drkt@scribe.disroot.org
on 19 Jul 12:50
nextcollapse
The protocol is bloated to hell so third-party clients stand no chance, and the foundation spends more time bikeshedding or pissing away money than they do developing. It’s a doomed project.
My friends created a telegram group and invited in a couple of bots that do stupid things like posting images or vulgarities when they detect certain words, or perform actions on request.
I tried to convince them to get rid of the bots but they’re in the “we have nothing to hide” camp.
There is some nuance here. It would be nice to not have your identity publicly linked to your IP address, which is not always the default on IRC.
That’s the main privacy concern I know about I guess.
ProdigalFrog@slrpnk.net
on 19 Jul 13:09
nextcollapse
Slrpnk hosts an XMPP/Jabber for our users, mods and admins to communicate. Its worked pretty darn well for the past couple years, with very low resource needs.
The clients are pretty slick now too, such as Cheogram or Monocles for mobile, and movim is an excellent web app with support for group calls.
Significant improvements to certificate pinning and validation have been added to all major XMPP clients as a result of this incident, but it should also be clear that hosting a server on infrastructure under control by an antagonist government (see also Signal) is a very bad idea and hard to mitigate against.
End to end encryption between clients (also for groups) seems to partly address the issue of a bad server. As for self-hosting, any rented or cloud sevices are very vulnerable to an evil maid. So either in-house hosting or locked cages with tamper-proof hardware remain an option.
rottingleaf@lemmy.world
on 19 Jul 15:31
nextcollapse
Signal doesn’t suffer anything worse than DoS if a hostile party controls the central service. That’s its point and role. It’s based on the assumption that such hostile parties as governments don’t like DoS’ing central services, they prefer to be invisible.
For other points and roles other solutions exist. One can’t make an application covering them all, that never happens.
Briar again (I’ve finally read on it and installed it, and I love how it works and also the authors’ plans on the future possibilities based on the same protocols, but not for IM, say, there’s an article discussing possibility of RPC over those, which, for example, can give us something like the Web ; I mean, those plans are ambitious and if I want them to succeed so much, I should look for ways to defeat my executive dysfunction and distractions and learn Java). Except it would be cool if it allowed to toss data over untrusted parties, say, now if two Briar users in the same group are not in each other’s range, but there’s a third Briar user not in that group between them, their group won’t synchronize (provided they don’t have Internet connectivity). If one could allow allocating some space for such piggybacked data, or create some mesh routing functionality, then it would become a bit cooler.
Whenever anybody on the internet tells you to educate yourself, but refuses to provide the information they allude to, they’re lying. They know they’re lying.
Signal has issues, like SVR… which are worth discussing on their own without this weird vague eliteism
Especially the “this has been discussed before” thing, I dunno about other countries and cultures, but in Russia this is the most common obnoxious shit people without arguments and thinking they have authority use.
The infrastructure is under control of an antagonistic government, yes. Hetzner is also technically a private company, but they obviously willingly complied with requests from the German government.
They have live access to all of the metadata and can easily correlate that with phone numbers that Signal stores and shares on request of governments. Just because Signal claims they don’t store anything doesn’t mean that the ones that 100% run all the servers Signal uses don’t access and store anything. You are being extremely naive if you believe Signals BS marketing.
Look, if you run the server you have access to metadata of clients connecting to it. That is networking 101. And that Signal shares phone numbers and connection timestamps is well established by court documents.
The security audits are of the code and encryption algorithm, not the infrastructure.
And that Signal shares phone numbers and connection timestamps is well established by court documents
They do not share phone numbers. Phone numbers are the identifier, meaning if anyone wants the timestamps, they need to have it already.
The only timestamps shared are when they signed up and when they last connected. This is well established by court documents that Signal themselves share publicly.
moonpiedumplings@programming.dev
on 21 Jul 20:31
collapse
So Signal does not have reproducible builds, which are very concerning securitywise. I talk about it in this comment: programming.dev/post/33557941/18030327 . The TLDR is that no reproducible builds = impossible to detect if you are getting an unmodified version of the client.
Centralized servers compound these security issues and make it worse. If the client is vulnerable to some form of replacement attack, then they could use a much more subtle, difficult to detect backdoor, like a weaker crypto implementation, which leaks meta/userdata.
With decentralized/federated services, if a client is using other servers other than the “main” one, you either have to compromise both the client and the server, or compromise the client in a very obvious way that causes the client to send extra data to server’s it shouldn’t be sending data too.
A big part of the problem comes with what Github calls “bugdoors”. These are “accidental” bugs that are backdoors. With a centralized service, it becomes much easier to introduce “bugdoors” because all the data routes through one service, which could then silently take advantage of this bug on their own servers.
This is my concern with Signal being centralized. But mostly I’d say don’t worry about it, threat model and all that.
I’m just gonna @ everybody who was in the conversation. I posted this top level for visibility.
EDIT: elsewhere in the thread it is talked about what is probably a nation state wiretapping attempt on an XMPP service: www.devever.net/~hl/xmpp-incident
For a similar threat model, signal is simply not adequate for reasons I mentioned above, and that’s probably what poqVoq was referring to when he mentioned how it was discussed here.
The only timestamps shared are when they signed up and when they last connected. This is well established by court documents that Signal themselves share publicly.
This of course, assumes I trust the courts. But if I am seeking maximum privacy/security, I should not have to do that.
ProdigalFrog@slrpnk.net
on 19 Jul 13:43
nextcollapse
I’m afraid that’s quite outside my field of expertise. I can only report how my experience on XMPP has been as a user, though perhaps @poVoq@slrpnk.net, who hosts it, may be able to weigh in on that. Edit: ah, I see you already have 😄
Though from my untrained eye, it seems that Jabber.ru was compromised due to not enabling a particular feature on their server
“Channel binding” is a feature in XMPP which can detect a MiTM even if the interceptor present a valid certificate. Both the client and the server must support SCRAM PLUS authentication mechanisms for this to work. Unfortunately this was not active on jabber.ru at the time of the attack.
And it seems that hosting it externally on paid hosting service (hetzner and linode) left them particularly vulnerable to this attack, and tgat it could’ve been mitigated by self hosting the XMPP locally, as well as activating that feature.
moonpiedumplings@programming.dev
on 21 Jul 19:15
collapse
You an also use a platform like simplex or the tor routing ones, but they aren’t going to offer the features of XMPP. It’s better to just not worry about it. This kind of attack is so difficult to defend against that it should be out of the threat model of the vast majority of users.
muppeth@scribe.disroot.org
on 20 Jul 07:13
nextcollapse
Not to mention you can run a server on anything pretty much and for surprisingly big amount of users. Toaster or potatoes will do just fine.
Telorand@reddthat.com
on 19 Jul 14:09
nextcollapse
Depends what your goal is. Revolt seems pretty cool, but I don’t think it has any kind of encryption. It is based in Europe, though, so it gets GDPR protection, and it’s open source, so it could be forked to fit other needs and uses.
You can interact with Matrix server through basic curl commands… and I thought the documentation was pretty good. There are plenty of third-party clients.
Sure, E2EE, keys and cross-signing is not trivial, but I don’t know where it is.
I didn’t imply that you can’t strip the protocol down to its bare essentials and still use it, but what’s the point of a protocol if everyone is on their own personalized version of it? Version / Feature fragmentation is a massive problem and basically none of the third party clients are up to snuff. Synapse is a massive bowl of lukewarm dog water, and most alternatives to it die in a year because it’s impossible to keep up. There’s too much shit in the protocol.
What specific version/feature fragmentation and clients are you referring to? As is common now, newer Synapse drops support for older Postgres (for example). Voice and video calls is the only feature that I can think of that is half-assed in Element/ElementX or not implemented in some clients.
Otherwise, Element, Element X, FluffyChat, Fractal, freaking Cinny on Ubuntu Touch (!), and terminal-based gomuks all support basic functionality, DMs, rooms, encryption, and attachments.
For me Matrix is fine, I can use IRC, Whatsapp and Discord with it. But Element is not my cup of tea, especially with Firefox as it doesn't play any videos other users are sharing. The same videos work fine with Cinny.
The fact that many Discord and IRC channels (servers?) block Matrix connections has drastically reduced its usefulness for me. When I was running my own Matrix server, I could have gotten around it by using a puppet, but Synapse is such a hog I had to shut it down, and most of the IRC rooms I want to use don’t allow Matrix proxies.
I’ve been running the same matrix instance since ubuntu 18.04lts, just upgraded the virtual machine along the ride, so that has to be +6 years it’s been running 24/7.
I have not once rebooted my server due to performance reasons (like a mem leak). And like last 4 years I’ve ran the instance virtualized on a hp thin client, lately on a hp t640.
While I understand the criticism towards synapse being a complex and slow, and element being slow-ish, I don’t feel justified saying synapse would need any restarts in general. At least I have never restarted it in 6+ years and my instance has been working without those required restarts.
Yeah, I miss the irc, too. I still use it via my matrix instance.
I’ve never had to reboot the server; I had to restart Synapse because if Memory leaks.
Are you using any bridges?
Anyway, it got too expensive to run my own, so I went back to Matrix.org. Now I’m mostly back on IRC except for a couple of rooms. IRC stinks, but Matrix has been nothing but a decade of pain.
sk1nnym1ke@piefed.social
on 19 Jul 13:22
nextcollapse
I am still mad that are no mobile clients that supports multiple accounts. So I am ending up installing for each account a different client.
Edit: added mobile.
RobotZap10000@feddit.nl
on 19 Jul 13:59
nextcollapse
NeoChat on KDE allows me to choose which account to login to when I start it.
If I want to send and receive messages from another account, I have to press 2 buttons to switch to it. Otherwise, I still get desktop notifications from all of them, I think.
ChaosMonkey@lemmy.dbzer0.com
on 19 Jul 15:30
nextcollapse
Element Desktop has profiles. But sadly there are no profiles on the mobile app.
missphant@lemmy.blahaj.zone
on 19 Jul 16:57
nextcollapse
I wish xmpp was p2p. I can self-host but it could be way simpler if people didn't have to.
pastermil@sh.itjust.works
on 20 Jul 02:55
collapse
How active are communities on these nowadays?
muppeth@scribe.disroot.org
on 20 Jul 07:17
collapse
I think they are OK. When switching to it couple of years ago ifeared there will be no-one but was please tly suprised. For sure you do t have situation where most of the participants in the room are ghost accounts because presence actually works. So might look smaller but you are sure it’s real users.
Who was 400 years old from Krynn? Sylvara? It’s been a long time since I’ve read those books.
cupcakezealot@piefed.blahaj.zone
on 19 Jul 20:47
collapse
it's been a while so i just picked random names for the bit but now i kinda wanna go back and read the dragons o autumn twilight series (mostly to get to time of the twins)
XMPP works, but there are no video calls. Matrix has those, and they are very good. But since it is not possible there to see the online state of my friends (turned off everywhere due to horrible performance), it defeats the purpose. I want to see if they are at their computer, not if they own a mobile phone. 😉
sugar_in_your_tea@sh.itjust.works
on 20 Jul 17:12
nextcollapse
Are video calls really that important? I almost never do that.
I do 1:1 videocalls on XMPP. Quite some clients implement that now. But there were no videoconferences until very recently. That’s changing, though. See Movim right now, for example.
Main 2 issues with XMPP are inconsistent clients (in terms of GUI but also features wise) and the incredibly, astonishingly, ridiculously sloooooooooooooooow evolution of the protocol through the XSF. Nothing can get in there until it’s “perfect”. Clients devs are reluctant to implement things until the extension is stable. And the best part is this approach hardly work: the best way to figure if something works is to deploy it in larger and larger scales and improve it on the way as you identify corner cases you didn’t think about. Not to review the description for months/year until it qualifies as literature…
When I complained about it, Matrix told me that my public complaints were hurting the ecosystem and I should be quiet.
Weird. I think they did some improvement to prevent those abusive messages but it took a while and it was embarrassing. Maybe it's hard to prevent them with a federated network but still, the abusive messages where basically a copy paste.
AbnormalHumanBeing@lemmy.abnormalbeings.space
on 19 Jul 19:52
nextcollapse
I had a wild ride with matrix, originally wanting to run a node on my server. That did not turn out well, because I was a bit stupid and just assumed there would be more admin/mod tools out of the box. As it turned out, I had inadvertently allowed spam/abuse accounts on my node without even noticing, because naive as I was, I assumed my admin-level account would get informed of stuff like user registrations and abuse reports in the standard Element frontend. As a bonus, when I checked what was supposedly the official matrix support channel, it was repeatedly getting spammed with CSAM and gore at the time. That was when I realised, that it definitely was not the ecosystem for me, and running a node without experience had been a pretty stupid idea on my end.
muusemuuse@sh.itjust.works
on 20 Jul 02:20
nextcollapse
I have to wonder if there is a major commercial interest in that though.
AbnormalHumanBeing@lemmy.abnormalbeings.space
on 20 Jul 12:12
collapse
Not impossible, although, sadly - any system where anonymity is the prime focus will also invite fucked up shit in addition to legitimate use, without any complicated motives behind it. There’s just a relevant fraction of humanity who are, sometimes essentially, sometimes temporarily, messed up fucks. Which is why I think providing ways to combat abuse has to be a high priority for the underlying development of any project like it, unless it explicitly doesn’t aim for mainstream adoption.
swelter_spark@reddthat.com
on 20 Jul 17:14
nextcollapse
The CSAM spam is so annoying. I don’t understand who is doing this or why.
VeganCheesecake@lemmy.blahaj.zone
on 21 Jul 09:00
collapse
Yeah. I an hosting a homeserver for my ttrpg groups, but it doesn’t have any federation enwbled at all, and sign ups are invite-only.
The amount of work needed to moderate a public instance, especially with the lacking tools available, seems crazy. Also, I don’t love it that New Vector has an implementation for an admin console, that seems to be available exclusively for paying subscribers to the enterprise version of their element server suite.
muusemuuse@sh.itjust.works
on 20 Jul 02:19
collapse
That is what the author said they switch to, but TBH XMPP also has issues with MFA and messages frequently not being decrypted (using OMEMO) and ‘unencrypted metadata’.
I wouldn’t say that it works better than Matrix, it just has some different strengths and weaknesses.
I wonder if Keet with every be open sourced. They still are missing a lot of features that I personally find important like trying notification, read receipt.
The thing is… What alternatives are there? Signal can’t be trusted (on the very same website there is an article about it). I’m not using closed source alternatives, Simplex is kinda shady too tbh and I’m not even sure I could get anyone to use it.
I don’t like Matrix/Element either but sadly its the best open source chat solution we have.
PirateFrog@lemmy.dbzer0.com
on 19 Jul 18:40
nextcollapse
The article author went back to XMPP, which does appear to be the best option currently.
DreamlandLividity@lemmy.world
on 19 Jul 22:33
collapse
XMPP is significantly less decentralized, allowing them to “”“cut corners”“” compared to Matrix protocol implementation, and scale significantly better. (In heavy quotes, as XMPP isn’t really cutting corners, but true decentralization requires more work to achieve seemingly “the same result”)
An XMPP or IRC channel with a few thousand users is no problem, wheras Matrix can have problems with that. On the other hand, any one Matrix homeserver going down does not impact users that aren’t specifically on that homeserver, whereas XMPP is centralized enough that it can take down a whole channel.
Meanwhile IRC is a 90s protocol that doesn’t make any sense in the modern world of mainly mobile devices.
XMPP also doesn’t change much, the last proper addition to the protocol (from what I can tell, on the website) was 2024-08-30 xmpp.org/extensions/xep-0004.html
XMPP doesn’t change very very often, but there’s actually tons of XEPs that are in common use and are considered functionally essential for a modern client, and with much higher numbers than XEP-0004
The good news, though, is that mostly you as the user don’t need to care about those! Most of the modern clients agree on the core set and thus interoperate fine for most normal things. And most XEPs have a fallback in case the receiver doesn’t support the same XEPs.
I’m general XMPP as a protocol is a lightweight core that supports an interesting soup of modules (in the form of XEPs) to make it a real messenger in the modern sense. And I think that’s neat! But you can’t really judge the core to say how often things change.
undrwater@lemmy.world
on 19 Jul 19:32
nextcollapse
xmpp mentioned, I’ll add IRC
undrwater@lemmy.world
on 19 Jul 19:36
nextcollapse
The blogger also stopped using proton mail. So idk. Seems to be their thing atm.
muusemuuse@sh.itjust.works
on 20 Jul 02:10
collapse
I started reading the article but didn’t finish. This guy is a fool. He’s bitching about vendor lock in? The data isn’t supposed to be portable. That’s the point.
Signal itself is solid. For now.
The issue is that signal is a centralized infrastructure service that is based in the US.
While it’s rather unlikely that something shady is going on and the current administration manages to pressure someone into installing back doors without anyone noticing, there is a growing chance that at some point the Orange Hitler or his cronies aim at Signal - and simply shut the whole thing down in a single sweep.
Which would mean the whole thing is lost - in theory they of course could rebuild a foundation outside the US, but that would also mean they need people not residing in the US (not like Proton which claims to operate from Switzerland and in reality are US based) and find funding there - enough funding to cover the costs and that is not impeded by US pressure.
This is the scenario that makes Signal a problematic candidate - and sadly the foundation is doing nothing against it.
Easy to set up, and just works. I can’t share any of the OP’s annoyances - everything is fast. Admittedly, I don’t really use the web client. Just the Android app from F-Droid and the linux AUR package element-desktop.
Does this come with fewer mental health issues than conduwuit? Because I remember the latter had an author that was a… Mtf puppydog? And had 4 years of work experience at like 19? Who claimed that the entirety of the nix, queer and some other communities were waging a conspiracy against her and her users?
start with a discord clone
make it e2ee
make it federated
i feel like it shouldnt be this hard, but I’m not the one developing matrix, nor XMPP, nor the 3rd smaller option you the reader is wanting me to list that I am unaware of
Threeme2189@sh.itjust.works
on 20 Jul 06:21
nextcollapse
Don’t fucking clone the godaweful mess that is Discord. Please, for the love of God start with something else.
Turret3857@infosec.pub
on 20 Jul 14:36
nextcollapse
Discord is where people are at. You start with something else you’re asking for another Matrix or XMPP because people will not understand a new interface
MangoPenguin@lemmy.blahaj.zone
on 20 Jul 15:49
collapse
Discord is what people like and are used to though. If you want the average user to switch it needs to be somewhat familiar.
Suppose for text messages, sharing files, contacts and such we have solutions, and with a set of libraries solving the hard parts, that can be done relatively easily. Encryption is hard, but suppose we are not even doing E2EE yet, that we are fine with TLS till the server, mutual TLS between servers, and additional something like OTR or PGP for 1-on-1 conversations.
Voice/video calls, and especially group voice/video calls, are a different matter entirely. You have to think, solve latency problems, congestion problems, so that those were usable at all.
I agree that the UI for discord sucks shit, however my thinking is aligned with what another commenter said, its what people already know and are used to. Trying to make anything new will turn users off. I’m very open to being proven wrong about that assumption though. I’d love for a foss project to have better UI/UX than discord.
The UI is not that important. Something a bit similar to Discord in appearance and experience is doable in plenty of available UI toolkits and libraries and frameworks and whatever.
The system itself is important, so that it would be functional with federation, yet not as prone to fragmentation as XMPP, yet efficient.
deadsuperhero@lemmy.world
on 20 Jul 03:05
nextcollapse
I always liked the concept of Matrix, and still actively use it, but there’s some serious jank. Synapse is generally bloated and not fun to run an instance, Dendrite is perpetually in Beta, and the clients themselves range from adequate to awful. The default Element client on Android is so broken for me that I’m forced to use Element X, because I can’t even log in with Element.
It’s disappointing, but there’s a ton of issues that aren’t so easy to resolve. New Vector and the Element Foundation are basically two separate entities that have some kind of hard split between them, neither of which seems to have the money necessary to support comprehensive development. The protocol is said to be bloated and overtly complex, and trying to develop a client or a server implementation is something of a nightmare.
I want to see Matrix succeed, I think a lot of people see the potential of what it could be. I’m not sure it’ll ever get there.
EndlessNightmare@reddthat.com
on 20 Jul 04:55
collapse
I always liked the concept of Matrix, and still actively use it, but there’s some serious jank.
I use Element as well as Beeper, which is at its core an Element client based on network bridging. I’m a big fan of Matrix, but it isn’t as approachable as other messaging services and requires some technical know-how to use effectively.
It seems like the Linux of messaging services.
sunth1ef@sh.itjust.works
on 20 Jul 05:52
nextcollapse
From an outsiders perspective, element has never worked for me and never been stable enough to get anywhere close to discord. Joining servers is buggy AF and Element X is severely hobbied on mobile.
I’ve been refusing to use discord for about 6-8 months and am often invites to join various discords by IRL friends and online communities. I wish Matrix / Element was a viable alternative but I’ve never been able to get it working for anythung other than DMs, and I’m already happy with Signal for that honestly.
As a non developer I want to be sensitive to the amount of work involves, and the number of cooks in the kitchen, but the fact that we don’t have a FOSS- federated slack / discord killer app is leaving so much interaction on the table.
I’ve heard of Revolt but it doesn’t seem to be there with encryption
Subjectivr experience against another. I switched an peer group from skype to matrix when matrix went offline. It was way better than i would have expected. Perhaps the timing was better. The element client seems really good, beside some minor jank(like screen share doesn’t work) that was probably waylands fault, its a very good experience.
Netrunner@programming.dev
on 20 Jul 09:56
nextcollapse
I’ve been hosting a server without much problems for several years now.
Synapse and Riot.im (now Element) became much better around 2019 or 2020. But not too long ago, I also found out that Synapse also bloats the DB with state_groups_state table. There are a handful of commands that come with synapse, but no built-in admin tool or panel, so I wrote my own. Moving server to another host has been seamless for my (few) users. TURN/STUN for calls seems to work okay (I don’t really use it though).
I appreciate Element being uniform across platforms (which I cannot say about XMPP clients), but the sign-in is pretty tedious, and registration with a token is still impossible last time I checked (which is either a hassle for the user to use another client and then their smart device, or a security issue if you open registration to anyone). Most normal people probably don’t care and don’t want to deal with keys, cross-verification, and all that jazz.
Yeah, I finally pulled the trigger and moved to my own domain from matrix.org. Man, it is just so much faster. Which is sad, because the performance is pretty bad. (Element Web seems to do some per-room request as part of the initial loading screen which is obviously not scalable) but getting off of matrix.org is a huge performance improvement.
That being said there is nothing really wrong with matrix.org. The problem is really public rooms. People will join and spam. It is true of any protocol (have you heard about email?) but Matrix definitely needs to (and they are slowly working on) make it more expensive for spammers.
shiroininja@lemmy.world
on 20 Jul 15:14
nextcollapse
I don’t know why people don’t use irc, I’m in it daily and it’s busier than Matrix, and even busier than some Discord servers I’m in. And there’s mobile clients. There’s even way less bots and spam
MangoPenguin@lemmy.blahaj.zone
on 20 Jul 15:48
nextcollapse
I think the barrier to entry is kind of high, you need to use a bouncer to see what happened while you were offline.
mfed1122@discuss.tchncs.de
on 20 Jul 16:02
nextcollapse
Yeah this is exactly what turned me off from it when I looked into it. I kind of like that it would lend a more physical-space quality to it, but ultimately I’m hardly ever online, so it would just be me being totally out of the loop all the time without a bouncer. I know I could figure out how to do it, but it’s a lot of effort for something where I’m not even sure I’ll like what it gives me.
I don’t really worry about that. I treat it like natural conversation, or traditional chat rooms. I mean I don’t need a recap when I show up at a party. I just jump in. I’ve never heard of a bouncer, but I think it would turn it into more of a feed than a conversation, which is the opposite of what I want.
I’m tired of feeds and timelines. AOL chat rooms were my formative internet years, and I liked that. I think the old style of internet communication is better than the feed silos we have now. Besides, I hardly ever go back and look at older convos in other spaces. I usually hit mark all as read when I open the app.
The bouncer is just the name for the technology that maintains your connection when your client disconnects.
I’m kind of socially awkward, so I really value being able to “read the room” and see what people were talking about before I joined. I have IRC set up so that when I open it up, I see the previous 40 lines or so of dialog from before I connected. (This is a setting you can adjust on the bouncer).
I could achieve something similar by joining a room and then waiting a few minutes, but sometimes the room is very slow and no one posts, etc., it’s nice to just always be able to look at the scroll back when you log on.
yup I went back to IRC. got tired of discord and matrix just wasn’t for me. IRC is where it’s add. still remember all the stuff from the 90s so it was just like riding a bike. plus I can have it in my Terminal which is a plus.
I think IRC wins by being around the longest, but also being dead simple to set up and use.
I tried using Matrix and it just honestly frazzled my head a little. I know it’s just a few extra steps to get registered, but it honestly feels like a few extra bits of friction to what amounts to trying to join a big social circle.
bitwolf@sh.itjust.works
on 20 Jul 17:41
nextcollapse
I’m completely afraid of logging into fedora.im now. It’s so engulfed in spam, not even normal phishing spam. Absolutely horrifying spam, like gore and killing and other deranged shit.
I had to move back to matrix.org and abandon my account.
Iv used session before, its not for me Not sure how i feel about the onion routing using the loki and oxen network.
Signal has that “whatsapp” feel friends and family find easy and simplex has no identifiers some other cool features but can be a little complicated for some users
all this stuff just made me go back to IRC and realize how much I missed it.
AnimalsDream@slrpnk.net
on 20 Jul 18:56
nextcollapse
We really need to stop abandoning existing foss projects and thinking a whole new thing needs to be invented. Free and open-source software is not a product, it doesn’t abide by the same rules and relationships that proprietary tech does.
It’s more organic. It’s also a commons that we can continue to draw on, and reshape. If I recall correctly, there were something like three different vector graphic editors from the same codebase before Inkscape managed to be the one that gained traction.
Matrix isn’t perfect, but abandoning it just to reinvent it all over again just because some people really need a thing that works like Discord, even though Discord is absolute hot garbage; is just going to re-create all the same problems. Matrix today is better than it was two years ago. And Matrix in a year will be better from now.
Blemish5236@lemmy.world
on 20 Jul 19:20
nextcollapse
I agree. We should all abandon Matrix and implement any missing features into IRC or maybe XMPP
Often, the problem is that projects get to a point where they’re happy and the maintainer doesn’t want to add any new features. So people then are forced to build a new project to get those features.
Sometimes, but my point is you don’t have to start from scratch. It’s free software. You are allowed to make extensions or even fork it.
Tattorack@lemmy.world
on 20 Jul 23:12
nextcollapse
Can’t agree on Discord being hot garbage, unless you’re specifically talking about how monetisation has creeped its way into it.
However, with Vencord I don’t have to see any of that shit, while also having a far more functional and feature rich client.
Of course, a FOSS, potentially federated alternative would be greatly preferred, but it must have at least the basic functions of Discord.
poloqualle@feddit.org
on 21 Jul 07:54
nextcollapse
None of the popular/successful apps are bad.
They usually have great ui/ux and are being actively developed or at least maintained. Think google maps, apple wallet, or of course discord. What is hot garbage, however, is having to accept massive privacy violations if you use them. Vencord unfortunately does not mitigate that. :(
A large part of it is the obnoxious monetization and general enshittification and privacy violations, but that’s not all. There are a number of usability annoyances. If I’ve been away from Discord for a little while and try to continue where I left off in a thread on a server, it never properly preserves where I last stopped reading. There are often times when I get notifications but it won’t actually take me to the relevant message, and that can even result in situations where the ping just gets lost entirely.
Then there’s things inherent in Discord’s design and how people use it. It’s become a tool that people have decided is a convenient replacement for chats, wikis, and forums - but it’s a shittier version of all of those things. Pinned messages are such a tucked away and half-baked feature. The fact that people are using Discord both to organize and discuss projects - as well as using that same space to host documentation or other critical knowledge-bases has made information significantly less accessible. I don’t want to join someone’s niche club just to “learn more.” If I want to read something I would rather just go to a wiki on the actual open web.
Discord is hot garbage ultimately for the same reasons as Facebook. It’s trying to be everything to everyone, and dropping a black box on the open web by doing so. It’s just another example of people trading convenience for actually using the appropriate tools for the kind of job they’re trying to do.
VeganCheesecake@lemmy.blahaj.zone
on 21 Jul 09:03
nextcollapse
What I don’t like about Matrix is that it’s most visible homeserver and client implementations feel like they are being developed as a product by New Vector Ltd., not a community project.
gandalf_der_12te@discuss.tchncs.de
on 20 Jul 19:13
nextcollapse
I’ve used matrix for a year now and it works, but it seems slow.
Lots of people tried to self-host it and reported it uses too much RAM for what it does. (It allegedly uses 1GB or more of ram even if it only has 1-2 users)
Efficient software is a must. Software must not waste resources simply because “they are there”.
That’s my biggest gripe with matrix.
Disclaimer: i’ve not tried to host matrix myself, so i could be wrong here.
mesamunefire@piefed.social
on 20 Jul 20:39
nextcollapse
Its running about 1GB for me and my server setup. It spikes a bit if there is a lot going on, but it can get low than that when its just idling. Its not terrible, but given irc and other clients which take MB for RAM...its a bit of a hog-ish.
gandalf_der_12te@discuss.tchncs.de
on 20 Jul 20:43
nextcollapse
well there’s the problem, i have a small server available but it only has 4 GB in total and i’m also hosting other things on it, including a luanti game world
mesamunefire@piefed.social
on 20 Jul 20:46
collapse
Im running the equivalent to a pi 5 so yeah it can run with a slight delay. You may have some issues with the spikes, definitely if its more than a couple of people. 4GB in total, you will probably have to figure out if its worth it.
Also updates sometimes borks the server. Ive stopped updating until I have time to really sit down and understand what changed.
gandalf_der_12te@discuss.tchncs.de
on 20 Jul 20:48
collapse
there should be a more efficient re-implementation but i don’t have time to even attempt that :/
mesamunefire@piefed.social
on 20 Jul 21:33
nextcollapse
IRC is dead simple. You cant compare something like matrix to it in terms of resource usage thats not fair. 1GB of ram usage if fine for a server application that does messaging, pictures and video.
threaded - newest
The protocol is bloated to hell so third-party clients stand no chance, and the foundation spends more time bikeshedding or pissing away money than they do developing. It’s a doomed project.
So what’s left? Jabber?
Back to IRC we go...
It is entirely insecure.
Not when the entirety of your conversations are jargon and in-jokes!
/s
xmpp isn’t.
(Ok I get xmpp alone is but every modern client supports the same two encryption methods so judge for yourself)
Define secure. You can run your own network.
The argument has always been, if when chat rooms are public, anyone can join and start logging the chats, encryption does nothing.
It has the ability to connect over TLS, but that’s about it.
I loved using it for its simplicity, except when using all the different flavours of nick registration (Q, NickServ, …).
My friends created a telegram group and invited in a couple of bots that do stupid things like posting images or vulgarities when they detect certain words, or perform actions on request.
I tried to convince them to get rid of the bots but they’re in the “we have nothing to hide” camp.
There is some nuance here. It would be nice to not have your identity publicly linked to your IP address, which is not always the default on IRC.
That’s the main privacy concern I know about I guess.
Slrpnk hosts an XMPP/Jabber for our users, mods and admins to communicate. Its worked pretty darn well for the past couple years, with very low resource needs.
The clients are pretty slick now too, such as Cheogram or Monocles for mobile, and movim is an excellent web app with support for group calls.
I’d certainly recommend it over Matrix/element.
What’s the protection in the clients assuming compromised infrastructure, like e.g. in notes.valdikss.org.ru/jabber.ru-mitm/ ?
Significant improvements to certificate pinning and validation have been added to all major XMPP clients as a result of this incident, but it should also be clear that hosting a server on infrastructure under control by an antagonist government (see also Signal) is a very bad idea and hard to mitigate against.
End to end encryption between clients (also for groups) seems to partly address the issue of a bad server. As for self-hosting, any rented or cloud sevices are very vulnerable to an evil maid. So either in-house hosting or locked cages with tamper-proof hardware remain an option.
Signal doesn’t suffer anything worse than DoS if a hostile party controls the central service. That’s its point and role. It’s based on the assumption that such hostile parties as governments don’t like DoS’ing central services, they prefer to be invisible.
For other points and roles other solutions exist. One can’t make an application covering them all, that never happens.
Briar again (I’ve finally read on it and installed it, and I love how it works and also the authors’ plans on the future possibilities based on the same protocols, but not for IM, say, there’s an article discussing possibility of RPC over those, which, for example, can give us something like the Web ; I mean, those plans are ambitious and if I want them to succeed so much, I should look for ways to defeat my executive dysfunction and distractions and learn Java). Except it would be cool if it allowed to toss data over untrusted parties, say, now if two Briar users in the same group are not in each other’s range, but there’s a third Briar user not in that group between them, their group won’t synchronize (provided they don’t have Internet connectivity). If one could allow allocating some space for such piggybacked data, or create some mesh routing functionality, then it would become a bit cooler.
You are very naive if you think that is all the US government can do in regards to Signal, but suit yourself 🤷
OK, so what else in your opinion can it do?
A lot, but please educate yourself, this topic has been extensively discussed here and in other places.
Thanks for the advice.
This is noise, not an argument.
I dunno what’s the purpose of this comment. I asked for specific things, not for noise.
Whenever anybody on the internet tells you to educate yourself, but refuses to provide the information they allude to, they’re lying. They know they’re lying.
Signal has issues, like SVR… which are worth discussing on their own without this weird vague eliteism
Yes, I know that.
Especially the “this has been discussed before” thing, I dunno about other countries and cultures, but in Russia this is the most common obnoxious shit people without arguments and thinking they have authority use.
Yeah it’s like appealing to authority and social pressure all in one. We already discussed it. Bah.
This sort of stuff is old as shit
Anything that’s been proven/confirmed?
Signal is under control by the government? 🤔
Their server infrastructure is (run by Pentagon and NSA best buddies AWS).
And that means the government controls it?
The infrastructure is under control of an antagonistic government, yes. Hetzner is also technically a private company, but they obviously willingly complied with requests from the German government.
And what are the implications of that control? It doesn’t mean they can access anything on it. Especially not data that doesn’t exist.
They have live access to all of the metadata and can easily correlate that with phone numbers that Signal stores and shares on request of governments. Just because Signal claims they don’t store anything doesn’t mean that the ones that 100% run all the servers Signal uses don’t access and store anything. You are being extremely naive if you believe Signals BS marketing.
I’d love to see the evidence you have for this.
I don’t believe in marketing. I believe in open source code, security audits, and the entirety of the privacy and security community.
Look, if you run the server you have access to metadata of clients connecting to it. That is networking 101. And that Signal shares phone numbers and connection timestamps is well established by court documents.
The security audits are of the code and encryption algorithm, not the infrastructure.
So you don’t have any evidence.
They do not share phone numbers. Phone numbers are the identifier, meaning if anyone wants the timestamps, they need to have it already.
The only timestamps shared are when they signed up and when they last connected. This is well established by court documents that Signal themselves share publicly.
I don’t need evidence for water being wet 🤷
I can observe that water is wet. I cannot observe that the NSA is collecting mountains of metadata from Signal servers.
You can observe that your Signal client connects to IPs that belong to AWS, which is the same thing.
LOL no it’s not.
www.theregister.com/2022/04/28/nsa_wands_aws/
So Signal does not have reproducible builds, which are very concerning securitywise. I talk about it in this comment: programming.dev/post/33557941/18030327 . The TLDR is that no reproducible builds = impossible to detect if you are getting an unmodified version of the client.
Centralized servers compound these security issues and make it worse. If the client is vulnerable to some form of replacement attack, then they could use a much more subtle, difficult to detect backdoor, like a weaker crypto implementation, which leaks meta/userdata.
With decentralized/federated services, if a client is using other servers other than the “main” one, you either have to compromise both the client and the server, or compromise the client in a very obvious way that causes the client to send extra data to server’s it shouldn’t be sending data too.
A big part of the problem comes with what Github calls “bugdoors”. These are “accidental” bugs that are backdoors. With a centralized service, it becomes much easier to introduce “bugdoors” because all the data routes through one service, which could then silently take advantage of this bug on their own servers.
This is my concern with Signal being centralized. But mostly I’d say don’t worry about it, threat model and all that.
I’m just gonna @ everybody who was in the conversation. I posted this top level for visibility.
@Ulrich@feddit.org @rottingleaf@lemmy.world @jet@hackertalks.com @eleitl@lemmy.world @Damage@feddit.it
EDIT: elsewhere in the thread it is talked about what is probably a nation state wiretapping attempt on an XMPP service: www.devever.net/~hl/xmpp-incident
For a similar threat model, signal is simply not adequate for reasons I mentioned above, and that’s probably what poqVoq was referring to when he mentioned how it was discussed here.
This of course, assumes I trust the courts. But if I am seeking maximum privacy/security, I should not have to do that.
I’m afraid that’s quite outside my field of expertise. I can only report how my experience on XMPP has been as a user, though perhaps @poVoq@slrpnk.net, who hosts it, may be able to weigh in on that. Edit: ah, I see you already have 😄
Though from my untrained eye, it seems that Jabber.ru was compromised due to not enabling a particular feature on their server
And it seems that hosting it externally on paid hosting service (hetzner and linode) left them particularly vulnerable to this attack, and tgat it could’ve been mitigated by self hosting the XMPP locally, as well as activating that feature.
www.devever.net/~hl/xmpp-incident
This article discusses some mitigations.
You an also use a platform like simplex or the tor routing ones, but they aren’t going to offer the features of XMPP. It’s better to just not worry about it. This kind of attack is so difficult to defend against that it should be out of the threat model of the vast majority of users.
Not to mention you can run a server on anything pretty much and for surprisingly big amount of users. Toaster or potatoes will do just fine.
I wouldn’t call either of those, or any other XMPP clients “slick” and it’s my biggest complaint about the protocol.
What would make them slick?
Depends what your goal is. Revolt seems pretty cool, but I don’t think it has any kind of encryption. It is based in Europe, though, so it gets GDPR protection, and it’s open source, so it could be forked to fit other needs and uses.
No, Revolt checks neither of my boxes unfortunately.
What about delta?
You can interact with Matrix server through basic curl commands… and I thought the documentation was pretty good. There are plenty of third-party clients.
Sure, E2EE, keys and cross-signing is not trivial, but I don’t know where it is.
I didn’t imply that you can’t strip the protocol down to its bare essentials and still use it, but what’s the point of a protocol if everyone is on their own personalized version of it? Version / Feature fragmentation is a massive problem and basically none of the third party clients are up to snuff. Synapse is a massive bowl of lukewarm dog water, and most alternatives to it die in a year because it’s impossible to keep up. There’s too much shit in the protocol.
What specific version/feature fragmentation and clients are you referring to? As is common now, newer Synapse drops support for older Postgres (for example). Voice and video calls is the only feature that I can think of that is half-assed in Element/ElementX or not implemented in some clients.
Otherwise, Element, Element X, FluffyChat, Fractal, freaking Cinny on Ubuntu Touch (!), and terminal-based gomuks all support basic functionality, DMs, rooms, encryption, and attachments.
For me Matrix is fine, I can use IRC, Whatsapp and Discord with it. But Element is not my cup of tea, especially with Firefox as it doesn't play any videos other users are sharing. The same videos work fine with Cinny.
The fact that many Discord and IRC channels (servers?) block Matrix connections has drastically reduced its usefulness for me. When I was running my own Matrix server, I could have gotten around it by using a puppet, but Synapse is such a hog I had to shut it down, and most of the IRC rooms I want to use don’t allow Matrix proxies.
The IRC (Biboumi) and Discord bridges (slidge.im) for XMPP work still fine and running your own server is super lightweight.
Not IME. Are you running Synapse? Gigabytes of disk usage and memory leaks requiring restarts.
They’re taking about switching to Jabber/XMPP, which is what those two bridges are for, and they’re saying XMPP servers are lightweight.
It’s a bit confusing in context, I’ll admit.
Oh. I did misread that. Thanks for pointing it out!
I am talking about xmpp servers 🤷
Yup! Someone else pointed that out to me; I thought you were talking about the puppets and missed that you were talking about Jabber.
My bad!
I’ve been running the same matrix instance since ubuntu 18.04lts, just upgraded the virtual machine along the ride, so that has to be +6 years it’s been running 24/7.
I have not once rebooted my server due to performance reasons (like a mem leak). And like last 4 years I’ve ran the instance virtualized on a hp thin client, lately on a hp t640.
While I understand the criticism towards synapse being a complex and slow, and element being slow-ish, I don’t feel justified saying synapse would need any restarts in general. At least I have never restarted it in 6+ years and my instance has been working without those required restarts.
Yeah, I miss the irc, too. I still use it via my matrix instance.
I’ve never had to reboot the server; I had to restart Synapse because if Memory leaks.
Are you using any bridges?
Anyway, it got too expensive to run my own, so I went back to Matrix.org. Now I’m mostly back on IRC except for a couple of rooms. IRC stinks, but Matrix has been nothing but a decade of pain.
I am still mad that are no mobile clients that supports multiple accounts. So I am ending up installing for each account a different client.
Edit: added mobile.
NeoChat on KDE allows me to choose which account to login to when I start it.
Does it let you be logged in as both ?
If I want to send and receive messages from another account, I have to press 2 buttons to switch to it. Otherwise, I still get desktop notifications from all of them, I think.
Element Desktop has profiles. But sadly there are no profiles on the mobile app.
commet.chat
Fluffy chat allows multiple accounts
I like this client. Thanks for the tip.
I see what you did here. Say something wrong on the internet to get multiple helpful tips.
i want 90s era icq and 2000s era msn back :(
But they both closed source protocols locked down to specific corp
What would you propose, then?
How about jabber/XMPP
I wish xmpp was p2p. I can self-host but it could be way simpler if people didn't have to.
How active are communities on these nowadays?
I think they are OK. When switching to it couple of years ago ifeared there will be no-one but was please tly suprised. For sure you do t have situation where most of the participants in the room are ghost accounts because presence actually works. So might look smaller but you are sure it’s real users.
But locked in a way where nice third party clients could still interact with them. I never used official clients after a time.
That seems to have gone away.
A/S/L?
400/F/krynn oh sorry i was in the red dragon inn room :3
Who was 400 years old from Krynn? Sylvara? It’s been a long time since I’ve read those books.
it's been a while so i just picked random names for the bit but now i kinda wanna go back and read the dragons o autumn twilight series (mostly to get to time of the twins)
XMPP works, but there are no video calls. Matrix has those, and they are very good. But since it is not possible there to see the online state of my friends (turned off everywhere due to horrible performance), it defeats the purpose. I want to see if they are at their computer, not if they own a mobile phone. 😉
Are video calls really that important? I almost never do that.
Almost never, but when they are: very much so yes
I just use dedicated software for video calls, it’s easy enough to ask the other person to jump on a video call on something else.
I do 1:1 videocalls on XMPP. Quite some clients implement that now. But there were no videoconferences until very recently. That’s changing, though. See Movim right now, for example.
Main 2 issues with XMPP are inconsistent clients (in terms of GUI but also features wise) and the incredibly, astonishingly, ridiculously sloooooooooooooooow evolution of the protocol through the XSF. Nothing can get in there until it’s “perfect”. Clients devs are reluctant to implement things until the extension is stable. And the best part is this approach hardly work: the best way to figure if something works is to deploy it in larger and larger scales and improve it on the way as you identify corner cases you didn’t think about. Not to review the description for months/year until it qualifies as literature…
I agree with all this. The thing which caused me to uninstall was suddenly being pushed lots of abusive message with disturbing contents.
When I complained about it, Matrix told me that my public complaints were hurting the ecosystem and I should be quiet.
Weird. I think they did some improvement to prevent those abusive messages but it took a while and it was embarrassing. Maybe it's hard to prevent them with a federated network but still, the abusive messages where basically a copy paste.
I had a wild ride with matrix, originally wanting to run a node on my server. That did not turn out well, because I was a bit stupid and just assumed there would be more admin/mod tools out of the box. As it turned out, I had inadvertently allowed spam/abuse accounts on my node without even noticing, because naive as I was, I assumed my admin-level account would get informed of stuff like user registrations and abuse reports in the standard Element frontend. As a bonus, when I checked what was supposedly the official matrix support channel, it was repeatedly getting spammed with CSAM and gore at the time. That was when I realised, that it definitely was not the ecosystem for me, and running a node without experience had been a pretty stupid idea on my end.
I have to wonder if there is a major commercial interest in that though.
Not impossible, although, sadly - any system where anonymity is the prime focus will also invite fucked up shit in addition to legitimate use, without any complicated motives behind it. There’s just a relevant fraction of humanity who are, sometimes essentially, sometimes temporarily, messed up fucks. Which is why I think providing ways to combat abuse has to be a high priority for the underlying development of any project like it, unless it explicitly doesn’t aim for mainstream adoption.
The CSAM spam is so annoying. I don’t understand who is doing this or why.
Yeah. I an hosting a homeserver for my ttrpg groups, but it doesn’t have any federation enwbled at all, and sign ups are invite-only.
The amount of work needed to moderate a public instance, especially with the lacking tools available, seems crazy. Also, I don’t love it that New Vector has an implementation for an admin console, that seems to be available exclusively for paying subscribers to the enterprise version of their element server suite.
Oh fuck that culty nonsense!
I just want a self-hostable open-source alternative to the shitty closed-source IM systems I’m forced to use
I’m sticking with Matrix for now, hopefully some of the issues I’ve had will get ironed out
Nextcloud talk?
I’m not sure how much it would make sense for me as I don’t use Nextcloud for anything else
Revolt is a self hosted discord clone
The lack of group voice calls is what mainly kept me from adopting that. Hope they get that working soon.
I swear there were calls when I was testing it a year or two ago. Guess not then.
Snikket is the rebranded-dockerized XMPP environment (uses prosody for server, Conversations clone for Android, and Monal clone for iOS).
Worked pretty well for me in the past.
If you want 1:1 chat, Simplex should work well.
XMPP is still an option
That is what the author said they switch to, but TBH XMPP also has issues with MFA and messages frequently not being decrypted (using OMEMO) and ‘unencrypted metadata’.
I wouldn’t say that it works better than Matrix, it just has some different strengths and weaknesses.
I haven't had any issues with it, but it all depends of the client and server
I wonder if Keet with every be open sourced. They still are missing a lot of features that I personally find important like trying notification, read receipt.
The thing is… What alternatives are there? Signal can’t be trusted (on the very same website there is an article about it). I’m not using closed source alternatives, Simplex is kinda shady too tbh and I’m not even sure I could get anyone to use it.
I don’t like Matrix/Element either but sadly its the best open source chat solution we have.
The article author went back to XMPP, which does appear to be the best option currently.
In what universe is XMPP better than Matrix?
XMPP is significantly less decentralized, allowing them to “”“cut corners”“” compared to Matrix protocol implementation, and scale significantly better. (In heavy quotes, as XMPP isn’t really cutting corners, but true decentralization requires more work to achieve seemingly “the same result”)
An XMPP or IRC channel with a few thousand users is no problem, wheras Matrix can have problems with that. On the other hand, any one Matrix homeserver going down does not impact users that aren’t specifically on that homeserver, whereas XMPP is centralized enough that it can take down a whole channel.
Meanwhile IRC is a 90s protocol that doesn’t make any sense in the modern world of mainly mobile devices.
XMPP also doesn’t change much, the last proper addition to the protocol (from what I can tell, on the website) was 2024-08-30 xmpp.org/extensions/xep-0004.html
IRC makes sense in a world where people register to bouncers, which allow people to connect to any IRC network they please.
XMPP doesn’t change very very often, but there’s actually tons of XEPs that are in common use and are considered functionally essential for a modern client, and with much higher numbers than XEP-0004
The good news, though, is that mostly you as the user don’t need to care about those! Most of the modern clients agree on the core set and thus interoperate fine for most normal things. And most XEPs have a fallback in case the receiver doesn’t support the same XEPs.
I’m general XMPP as a protocol is a lightweight core that supports an interesting soup of modules (in the form of XEPs) to make it a real messenger in the modern sense. And I think that’s neat! But you can’t really judge the core to say how often things change.
xmpp mentioned, I’ll add IRC
I forgot to add nextcloud talk!
.
Why don’t people trust Signal?
Its a 18 months old but OP means this on the same site. マリウス.com/if-you-must-use-signal-use-molly/
The blogger also stopped using proton mail. So idk. Seems to be their thing atm.
I started reading the article but didn’t finish. This guy is a fool. He’s bitching about vendor lock in? The data isn’t supposed to be portable. That’s the point.
Signal itself is solid. For now. The issue is that signal is a centralized infrastructure service that is based in the US.
While it’s rather unlikely that something shady is going on and the current administration manages to pressure someone into installing back doors without anyone noticing, there is a growing chance that at some point the Orange Hitler or his cronies aim at Signal - and simply shut the whole thing down in a single sweep.
Which would mean the whole thing is lost - in theory they of course could rebuild a foundation outside the US, but that would also mean they need people not residing in the US (not like Proton which claims to operate from Switzerland and in reality are US based) and find funding there - enough funding to cover the costs and that is not impeded by US pressure.
This is the scenario that makes Signal a problematic candidate - and sadly the foundation is doing nothing against it.
Going back to TS3 and IRC. They never left
Counterpoint: this is just some random blogger and you don’t need to follow any of their advice.
github.com/matrix-construct/tuwunel
Plug for tuwunnel.
Easy to set up, and just works. I can’t share any of the OP’s annoyances - everything is fast. Admittedly, I don’t really use the web client. Just the Android app from F-Droid and the linux AUR package element-desktop.
Does this come with fewer mental health issues than conduwuit? Because I remember the latter had an author that was a… Mtf puppydog? And had 4 years of work experience at like 19? Who claimed that the entirety of the nix, queer and some other communities were waging a conspiracy against her and her users?
I tried it, joined a couple rooms. Wanted to leave those public rooms but I kept getting notifications of rooms I already left.
Very wonky experience, so I dropped it and I use deltaChat now for my Tech-aware contacts
I am glad someone can admit it failed and we have to learn from this. I am just wondering what it takes to succeed.
start with a discord clone make it e2ee make it federated i feel like it shouldnt be this hard, but I’m not the one developing matrix, nor XMPP, nor the 3rd smaller option you the reader is wanting me to list that I am unaware of
Don’t fucking clone the godaweful mess that is Discord. Please, for the love of God start with something else.
Discord is where people are at. You start with something else you’re asking for another Matrix or XMPP because people will not understand a new interface
Discord is what people like and are used to though. If you want the average user to switch it needs to be somewhat familiar.
Suppose for text messages, sharing files, contacts and such we have solutions, and with a set of libraries solving the hard parts, that can be done relatively easily. Encryption is hard, but suppose we are not even doing E2EE yet, that we are fine with TLS till the server, mutual TLS between servers, and additional something like OTR or PGP for 1-on-1 conversations.
Voice/video calls, and especially group voice/video calls, are a different matter entirely. You have to think, solve latency problems, congestion problems, so that those were usable at all.
Discord UI is not very nice.
I agree that the UI for discord sucks shit, however my thinking is aligned with what another commenter said, its what people already know and are used to. Trying to make anything new will turn users off. I’m very open to being proven wrong about that assumption though. I’d love for a foss project to have better UI/UX than discord.
The UI is not that important. Something a bit similar to Discord in appearance and experience is doable in plenty of available UI toolkits and libraries and frameworks and whatever.
The system itself is important, so that it would be functional with federation, yet not as prone to fragmentation as XMPP, yet efficient.
I always liked the concept of Matrix, and still actively use it, but there’s some serious jank. Synapse is generally bloated and not fun to run an instance, Dendrite is perpetually in Beta, and the clients themselves range from adequate to awful. The default Element client on Android is so broken for me that I’m forced to use Element X, because I can’t even log in with Element.
It’s disappointing, but there’s a ton of issues that aren’t so easy to resolve. New Vector and the Element Foundation are basically two separate entities that have some kind of hard split between them, neither of which seems to have the money necessary to support comprehensive development. The protocol is said to be bloated and overtly complex, and trying to develop a client or a server implementation is something of a nightmare.
I want to see Matrix succeed, I think a lot of people see the potential of what it could be. I’m not sure it’ll ever get there.
I use Element as well as Beeper, which is at its core an Element client based on network bridging. I’m a big fan of Matrix, but it isn’t as approachable as other messaging services and requires some technical know-how to use effectively.
It seems like the Linux of messaging services.
From an outsiders perspective, element has never worked for me and never been stable enough to get anywhere close to discord. Joining servers is buggy AF and Element X is severely hobbied on mobile.
I’ve been refusing to use discord for about 6-8 months and am often invites to join various discords by IRL friends and online communities. I wish Matrix / Element was a viable alternative but I’ve never been able to get it working for anythung other than DMs, and I’m already happy with Signal for that honestly.
As a non developer I want to be sensitive to the amount of work involves, and the number of cooks in the kitchen, but the fact that we don’t have a FOSS- federated slack / discord killer app is leaving so much interaction on the table.
I’ve heard of Revolt but it doesn’t seem to be there with encryption
You got PeerSuite as a newcomer, and a pretty promising one with the concept of not having any servers tied to it at all, at that.
Shit, I had such high hopes.
And that’s dashed because of some random blog?
Subjectivr experience against another. I switched an peer group from skype to matrix when matrix went offline. It was way better than i would have expected. Perhaps the timing was better. The element client seems really good, beside some minor jank(like screen share doesn’t work) that was probably waylands fault, its a very good experience.
Self hosted matrix works great. /thread
I’ve been hosting a server without much problems for several years now.
Synapse and Riot.im (now Element) became much better around 2019 or 2020. But not too long ago, I also found out that Synapse also bloats the DB with state_groups_state table. There are a handful of commands that come with synapse, but no built-in admin tool or panel, so I wrote my own. Moving server to another host has been seamless for my (few) users. TURN/STUN for calls seems to work okay (I don’t really use it though).
I appreciate Element being uniform across platforms (which I cannot say about XMPP clients), but the sign-in is pretty tedious, and registration with a token is still impossible last time I checked (which is either a hassle for the user to use another client and then their smart device, or a security issue if you open registration to anyone). Most normal people probably don’t care and don’t want to deal with keys, cross-verification, and all that jazz.
Yeah, I finally pulled the trigger and moved to my own domain from
matrix.org. Man, it is just so much faster. Which is sad, because the performance is pretty bad. (Element Web seems to do some per-room request as part of the initial loading screen which is obviously not scalable) but getting off ofmatrix.orgis a huge performance improvement.That being said there is nothing really wrong with
matrix.org. The problem is really public rooms. People will join and spam. It is true of any protocol (have you heard about email?) but Matrix definitely needs to (and they are slowly working on) make it more expensive for spammers.I don’t know why people don’t use irc, I’m in it daily and it’s busier than Matrix, and even busier than some Discord servers I’m in. And there’s mobile clients. There’s even way less bots and spam
I think the barrier to entry is kind of high, you need to use a bouncer to see what happened while you were offline.
Yeah this is exactly what turned me off from it when I looked into it. I kind of like that it would lend a more physical-space quality to it, but ultimately I’m hardly ever online, so it would just be me being totally out of the loop all the time without a bouncer. I know I could figure out how to do it, but it’s a lot of effort for something where I’m not even sure I’ll like what it gives me.
I don’t really worry about that. I treat it like natural conversation, or traditional chat rooms. I mean I don’t need a recap when I show up at a party. I just jump in. I’ve never heard of a bouncer, but I think it would turn it into more of a feed than a conversation, which is the opposite of what I want.
I’m tired of feeds and timelines. AOL chat rooms were my formative internet years, and I liked that. I think the old style of internet communication is better than the feed silos we have now. Besides, I hardly ever go back and look at older convos in other spaces. I usually hit mark all as read when I open the app.
The bouncer is just the name for the technology that maintains your connection when your client disconnects.
I’m kind of socially awkward, so I really value being able to “read the room” and see what people were talking about before I joined. I have IRC set up so that when I open it up, I see the previous 40 lines or so of dialog from before I connected. (This is a setting you can adjust on the bouncer).
I could achieve something similar by joining a room and then waiting a few minutes, but sometimes the room is very slow and no one posts, etc., it’s nice to just always be able to look at the scroll back when you log on.
yup I went back to IRC. got tired of discord and matrix just wasn’t for me. IRC is where it’s add. still remember all the stuff from the 90s so it was just like riding a bike. plus I can have it in my Terminal which is a plus.
I think IRC wins by being around the longest, but also being dead simple to set up and use.
I tried using Matrix and it just honestly frazzled my head a little. I know it’s just a few extra steps to get registered, but it honestly feels like a few extra bits of friction to what amounts to trying to join a big social circle.
I’m completely afraid of logging into fedora.im now. It’s so engulfed in spam, not even normal phishing spam. Absolutely horrifying spam, like gore and killing and other deranged shit.
I had to move back to matrix.org and abandon my account.
Iv tried matrix a couple times. I wanted to like it but couldnt get on with it.
Signal and simplex are still my prefrence
Try out Session. It’s one of the best ones that are lesser known
Iv used session before, its not for me Not sure how i feel about the onion routing using the loki and oxen network.
Signal has that “whatsapp” feel friends and family find easy and simplex has no identifiers some other cool features but can be a little complicated for some users
all this stuff just made me go back to IRC and realize how much I missed it.
We really need to stop abandoning existing foss projects and thinking a whole new thing needs to be invented. Free and open-source software is not a product, it doesn’t abide by the same rules and relationships that proprietary tech does.
It’s more organic. It’s also a commons that we can continue to draw on, and reshape. If I recall correctly, there were something like three different vector graphic editors from the same codebase before Inkscape managed to be the one that gained traction.
Matrix isn’t perfect, but abandoning it just to reinvent it all over again just because some people really need a thing that works like Discord, even though Discord is absolute hot garbage; is just going to re-create all the same problems. Matrix today is better than it was two years ago. And Matrix in a year will be better from now.
I agree. We should all abandon Matrix and implement any missing features into IRC or maybe XMPP
Sure, go for it. Though XMPP has so many features at this point, it might already have Matrix, irc, Discord, and email for all we know. ¯\_(ツ)_/¯
Often, the problem is that projects get to a point where they’re happy and the maintainer doesn’t want to add any new features. So people then are forced to build a new project to get those features.
Sometimes, but my point is you don’t have to start from scratch. It’s free software. You are allowed to make extensions or even fork it.
Can’t agree on Discord being hot garbage, unless you’re specifically talking about how monetisation has creeped its way into it.
However, with Vencord I don’t have to see any of that shit, while also having a far more functional and feature rich client.
Of course, a FOSS, potentially federated alternative would be greatly preferred, but it must have at least the basic functions of Discord.
None of the popular/successful apps are bad.
They usually have great ui/ux and are being actively developed or at least maintained. Think google maps, apple wallet, or of course discord. What is hot garbage, however, is having to accept massive privacy violations if you use them. Vencord unfortunately does not mitigate that. :(
A large part of it is the obnoxious monetization and general enshittification and privacy violations, but that’s not all. There are a number of usability annoyances. If I’ve been away from Discord for a little while and try to continue where I left off in a thread on a server, it never properly preserves where I last stopped reading. There are often times when I get notifications but it won’t actually take me to the relevant message, and that can even result in situations where the ping just gets lost entirely.
Then there’s things inherent in Discord’s design and how people use it. It’s become a tool that people have decided is a convenient replacement for chats, wikis, and forums - but it’s a shittier version of all of those things. Pinned messages are such a tucked away and half-baked feature. The fact that people are using Discord both to organize and discuss projects - as well as using that same space to host documentation or other critical knowledge-bases has made information significantly less accessible. I don’t want to join someone’s niche club just to “learn more.” If I want to read something I would rather just go to a wiki on the actual open web.
Discord is hot garbage ultimately for the same reasons as Facebook. It’s trying to be everything to everyone, and dropping a black box on the open web by doing so. It’s just another example of people trading convenience for actually using the appropriate tools for the kind of job they’re trying to do.
What I don’t like about Matrix is that it’s most visible homeserver and client implementations feel like they are being developed as a product by New Vector Ltd., not a community project.
How so?
I agree with you, my main issue with Matrix is that it is a pain to self-host at the moment.
github.com/…/matrix-docker-ansible-deploy
Honestly, with this, it is easier than ever. Great documentation !
Isn’t everything a pain to selfhost?
I’ve used matrix for a year now and it works, but it seems slow.
Lots of people tried to self-host it and reported it uses too much RAM for what it does. (It allegedly uses 1GB or more of ram even if it only has 1-2 users)
Efficient software is a must. Software must not waste resources simply because “they are there”. That’s my biggest gripe with matrix.
Disclaimer: i’ve not tried to host matrix myself, so i could be wrong here.
Its running about 1GB for me and my server setup. It spikes a bit if there is a lot going on, but it can get low than that when its just idling. Its not terrible, but given irc and other clients which take MB for RAM...its a bit of a hog-ish.
well there’s the problem, i have a small server available but it only has 4 GB in total and i’m also hosting other things on it, including a luanti game world
Im running the equivalent to a pi 5 so yeah it can run with a slight delay. You may have some issues with the spikes, definitely if its more than a couple of people. 4GB in total, you will probably have to figure out if its worth it.
Also updates sometimes borks the server. Ive stopped updating until I have time to really sit down and understand what changed.
there should be a more efficient re-implementation but i don’t have time to even attempt that :/
Yeah thats fair.
Conduit is a Rust implementation that runs OK, but obviously doesn’t have feature parity
IRC is dead simple. You cant compare something like matrix to it in terms of resource usage thats not fair. 1GB of ram usage if fine for a server application that does messaging, pictures and video.
So we need to bring back IRC, if someone doesn’t know how it works - well, I don’t want to talk with such person. Bring back gatekeeping
Matrix 2.0 is much faster, but seems like they’ve been building it for a decade.
The app is out, but still no Spaces support; which is what makes it a competitor to Discord.
♻️ какой смысл пользоваться этим медленным гавном прекратите, ватсап, имхо очень хорош
This url is amazing lol
It’s
マリウス.combut the “internationalized domain name” system pynycodes it to gibberish to prevent spoofing urls using lookalike characters.Like
https://xn–mzon-43db.com/isаmаzon.com. Those are cyrillic lowercase ‘а’, not ‘a’.[EDIT] The blog itself actually has a great article explaining it.