t really had enough time to evaluate movim, but it seems like it’s trying to appeal to discord users, and element is clearly not. Element feels like a well funded enterprise tool that is doing its own thing.
- commet (with 2 m’s) chat is a very faithful discord clone for matrix, but it’s very barebones.
Either way, I am gonna deploy both and let my friends/discord channel users decide what works best.
I’m rooting for xmpp at the moment, but I will be happy with anything that is self hosted, encrypted and federated.
Hopefully I don’t end up having to maintain both protocols with a bridge!
I know that part of the issue is the actual protocol, but you might try alternative matrix servers such as tuwunel for potentially better performance.
Thanks for the link, I’m happy to give it a try.
I just recently migrated all of my stuff to dockerized services, so swapping out pieces should be pretty easy
movim is a huge PITA to deploy yourself (especially in a container… you’re basically on your own at the moment)
Yeah, hopefully the dev or the community work on making it easier to deploy in a container at some point.
but it seems like it’s trying to appeal to discord users,
It is! But that focus is somewhat recent. The dev recently started a funding campaign to accelerate development, and just landed channels with rooms last week, so it’s still rough around the edges, but the pace that they’re implementing this stuff is impressive. They’re later going to work on having drop-in voice rooms as well.
Despite the challenge getting it set up, I have high hopes for movim! I like the direction they’re going now.
I did end up successfully deploying it in a compose stack (despite this issue), and I’ll probably submit a fix if they don’t get to it before I do.
If anyone is interested, I can share the details about how I got it going.
Be weary of Stoat. I hear they used AI “generated” code in their software and only quit it because they got caught.
Do you happen to have a source as this is honestly the first time I’m hearing about this
I’d have to go back and find the comment where someone told ME but at that rate I should just search for it myself. I’ll bookmark this comment so I don’t forget to.
Didn’t Discord like instantly back down from those proposed changes?
They only delayed them. They’re still hoping to force ID verification for accessing specific content later this year.
Not really. They’re still harvesting/monitoring everyone’s chats and are moving forward with age verification, to include behavior-based age verification. They’re just hiring a different scummy vendor to handle the age checks.
Nope it’s delayed them.
They are boiling the frog, just like whatsapp did in 2021 remember the uproar about whatsapp data sharing with business accounts and stuff, whatsapp played the long game delayed the change, let the anger die and everyone just stayed.
Reddit took the tough approach in 2023. they didn’t budge. people stopped boycotting and went back to reddit shortly after.
Boycotts don’t work
Boycotts work 100% of the time of people actually follow through on them. We’ve seen this time and time again. Most recently with Jimmy Kimmel.
SimpleXchat¹, Jami, JitsiMeet, Cwtch, and Jabber didn’t make this comparison 😞
¹ Yes, I am aware of the controversies.
Jitsi is a group (video) call tool. It’s not even close to resembling a Discord alternative. And I’m saying this as someone selhosting Jitsi and evangelizing it whenever I can.
That’s why it needs to be compared.🍻
It needs an entire table of features, pros, cons, requests, additions, etc…
A true comparison.🍻
<.< Then should we include regular old phone calls?…
That can actually be our control group!
Since PTSN doesn’t really have p2m. “Conference calling is really a relay hack. And it’s biggest Con is no security at all.
