You must log in or register to comment.
Self hosted matrix works great. /thread
From an outsiders perspective, element has never worked for me and never been stable enough to get anywhere close to discord. Joining servers is buggy AF and Element X is severely hobbied on mobile.
I’ve been refusing to use discord for about 6-8 months and am often invites to join various discords by IRL friends and online communities. I wish Matrix / Element was a viable alternative but I’ve never been able to get it working for anythung other than DMs, and I’m already happy with Signal for that honestly.
As a non developer I want to be sensitive to the amount of work involves, and the number of cooks in the kitchen, but the fact that we don’t have a FOSS- federated slack / discord killer app is leaving so much interaction on the table.
I’ve heard of Revolt but it doesn’t seem to be there with encryption
I always liked the concept of Matrix, and still actively use it, but there’s some serious jank. Synapse is generally bloated and not fun to run an instance, Dendrite is perpetually in Beta, and the clients themselves range from adequate to awful. The default Element client on Android is so broken for me that I’m forced to use Element X, because I can’t even log in with Element.
It’s disappointing, but there’s a ton of issues that aren’t so easy to resolve. New Vector and the Element Foundation are basically two separate entities that have some kind of hard split between them, neither of which seems to have the money necessary to support comprehensive development. The protocol is said to be bloated and overtly complex, and trying to develop a client or a server implementation is something of a nightmare.
I want to see Matrix succeed, I think a lot of people see the potential of what it could be. I’m not sure it’ll ever get there.
I always liked the concept of Matrix, and still actively use it, but there’s some serious jank.
I use Element as well as Beeper, which is at its core an Element client based on network bridging. I’m a big fan of Matrix, but it isn’t as approachable as other messaging services and requires some technical know-how to use effectively.
It seems like the Linux of messaging services.
I am glad someone can admit it failed and we have to learn from this. I am just wondering what it takes to succeed.
start with a discord clone
make it e2ee
make it federated
i feel like it shouldnt be this hard, but I’m not the one developing matrix, nor XMPP, nor the 3rd smaller option you the reader is wanting me to list that I am unaware of
Don’t fucking clone the godaweful mess that is Discord. Please, for the love of God start with something else.
I tried it, joined a couple rooms. Wanted to leave those public rooms but I kept getting notifications of rooms I already left.
Very wonky experience, so I dropped it and I use deltaChat now for my Tech-aware contacts
https://github.com/matrix-construct/tuwunel
Plug for tuwunnel.
Easy to set up, and just works. I can’t share any of the OP’s annoyances - everything is fast. Admittedly, I don’t really use the web client. Just the Android app from F-Droid and the linux AUR package element-desktop.
The thing is… What alternatives are there? Signal can’t be trusted (on the very same website there is an article about it). I’m not using closed source alternatives like session, Simplex is kinda shady too tbh and I’m not even sure I could get anyone to use it.
I don’t like Matrix/Element either but sadly its the best open source chat solution we have.
Counterpoint: this is just some random blogger and you don’t need to follow any of their advice.
Going back to TS3 and IRC. They never left
Why don’t people trust Signal?
Signal itself is solid. For now. The issue is that signal is a centralized infrastructure service that is based in the US.
While it’s rather unlikely that something shady is going on and the current administration manages to pressure someone into installing back doors without anyone noticing, there is a growing chance that at some point the Orange Hitler or his cronies aim at Signal - and simply shut the whole thing down in a single sweep.
Which would mean the whole thing is lost - in theory they of course could rebuild a foundation outside the US, but that would also mean they need people not residing in the US (not like Proton which claims to operate from Switzerland and in reality are US based) and find funding there - enough funding to cover the costs and that is not impeded by US pressure.
This is the scenario that makes Signal a problematic candidate - and sadly the foundation is doing nothing against it.
Its a 18 months old but OP means this on the same site. https://マリウス.com/if-you-must-use-signal-use-molly/
The blogger also stopped using proton mail. So idk. Seems to be their thing atm.
I started reading the article but didn’t finish. This guy is a fool. He’s bitching about vendor lock in? The data isn’t supposed to be portable. That’s the point.
I forgot to add nextcloud talk!
xmpp mentioned, I’ll add IRC
The article author went back to XMPP, which does appear to be the best option currently.
In what universe is XMPP better than Matrix?
XMPP is significantly less decentralized, allowing them to “”“cut corners”“” compared to Matrix protocol implementation, and scale significantly better. (In heavy quotes, as XMPP isn’t really cutting corners, but true decentralization requires more work to achieve seemingly “the same result”)
An XMPP or IRC channel with a few thousand users is no problem, wheras Matrix can have problems with that. On the other hand, any one Matrix homeserver going down does not impact users that aren’t specifically on that homeserver, whereas XMPP is centralized enough that it can take down a whole channel.
Meanwhile IRC is a 90s protocol that doesn’t make any sense in the modern world of mainly mobile devices.
XMPP also doesn’t change much, the last proper addition to the protocol (from what I can tell, on the website) was 2024-08-30 https://xmpp.org/extensions/xep-0004.html
XMPP is still an option
That is what the author said they switch to, but TBH XMPP also has issues with MFA and messages frequently not being decrypted (using OMEMO) and ‘unencrypted metadata’.
I wouldn’t say that it works better than Matrix, it just has some different strengths and weaknesses.
I haven’t had any issues with it, but it all depends of the client and server
I just want a self-hostable open-source alternative to the shitty closed-source IM systems I’m forced to use
I’m sticking with Matrix for now, hopefully some of the issues I’ve had will get ironed out
Revolt is a self hosted discord clone
Nextcloud talk?
I’m not sure how much it would make sense for me as I don’t use Nextcloud for anything else
I agree with all this. The thing which caused me to uninstall was suddenly being pushed lots of abusive message with disturbing contents.
When I complained about it, Matrix told me that my public complaints were hurting the ecosystem and I should be quiet.
Oh fuck that culty nonsense!
I had a wild ride with matrix, originally wanting to run a node on my server. That did not turn out well, because I was a bit stupid and just assumed there would be more admin/mod tools out of the box. As it turned out, I had inadvertently allowed spam/abuse accounts on my node without even noticing, because naive as I was, I assumed my admin-level account would get informed of stuff like user registrations and abuse reports in the standard Element frontend. As a bonus, when I checked what was supposedly the official matrix support channel, it was repeatedly getting spammed with CSAM and gore at the time. That was when I realised, that it definitely was not the ecosystem for me, and running a node without experience had been a pretty stupid idea on my end.
I have to wonder if there is a major commercial interest in that though.
When I complained about it, Matrix told me that my public complaints were hurting the ecosystem and I should be quiet.
Weird. I think they did some improvement to prevent those abusive messages but it took a while and it was embarrassing. Maybe it’s hard to prevent them with a federated network but still, the abusive messages where basically a copy paste.
i want 90s era icq and 2000s era msn back :(
A/S/L?
400/F/krynn oh sorry i was in the red dragon inn room :3
Who was 400 years old from Krynn? Sylvara? It’s been a long time since I’ve read those books.
it’s been a while so i just picked random names for the bit but now i kinda wanna go back and read the dragons o autumn twilight series (mostly to get to time of the twins)
But they both closed source protocols locked down to specific corp
What would you propose, then?
How about jabber/XMPP
How active are communities on these nowadays?
I wish xmpp was p2p. I can self-host but it could be way simpler if people didn’t have to.
I am still mad that are no clients that supports multiple accounts. So I am ending up installing for each account a different client.
I see what you did here. Say something wrong on the internet to get multiple helpful tips.
Fluffy chat allows multiple accounts
Element Desktop has profiles. But sadly there are no profiles on the mobile app.
NeoChat on KDE allows me to choose which account to login to when I start it.
Does it let you be logged in as both ?
For me Matrix is fine, I can use IRC, Whatsapp and Discord with it. But Element is not my cup of tea, especially with Firefox as it doesn’t play any videos other users are sharing. The same videos work fine with Cinny.
I can use IRC
The fact that many Discord and IRC channels (servers?) block Matrix connections has drastically reduced its usefulness for me. When I was running my own Matrix server, I could have gotten around it by using a puppet, but Synapse is such a hog I had to shut it down, and most of the IRC rooms I want to use don’t allow Matrix proxies.
The IRC (Biboumi) and Discord bridges (slidge.im) for XMPP work still fine and running your own server is super lightweight.
running your own server is super lightweight.
Not IME. Are you running Synapse? Gigabytes of disk usage and memory leaks requiring restarts.
I am talking about xmpp servers 🤷
They’re taking about switching to Jabber/XMPP, which is what those two bridges are for, and they’re saying XMPP servers are lightweight.
It’s a bit confusing in context, I’ll admit.
The protocol is bloated to hell so third-party clients stand no chance, and the foundation spends more time bikeshedding or pissing away money than they do developing. It’s a doomed project.
So what’s left? Jabber?
What about delta?
Depends what your goal is. Revolt seems pretty cool, but I don’t think it has any kind of encryption. It is based in Europe, though, so it gets GDPR protection, and it’s open source, so it could be forked to fit other needs and uses.
No, Revolt checks neither of my boxes unfortunately.
Slrpnk hosts an XMPP/Jabber for our users, mods and admins to communicate. Its worked pretty darn well for the past couple years, with very low resource needs.
The clients are pretty slick now too, such as Cheogram or Monocles for mobile, and movim is an excellent web app with support for group calls.
I’d certainly recommend it over Matrix/element.
What’s the protection in the clients assuming compromised infrastructure, like e.g. in https://notes.valdikss.org.ru/jabber.ru-mitm/ ?
I’m afraid that’s quite outside my field of expertise. I can only report how my experience on XMPP has been as a user, though perhaps @poVoq@slrpnk.net, who hosts it, may be able to weigh in on that. Edit: ah, I see you already have 😄
Though from my untrained eye, it seems that Jabber.ru was compromised due to not enabling a particular feature on their server
“Channel binding” is a feature in XMPP which can detect a MiTM even if the interceptor present a valid certificate. Both the client and the server must support SCRAM PLUS authentication mechanisms for this to work. Unfortunately this was not active on jabber.ru at the time of the attack.
And it seems that hosting it externally on paid hosting service (hetzner and linode) left them particularly vulnerable to this attack, and tgat it could’ve been mitigated by self hosting the XMPP locally, as well as activating that feature.
Significant improvements to certificate pinning and validation have been added to all major XMPP clients as a result of this incident, but it should also be clear that hosting a server on infrastructure under control by an antagonist government (see also Signal) is a very bad idea and hard to mitigate against.
Signal doesn’t suffer anything worse than DoS if a hostile party controls the central service. That’s its point and role. It’s based on the assumption that such hostile parties as governments don’t like DoS’ing central services, they prefer to be invisible.
For other points and roles other solutions exist. One can’t make an application covering them all, that never happens.
Briar again (I’ve finally read on it and installed it, and I love how it works and also the authors’ plans on the future possibilities based on the same protocols, but not for IM, say, there’s an article discussing possibility of RPC over those, which, for example, can give us something like the Web ; I mean, those plans are ambitious and if I want them to succeed so much, I should look for ways to defeat my executive dysfunction and distractions and learn Java). Except it would be cool if it allowed to toss data over untrusted parties, say, now if two Briar users in the same group are not in each other’s range, but there’s a third Briar user not in that group between them, their group won’t synchronize (provided they don’t have Internet connectivity). If one could allow allocating some space for such piggybacked data, or create some mesh routing functionality, then it would become a bit cooler.
You are very naive if you think that is all the US government can do in regards to Signal, but suit yourself 🤷
Anything that’s been proven/confirmed?
OK, so what else in your opinion can it do?
End to end encryption between clients (also for groups) seems to partly address the issue of a bad server. As for self-hosting, any rented or cloud sevices are very vulnerable to an evil maid. So either in-house hosting or locked cages with tamper-proof hardware remain an option.
Back to IRC we go…
It is entirely insecure.
The argument has always been, if when chat rooms are public, anyone can join and start logging the chats, encryption does nothing.
It has the ability to connect over TLS, but that’s about it.
I loved using it for its simplicity, except when using all the different flavours of nick registration (Q, NickServ, …).
xmpp isn’t.
(Ok I get xmpp alone is but every modern client supports the same two encryption methods so judge for yourself)
Not when the entirety of your conversations are jargon and in-jokes!
/s
