Wouldn’t Signal or SimpleX be a better alternative to Matrix?
Given the state of Matrix clients and Matrix is designed to be federated (plus self-hosting is not simple and requires it’s own security precautions).
magic_smoke@links.hackliberty.org
on 21 Aug 2024 19:43
nextcollapse
If you’re running a multimillion dollar drug operation and you’re too incompetent to set up, or too cheap to pay someone to do in your place what most home-labbers could with a couple hundred bucks of hardware, then you’re going to get caught and you probably deserve it.
Realistically xmpp over i2p or tor on a disposable live-booting OS would be the best answer. Shit even a one-time-use pay-as-you-go gas station burner woulda been better in most cases. Failing that, you should at least plant yourself in a corrupt enough country and just pay off the local law-enforcement.
If you can’t do opsec and own your own comms, then why the fuck would you break international law like that?
helenslunch@feddit.nl
on 21 Aug 2024 22:11
nextcollapse
Wouldn’t Signal or SimpleX be a better alternative to Matrix?
Better how? Signal is more user-friendly and stores less metadata but is centralized and dependent on Signal’s servers.
Running your own Matrix server also means running your own host server, database, caches, reverse proxy, firewall, networking stack, etc… Keeping these things running and updated. As well as vetting and updating clients.
helenslunch@feddit.nl
on 21 Aug 2024 23:02
collapse
Don’t have to run your own server, you can choose from any of hundreds of public ones.
Uhh yeah, but is that wise if you’re trafficking drugs?
helenslunch@feddit.nl
on 22 Aug 2024 00:35
collapse
Yeah, actually. Will be a lot harder to track it back to you if you’re one of thousands of random users on a public server rather than one you’re hosting using your personal information.
How is it a lot harder to track if the FBI can just subpoena the sysadmin for server/room logs?
With respect, this viewpoint is not defensible from an operational security perspective.
It’s like saying they should use GMail because they have hundreds of millions of users. When the problem isn’t being a needle in haystack, but rather the fact that Google will gladly look through your private data and happily hand it over to the authorities.
helenslunch@feddit.nl
on 22 Aug 2024 12:44
collapse
How is it a lot harder to track if the FBI can just subpoena the sysadmin for server/room logs?
What would stop them from subpoenaing all information from your personal server?
There’s no personal information tied to your account. The server does not have your IP, your email, your CC, etc.
With respect, this viewpoint is not defensible from an operational security perspective.
“With respect”, ya don’t know what you’re talking about.
It’s like saying they should use GMail because they have hundreds of millions of users.
Except it’s not like that at all because Gmail is going to collect all the information about you they possibly can and Matrix is going to do the opposite.
What would stop them from subpoenaing all information from your personal server?
If you’re a drug dealer and the FBI sends you a subpoena—you could simply….not respond.
There’s no personal information tied to your account.
There is actually a bunch of metadata tied to your account and your room. That’s partly how they caught that kid with the Pentagon leaks.
And again, there may be other services between the clients and the matrix server that collect personal data (e.g. reverse proxies, load balancers).
—
If you are someone who ostensibly cares about privacy and security (like a drug dealer) why would you rely on the benevolence and security hygiene of a stranger you can’t audit? Instead of using a known good actor, like Signal or SimpleX, or no actor, like Briar.
helenslunch@feddit.nl
on 22 Aug 2024 17:10
collapse
If you’re a drug dealer and the FBI sends you a subpoena—you could simply….not respond.
I mean sure, but then you’d have bigger problems.
There is actually a bunch of metadata tied to your account and your room.
I understand Metadata is a big problem with Matrix (even for me, personally). Metadata is not personal information if it remains detached from your identity.
If you are someone who ostensibly cares about privacy and security (like a drug dealer)
LOL
why would you rely on the benevolence and security hygiene of a stranger you can’t audit?
I’ve already explained why.
Instead of using a known good actor, like Signal or SimpleX, or no actor, like Briar.
Like I said, there are pros and cons of each. I’m not telling you you should use anything specific. You just have to use whatever works for your situation.
anarchrist@lemmy.dbzer0.com
on 21 Aug 2024 23:47
collapse
At that point if you’re trusting a rando, just use signal
helenslunch@feddit.nl
on 22 Aug 2024 00:36
collapse
Who are you trusting with what?
anarchrist@lemmy.dbzer0.com
on 22 Aug 2024 00:57
collapse
You’re trusting whoever runs the hardware that they’re not snooping on you
Saik0Shinigami@lemmy.saik0.com
on 22 Aug 2024 02:26
nextcollapse
Correct… So put EVERYONE into one basket… Or split everyone up into multiple baskets…
Now I dunno about your mom… But mine told me to not put all my eggs into one basket.
helenslunch@feddit.nl
on 22 Aug 2024 04:40
collapse
You’re not. Everything is encrypted.
anarchrist@lemmy.dbzer0.com
on 22 Aug 2024 10:40
collapse
How the fuck would you confirm that? Maybe the sysadmin is running a forked version of matrix that just says it’s encrypted but actually logs everything in clear text.
helenslunch@feddit.nl
on 22 Aug 2024 12:40
nextcollapse
…why would they do that?
FutileRecipe@lemmy.world
on 22 Aug 2024 12:55
nextcollapse
Why do people phish, dumpster dive, or social engineer? So they can snoop and grab anything of value.
helenslunch@feddit.nl
on 22 Aug 2024 13:13
collapse
There is nothing of value.
anarchrist@lemmy.dbzer0.com
on 22 Aug 2024 17:23
collapse
What makes a man turn neutral? Lust for gold? Power? Or were you just born with a heart full of neutrality?
helenslunch@feddit.nl
on 22 Aug 2024 17:27
collapse
Baking powder.
TechLich@lemmy.world
on 22 Aug 2024 14:18
collapse
I don’t think that’s how it works? It’s the client application that has the key for the end to end encryption, not the server. I don’t think you need to trust the matrix server you use? I could be wrong, I don’t know matrix particularly well.
anarchrist@lemmy.dbzer0.com
on 22 Aug 2024 17:18
collapse
BastingChemina@slrpnk.net
on 22 Aug 2024 06:23
collapse
SimpleX as a very user friendly interface, uses decentralized server, does not requires your phone number or email and the server is really easy to set up (but not needed, for the regular user it just looks like any other messaging app)
Edit: I forgot to say that their app AND servers are open source.
helenslunch@feddit.nl
on 22 Aug 2024 06:29
collapse
How do they monetize?
BastingChemina@slrpnk.net
on 22 Aug 2024 06:57
collapse
helenslunch@feddit.nl
on 22 Aug 2024 07:12
collapse
So it’s a VC-backed for-profit that plans to go freemium. Seems like a good reason not to use it to me.
EngineerGaming@feddit.nl
on 22 Aug 2024 07:59
nextcollapse
I low-key hope someone would fork it and make it live a life of its own.
BastingChemina@slrpnk.net
on 22 Aug 2024 09:54
collapse
I think a fork happening in a few years would be great, right now the app still need a bit of polishing but they are quickly improving it.
BastingChemina@slrpnk.net
on 22 Aug 2024 09:45
collapse
Yes, having a purely non-profit foundation from the start would have been better.
But, for me, it is still a better option than Signal or Matrix for messaging.
Signal is great but they need 10s of millions every year of donations. It means that they rely on the generosity of wealthy individuals to keep going. I’m worried it is not sustainable.
Matrix is better on this aspect since everything is open source, but the UC is not great on my opinion and I don’t fell comfortable switching to it for regular contract with family and friends. To be fair it’s been a while I haven’t used it so I downloaded Element but I am blocked on the account creation (the verification email is not arriving).
To compare I tried creating a new account with SimpleX and in less than a minute I was ready to chat. They rely on investors for now and don’t have a clear business model which is worrying but they are developping fast this way and being fully open source anyone could fork it at any time. The UX is great despite being heavily focused on privacy and security and have features that no other app have, you don’t need an email or phone to chat and if they ever start to enshitify someone can fork it.
Do pragmatically I think it is the best alternative right now and I am curious to see how they evolve.
dsilverz@thelemmy.club
on 22 Aug 2024 00:52
collapse
What about Tox and Session, as well as XMPP + GPG?
rottingleaf@lemmy.world
on 22 Aug 2024 06:44
collapse
Tox is a good idea with dubious realization (few devs, large codebase, seemingly stagnating).
I tried to use tox cli client and it’s barely usable. Gui clients just half baked barely products. Adding to the piling bad reputation of the development team ( some fraud, adding backdoor ip leaks ) I think it’s enough to bury tox
rottingleaf@lemmy.world
on 22 Aug 2024 08:04
collapse
Some time ago the project itself seemed nice (toxcore github included) and there were a few nice little clients which even worked, ratox was especially cool (a fifo client), I’ve made an attempt to switch friends\family to tox back then, and we used toxic and utox for voice calls with one my friend instead of skype.
However, since then it seems as if the changes were not positive.
It’s really sad, because it felt as the closest thing to come ideologically to replacing skype with a free and open source technology. I’d say something architecturally similar to tox plus activitypub-connected directory\identity (and maybe history) servers would be a success.
threaded - newest
Just use graphene and matrix, fucking dipshits.
Wouldn’t Signal or SimpleX be a better alternative to Matrix?
Given the state of Matrix clients and Matrix is designed to be federated (plus self-hosting is not simple and requires it’s own security precautions).
If you’re running a multimillion dollar drug operation and you’re too incompetent to set up, or too cheap to pay someone to do in your place what most home-labbers could with a couple hundred bucks of hardware, then you’re going to get caught and you probably deserve it.
Realistically xmpp over i2p or tor on a disposable live-booting OS would be the best answer. Shit even a one-time-use pay-as-you-go gas station burner woulda been better in most cases. Failing that, you should at least plant yourself in a corrupt enough country and just pay off the local law-enforcement.
If you can’t do opsec and own your own comms, then why the fuck would you break international law like that?
Better how? Signal is more user-friendly and stores less metadata but is centralized and dependent on Signal’s servers.
Don’t know much about SimpleX
Simpler to manage and smaller attack surface.
Running your own Matrix server also means running your own host server, database, caches, reverse proxy, firewall, networking stack, etc… Keeping these things running and updated. As well as vetting and updating clients.
Don’t have to run your own server, you can choose from any of hundreds of public ones.
Uhh yeah, but is that wise if you’re trafficking drugs?
Yeah, actually. Will be a lot harder to track it back to you if you’re one of thousands of random users on a public server rather than one you’re hosting using your personal information.
How is it a lot harder to track if the FBI can just subpoena the sysadmin for server/room logs?
With respect, this viewpoint is not defensible from an operational security perspective.
It’s like saying they should use GMail because they have hundreds of millions of users. When the problem isn’t being a needle in haystack, but rather the fact that Google will gladly look through your private data and happily hand it over to the authorities.
“With respect”, ya don’t know what you’re talking about.
Except it’s not like that at all because Gmail is going to collect all the information about you they possibly can and Matrix is going to do the opposite.
If you’re a drug dealer and the FBI sends you a subpoena—you could simply….not respond.
There is actually a bunch of metadata tied to your account and your room. That’s partly how they caught that kid with the Pentagon leaks.
And again, there may be other services between the clients and the matrix server that collect personal data (e.g. reverse proxies, load balancers).
—
If you are someone who ostensibly cares about privacy and security (like a drug dealer) why would you rely on the benevolence and security hygiene of a stranger you can’t audit? Instead of using a known good actor, like Signal or SimpleX, or no actor, like Briar.
I mean sure, but then you’d have bigger problems.
I understand Metadata is a big problem with Matrix (even for me, personally). Metadata is not personal information if it remains detached from your identity.
LOL
I’ve already explained why.
Like I said, there are pros and cons of each. I’m not telling you you should use anything specific. You just have to use whatever works for your situation.
At that point if you’re trusting a rando, just use signal
Who are you trusting with what?
You’re trusting whoever runs the hardware that they’re not snooping on you
Correct… So put EVERYONE into one basket… Or split everyone up into multiple baskets…
Now I dunno about your mom… But mine told me to not put all my eggs into one basket.
You’re not. Everything is encrypted.
How the fuck would you confirm that? Maybe the sysadmin is running a forked version of matrix that just says it’s encrypted but actually logs everything in clear text.
…why would they do that?
Why do people phish, dumpster dive, or social engineer? So they can snoop and grab anything of value.
There is nothing of value.
What makes a man turn neutral? Lust for gold? Power? Or were you just born with a heart full of neutrality?
Baking powder.
I don’t think that’s how it works? It’s the client application that has the key for the end to end encryption, not the server. I don’t think you need to trust the matrix server you use? I could be wrong, I don’t know matrix particularly well.
wired.com/…/matrix-patches-vulnerabilities-that-c…
SimpleX as a very user friendly interface, uses decentralized server, does not requires your phone number or email and the server is really easy to set up (but not needed, for the regular user it just looks like any other messaging app)
Edit: I forgot to say that their app AND servers are open source.
How do they monetize?
FAQ SimpleX funding and business model
https://simplex.chat/blog/20240814-simplex-chat-vision-funding-v6-private-routing-new-user-experience.html
Right now it is investors and donations.
So it’s a VC-backed for-profit that plans to go freemium. Seems like a good reason not to use it to me.
I low-key hope someone would fork it and make it live a life of its own.
I think a fork happening in a few years would be great, right now the app still need a bit of polishing but they are quickly improving it.
Yes, having a purely non-profit foundation from the start would have been better.
But, for me, it is still a better option than Signal or Matrix for messaging.
Signal is great but they need 10s of millions every year of donations. It means that they rely on the generosity of wealthy individuals to keep going. I’m worried it is not sustainable.
Matrix is better on this aspect since everything is open source, but the UC is not great on my opinion and I don’t fell comfortable switching to it for regular contract with family and friends. To be fair it’s been a while I haven’t used it so I downloaded Element but I am blocked on the account creation (the verification email is not arriving).
To compare I tried creating a new account with SimpleX and in less than a minute I was ready to chat. They rely on investors for now and don’t have a clear business model which is worrying but they are developping fast this way and being fully open source anyone could fork it at any time. The UX is great despite being heavily focused on privacy and security and have features that no other app have, you don’t need an email or phone to chat and if they ever start to enshitify someone can fork it.
Do pragmatically I think it is the best alternative right now and I am curious to see how they evolve.
What about Tox and Session, as well as XMPP + GPG?
Tox is a good idea with dubious realization (few devs, large codebase, seemingly stagnating).
I tried to use tox cli client and it’s barely usable. Gui clients just half baked barely products. Adding to the piling bad reputation of the development team ( some fraud, adding backdoor ip leaks ) I think it’s enough to bury tox
Some time ago the project itself seemed nice (toxcore github included) and there were a few nice little clients which even worked, ratox was especially cool (a fifo client), I’ve made an attempt to switch friends\family to tox back then, and we used toxic and utox for voice calls with one my friend instead of skype.
However, since then it seems as if the changes were not positive.
It’s really sad, because it felt as the closest thing to come ideologically to replacing skype with a free and open source technology. I’d say something architecturally similar to tox plus activitypub-connected directory\identity (and maybe history) servers would be a success.
I agree with you. The idea of tox was great, unfortunately implementation was not that much. Indeed imo loss for messanger apps / protos ecosystem
.
archive.ph/tVQZO
Thank you.
❓
I don’t get that message on my VPN nor my torbrowser
You may want to change nodes or your endpoint.
I did not use Tor, just disallowed scripts
I do the audio captcha. Otherwise the images literally never end.
404 yet again with the scoop