this post was submitted on 15 Dec 2023
0 points (NaN% liked)
Open Source
31188 readers
251 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That is a great chart. Do you think it's up to date? One issue I had was trying to discern very old from current materials.
Thanks, we don't need high level security, just a reasonable modern attempt at it. Due diligence. I had a hard time understanding what kind of encryption we "should" use.
I tried SchildiChat and I liked it except for all the problems that seems inherent to matrix.
Sure, this chart is updated from time to time. (The guy who published it also has a very nice german tech blog: https://www.kuketz-blog.de/ ) But it only contains widely adopted messengers and focuses on open-source. So it doesn't necessarily contain every good messenger out there.
I know. Matrix is quite good. I learned how to operate it, so that's alright for me. But I know there are a few annoying things in there. And I think they did a few design decisions with the encryption that make it difficult to use. In the years I've been using it I've been annoyed many times by incompatible verification techniques or missing encryption support in some clients/libraries. It's getting better but I can understand why you would prefer something else. I'm not an expert on messengers, I hope some of the other suggestions here work for you.
me neither! and I have not desire to become one. :D
It has been a big surprise to see how involved you have to get and how much complex understanding is required just to chat. And in my group of friends I am one of the more power user types. If I struggle to use something, then I can't recommend it to others. So far everyone is really discouraged and I think it is reflecting quite badly on the concept of moving away from corporate/proprietary solutions. And FLOSS. It seems like just not viable for average users. :(
In this kind of situation we don't have unlimited chances to try all different options one by one. because in requires a coordinated effort for multiple people to make accounts, set up devices, learn new software etc. People do not have time for that on demand. I think for most people, you have 1 shot at this kind of thing, if any. And if they are not FLOSS-type people they will be basing their opinions of all of FLOSS alternatives on the experience.
Patience is wearing thin. I think if the next thing we try doesn't work, then it'll be back to facebook/whatsapp/sms for the next 10 years. So I want to find a viable suggestion or be able to manage expectations and adapt to what is realistic.
Well, I get your frustration. But I also disagree.
There are several different things at play. first of all I think Matrix has made some non-optimal design decisions with their protocol. For example I think e2e-encryption should have been mandatory for clients to support from day one. With like 2 mandatory verification processes that are well-documented and taught to the users.
The second thing is, some clients are bloated and also expose weird stuff to the user. For example the device-keys (session-/room- whatever). That should be build on-top the encryption and handled without the user knowing anything about it.
That would leave us with 3 concepts to understand:
And I think with a few limitations that are due to the history of Matrix's development, they strive to become that and aren't far away from it. I don't think it's too complicated. I've taught 15 year old kids how to do the emoji-verification and why that's important.
And it is important... If you take end to end encryption seriously, there is no way around verifying the other end once. You can see which messengers take it seriously and which don't. For example WhatsApp doesn't ask you this. And it can't ever detect if this is really the person they claim to be. The only thing it can do is assume it and make sure the person at the other end doesn't change. And the backup is non-negotiable, too. You either do that yourself, or let your provider do it. But then they have access to your messages.
And this isn't Matrix's or XMPP's fault. security and convenience are somewhat on opposing ends and you can't have both at the same time. It's somewhat like this, and it's a limitation of how the world is:
You're free to choose where you want to be on that triangle. You can have something with many features and very secure. But that won't be easy to use. Or you want something easy, but it won't ever be secure. Matrix tries to be everywhere, but that can't work. You can just disable encryption on Matrix, this will do away with all of that complicated stuff immediately, at the cost of some security. But you could also use WhatsApp or iMessage to talk to your friends. My grandma could use it, but it has other downsides.
I've been with the FLOSS people and advocating for freedom and empowerment of the user for quite some time. It's always a struggle. You always have to actively fight for your freedom. And if you want to stay in control of your data, you have to take matters into your own hands, to some degree. And that is some work. You have to learn concepts and gain a certain amount of literacy. The other option is to give up parts of your autonomy.
With that said, I still think Matrix could do a better job and make it easier. I think it's usable. But I'd be happy, too, if I could recommend it to more of my friends without there being any catch. In fact, I recommended it to other people and like 3 friends use it, my dad, my spouse and like 15 other people I know from real-life. They're not all tech-savy and it works. There have been some issues, but that was some time ago and issues have become less and less over time.
You resumed very well the triangle.
My dream is to build an app/service which is easy to use as Signal but compatble with matrix and xmmp.
I did the emoji thing and even though I went through it correctly it did not proceed reliably. A problem with the client? Network issue? Who knows. Sometimes it works after a few attempts and other times not.
Encryption keys didn't work because my password manager ended up with several keys all associated with the same account but I didn't know what each one was for. (And did the keys each also have another password too? I might be thinking of something else.) They were for the account or the device or the conversation or the client or the session? And my friends were having similar issues; even when I get it set up someone else is having a problem.
I guess with all these things, it gets easier once you get going and stable. You can't do the emoji thing without having a logged in client available. If everyone is bouncing around clients it's a mess. There is nothing stable for any of us to join onto. I have used the occasional established matrix community and I don't have these issues in that case. A lot of the complications come from the fact that we are trying to move together.
I mean the other other option would be to take care of each other and struggle collectively. I do not really think we get freedom one by one. I believe that to be in alignment with FLOSS.
Philosophically it's kind of regressive to say that lost autonomy is deserved by people who fail to learn to the standards you think are reasonable in the areas you think they should know about. There is way too many things in the world we can't all know about all of them.
Oh. That's not how it's supposed to be. I self-host my own (Synapse) matrix server. So I wouldn't know if there are issues with the network or something like that with the established, big servers.
Yeah, That's too many details. It should be: you sign up for a new account, keys are generated and you are requested to back up your master key. Maybe that backup can be protected with an additional password, I don't really know. From that point cross signing and all cryptography should kick in automatically. Everything should be handled without the user needing to worry about additional keys. And in my oppinion the additional inner workings should be hidden from the user. At that point you're set and once you log in with a different device or add a friend, a popup should open telling you to verify the other user/device with the emojis.
That is the most annoying thing with Matrix. I've also had this happen. Some time ago I had clients not support emoji verification. Or I try to write a bot in python and it runs on a server with no means of displaying emojis. I think Matrix isn't strict enough to handle the diversity of clients. In theory diversity is a good thing, but for Matrix... I've also had some issues with that exact thing.
That is especially true for messengers and social media. There is the network effect. A platform has little to no benefit if it doesn't connect people and it's just you ;-)
I agree. I have compared this to the Age of Enlightenment before. There is some basis we need to agree on. Everyone has to agree they want freedom and be ready to put in some work and face the struggles. But not everyone needs to become a computer expert and have this as their primary hobby. Just being a follower should be alright, the only thing is you can't be annoyed by change and experiencing a dry spell every now and then. I think this is consensus and also how it works with parts of the FLOSS ecosystem. There are clubs and individuals who operate the servers and handle all the difficult and tedious parts of hosting. Not everybody can, or wants to do this. As a user it is your obligation to know how to operate your computer and smartphone. But it shouldn't be overly complex. That takes away from the spirit and makes it inaccessible for some people. And we want the opposite of that, spread the freedom amongst everyone who is willing to participate.
I really don't know what to recommend to you. Don't resign and let the technical difficulties keep you from getting what you want. It's the right choice. Maybe you find something better than Matrix for your use-case. I'm kind of in another situation, so my experience doesn't necessarily apply to your situation. Maybe have one person do the work, try out a few servers and Apps/clients and pave the way for the rest of the group. It definitely doesn't work if it's an uncoordinated effort and there are sub-optimal choices and traps out there. And it will scare some people off (rightfully) if they have to start over for the third time.
With our group, we have tested matrix for some months with two people, then a third and then a friend of mine invited all the other people. Most of them use matrix.org as their Homeserver. And we keep the room unencrypted for maximum compatibility. We don't give admin rights to everyone, that would lead to confusion. One person manages the room and they put in the effort to learn how to manage the room and help people get the app installed on their phones and join the room.