Is using an Matrix account from matrix.org private and secure enough to talk with my family members and people in general?
-
[email protected]replied to [email protected] last edited by
Great for now, better than doomers here, but teaches nothing to protect them from new scams, new anti-libre software.
-
[email protected]replied to [email protected] last edited by
I've always been curious with the differences between XMPP and matrix but i can't ever find anything explaining it. Why is it in your opinion better?
-
[email protected]replied to [email protected] last edited by
End-to-end encryption ensures that only the intended endpoints can read the messages
But who/what gets to decide who the intended recipients are? Can't the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?
-
[email protected]replied to [email protected] last edited by
But who/what gets to decide who the intended recipients are?
The sender.
Can’t the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?
No. Verification prevents that.
-
[email protected]replied to [email protected] last edited by
I don't understand. How would the sender prevent messages from going to the admin user that joined the room? It sounds like you're implying new users simply can't join a room? That makes no sense to me... I've certainly never experienced that. I see new users join encrypted rooms all the time and they can talk just fine... so what's the deal? And isn't verification off by default?
-
[email protected]replied to [email protected] last edited by
SimpleX has some interesting ideas, but also some shortcomings for people who want a practical messaging service. For example:
- It is funded by venture capital, which calls into question its longevity, and if it does manage to stick around, suggests that it will be leveraged to exploit people once the user base is large enough.
- Its queue servers delete messages if they are not delivered within a certain time frame (21 days by default). Good luck if you take a vacation off-grid for a few weeks.
- No multi-device support. (This means a single account accessed concurrently from multiple independent devices.) The closest it comes is locally tethering a mobile device to a computer.
- Establishing new contacts requires sharing a large link or QR code, which is not always convenient.
- No support for group calls.
I would not recommend it for talking to family members and people in general, which is what OP requested.
-
[email protected]replied to [email protected] last edited by
How would the sender prevent messages from going to the admin user that joined the room?
It wouldn't matter if a rogue admin eavesdropped on an E2EE room, because they would see encrypted blobs where the message content would be.
https://en.wikipedia.org/wiki/End-to-end_encryption
How would the sender prevent messages from going to the admin user that joined the room?
You're conflating multiple things. Joining a room does not grant access to encryption keys.
I respect your curiosity, but I think you're going to have to familiarize yourself with the software and concepts to get a detailed understanding of how all this stuff works. If you're technically inclined, I suggest reading the protocol spec, or at least the parts that interest you.
-
[email protected]replied to [email protected] last edited by
I have read the spec, used the service and also implemented my own clients before, that is why I'm so confused by what you're saying, because this has not been my experience at all. If a user joins a channel, whether they are an admin or not, whether it is encrypted or not, then unless the channel is explicitly setup to only allow verified users to talk (not the default), my understanding is there is nothing preventing that new user from seeing all new messages in the chat.
-
[email protected]replied to [email protected] last edited by
I think there is campaign to get people to use signal, while servers are proprietary and other things are questionable.
It is a great operation for convincing the majority.
-
[email protected]replied to [email protected] last edited by
Who told you to not use Signal, and what reasons did they give? I'm very curious.
-
[email protected]replied to [email protected] last edited by
Molly also has some quality-of-life improvements - such as allowing to enter a device pairing link manually instead of scanning a QR code (thus allowing use in a VM for registration without a smartphone), or being able to use a generic Socks proxy instead of Signal's own solution. Not only does that allow running Signal over Tor without using Orbot as a "VPN", but is also more versatile (I wouldn't want to set up a separate proxy just for Signal, and also their implementation is apparently inferior to some advanced obfuscation solutions).
-
[email protected]replied to [email protected] last edited by
I know I am just a normie who doesn't really know internal workings of them... But in my experience, XMPP is just easier to host, the servers are lighter, they don't store everything they touch forever like Matrix does, and OMEMO doesn't break like Matrix's encryption. Synapse would be probably impossible to run on my VPS, while Conduit and Dendrite are not as full-featured.
-
[email protected]replied to [email protected] last edited by
I am really concerned about the dominance of the central instance on Matrix. It has visibility into pretty much every groupchat - if not in content because of encryption, then in all the metadata. I'd rather use another public homeserver.
-
[email protected]replied to [email protected] last edited by
You can also set up MollySockets for notifications via unified push!
-
[email protected]replied to [email protected] last edited by
It uses phone numbers and is centralized. I personally dont use it cus of those reasons. Also wouldnt switch cus my folk already use matrix so im nt making a bunch of people get another app lol
-
[email protected]replied to [email protected] last edited by
you don't need to use matrix.org. there are several open homeservers, like chat.mozilla.org, but also there are people who host services for others to use. you may have a look at current lemmy hosts, and their other services if they have them.
-
[email protected]replied to [email protected] last edited by
Signal is most likely a fed honeypot.
They are super shady, blocked some important security researchers that found a vulnerability from them on all platforms, and they offer no explanation on why using a phone number is MANDATORY for signup.
No reason to trust signal IMO.
-
[email protected]replied to [email protected] last edited by
Matrix is great, you can use another instance though.
-
[email protected]replied to [email protected] last edited by
In signal, You can turn off phone number visibility and make it so that you are only searchable by username or qr code. Yes, it's centralized, but signal is a nonprofit project with generally good guiding ideals. I use matrix for some things and signal for everything else.
-
[email protected]replied to [email protected] last edited by
FUD is FUD
