this post was submitted on 02 Feb 2024
0 points (NaN% liked)

Matrix

3284 readers
1 users here now

An open network for secure, decentralized communication

founded 4 years ago
MODERATORS
 

Element for Android doesn't support searching in encrypted channels and I think you can't use E2EE in the browser at all(?), plus basically every other client has even more drawbacks when it comes to E2EE.

My team recently tried RocketChat, but E2EE is obviously an afterthought for that project as it has even more limitations than non-Element Matrix clients (no searching, no pinning, no file upload, no edit, etc.). Plus Jitsi integration seems to be buggy right now (at least on my Windows installation).

What else is out there that's not on my radar? Is Matrix with Element really the best option right now? Is there no project that puts E2EE above all else?

Edit: Should be self-hostable and (FL)OSS.

top 10 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 9 months ago (1 children)

E2EE works fine in browsers, but you run into the same challenges and worse when it comes to usability features like search. On desktop there's (imperfect) indexing of encrypted messages so that you can search encrypted rooms, but I don't think Android has that.

The server-side search feature, which most Android apps use, can't search through your encrypted messages for obvious reasons. Element for Desktop and its forks maintain a local search cache, but this is quite CPU intensive to generate, especially if you're signing into an existing account. I can see why they haven't implemented this on mobile phones, you'd need to leave your phone hooked up to a charger overnight to generate such a cache without draining your battery.

I think this is the result of Element doing exactly what you suggest: support E2EE above all else, "all else" including "being able to search through chats".

You may want to consider XMPP as an alternative to Matrix. I have no idea if and how E2EE search works on popular XMPP apps, but it's worth a try.

[–] [email protected] 0 points 9 months ago (1 children)

I can see why they haven’t implemented this on mobile phones

I think the iOS client has that feature, but I unfortunately don't have an iPhone to test that claim.

XMPP

What clients/servers are recommended on each platform (for full encryption support)?

[–] [email protected] 0 points 9 months ago

XMPP is old and has many clients. I think ejabberd is still the go-to server solution, but I haven't kept up to date since switching to Matrix. Prosody also seems popular?

I've heard good things about Conversations as a client app for Android. I've seen Dino recommended a lot as a desktop application.

It's hard to say what client serves your purpose best because there are hundreds of extensions to XMPP that have to do with all kinds of things, from "keeping the same history between devices" (which wasn't in the original protocol!) to "use XMPP as a notification backend for third party apps" and "PubSub social media". Check out https://xmpp.org/software/ for a list of the most common apps.

You'll want to make sure to pick a client with modern (OMEMO) encryption support for the best interoperability with other people.

[–] [email protected] 0 points 9 months ago (1 children)

Surely there is an XMPP client that does MAM. Been a while since I’ve looked into it to be fair.

[–] [email protected] 0 points 9 months ago (1 children)

MAM does not seem to be a finalized standard, plus I don't understand how this is related to E2EE at all. I'm not terribly familiar with jabber, maybe you can enlighten me.

[–] [email protected] 0 points 9 months ago

https://wiki.xmpp.org/web/XMPP_E2E_Security

XMPP has omemo and pgp as e2ee.

I've hosted https://prosody.im/ before I went to matrix.

You will need to enable some of the extensions, if you want to have group chats, chat history and so on. But after initial configuration prosody will just work (tm) and is absolutely lightweight.

The only reason I stopped using XMPP was, that no one uses it, which is sad, but I can't do much about it.

Also one important bit is, that most clients are not e2ee by default and you need to enable that you only want to send encrypted messages and not plain text.

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago) (1 children)

Why wouldn't E2EE work in the browser versions of the clients? You just log in, verify from a logged in client, and then everything works. Decryption of message history can take a while, but it gets there eventually, and sending and receiving new messages should work with encryption, right away.

Search is tricky because the client essentially has to download, decrypt, then index, your entire user history. The server can't do the search for you, because it never sees your messages in cleartext.

Syphon does actually do this on mobile, but it's in alpha, and while it can do E2EE you have to export your keys from another client, then import them, to get it working. No easy emoji verification.

You might look at schildi, which is a fork of element with implementations for a a bunch of extra stuff. You'll have to get past the app icon, tho.

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago) (1 children)

I haven't tried Element Web for quite some time, but I remember having some issues with E2EE rooms. Maybe this has been resolved by now or maybe it was just the search not working there as well as on Element for Android. I can't really remember right now.

I am aware of SchildiChat, but AFAIK it doesn't provide search in E2EE encrypted rooms, just like Element (both on Android). On iOS they both support it (I think).

Maybe I should check out Syphon then. How polished is the client otherwise? Can it compete with Element?

Edit: Last Syphon release was October 3rd 2022 and the last commit six months ago: https://github.com/syphon-org/syphon/releases
I'd say that project is unmaintained.

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago) (1 children)

Again, the web client, or any client, can't have search or message history that works at 100% until it has downloaded your user history, decrypted, and indexed it.

I've not had any issue sending and receiving encrypted messages in the web UI, nor accessing message history once I give it some time to catch up on decrypting it.

Syphon is in alpha, and thereby extremely basic, last I checked.

I think you'll have to just try it and see what state it is in, my issues with it were UI related and subjective, but otherwise I recall it being fine.

[–] [email protected] 0 points 9 months ago

Again, the web client, or any client, can't have search or message history that works at 100% until it has downloaded your user history, decrypted, and indexed it.

Doesn't change anything from the fact that the Android client simply doesn't have implemented that feature.