I'm sorry but matrix is a convoluted mess. Speaking from experience, when there's a deep focus on protocols and technical architecture before usability it becomes incredibly hard for the consumer side to get started. It's still very much a DIY thing and the promise of Element hosted offerings kind of just defies the point of the federated design for what most came into it for, self hosting.
Honestly, we just need a drop dead simple chat client/server that can be self hosted and may be eventually extended via wireguard/tailscale networks and MagicDNS.
Yeah I don't even know if that upper post was meant to be sarcastic. Telegram, despite the security theater, is amazing UX-wise. It's such a joy to use and I see myself more and more engaging with Telegram contacts just because it's convenient in many subtle yet impactful ways.
I'd disagree. In terms of privacy and anonymity, Matrix is an unguaranteeable nightmare. Just all the IRC bridges alone are a worst case scenario on what can happen with your data.
I'd rather recommend Briar [1] which is really end to end encrypted, and works even offline via bluetooth or Wi-Fi LAN.
The Matrix team seems to be focusing on anything but making it as performant and usable as Telegram or Slack. The project leaders have been told this multiple times but there is always a reason.
Speak for yourself. The recent addition of space-protected rooms eliminated one of the biggest issues preventing my local hackerspace from using it.
(Of course, it did so roughly as we finally qualified for the nonprofit Slack plan, so it was a bit too late to have a real advantage - but it's an option now where it wasn't before.)
while I think there is a lot of room for improvement, I don't think that's true.
Copied from last "This week in Matrix":
- Another big thing in Synapse 1.69 is experimental support for faster remote room joins!
- The new WYSIWYG (What You See Is What You Get) composer is available in Labs soon; It’s in active development and we’ll be adding more functionality soon.
- Notifications research is near conclusion; We trawled hundreds of GitHub issues, discussions, looked at competitors and interviewed some users. We’re really excited to bring improvements to your experience.
- Threads is making great progress and we’re hoping you’ll start seeing these improvements in the next few weeks! Keep your eyes open for updates.
I'm unhappy with the python implementation's performance too (ran it on a $5 VPS for a while and then gave up) but I think the Go implementation is much better and catching up in features really quickly, and I'd be happy to give it a shot again when I have more time.
Matrix/Element iOS builds send all notifications (by Apple's design) through centralized developer-run servers that wake up your client app to talk to your homeserver.
There's no way for you to avoid SPOFs for notifications on Apple devices, because APNS is designed so that the only way you can wake up an app to talk to an API is via notifications sent from the developer of that app.
This means that if the APNS servers go down (unlikely), or that the vector.im notification relay servers go down, nobody using Element on iOS gets any notifications.
It also means that vector.im sees all of the notification events (who got notified when), though I don't believe they see the notification content. The notifications (I speculate) are simply app wakeup events that make the app then contact the homeserver to see what it has new.
This is a problem with iOS, not Matrix or any other chat protocol. If you want more freedom and control over your communications, you wouldn't choose iOS anyway.
I mean, that's great and all, but it would still be pretty annoying if large parts of your network go down, and especially if matrix.org would go down.
But nobody is forcing you to use matrix.org, and if you have the resources it's easy to run a separate instance with peering, so that you get both the benefits of being able to communicate with everyone and have a faster/locally controlled instance with whatever rules you like.
We're keeping one alive with friends, not because we need it, but because we can and it's easy to do so.
We can argue matrix has not the most fancyful clients right now, and it might not be a perfect solution for everybody, however there are many clients to choose from, you can write one easily with many support libraries, it's easy to script, you can have full control.
This is what we should push for. I've recommended signal to a lot of friends, and I currently feel stupid for doing so: It was a hurdle to convince them, and what I achieved was to move some to another privately run network with arbitrary rules and mandated software controlled by a single entity which is now starting to do random crap.
I'm actually convinced that all the open source messaging apps are harder to install than postfix or opensmtpd thus a true pain in the butt. I get that most are trying to sell services but having an easy to install and setup program would make a real difference.
Agreed, simple installs for the win. The true test. How quickly can I get something running on a pure VPS. Maybe even without docker. How do I build it, how I do run it. Are there pre-packaged binaries, even better.
Because it can suffer the same problem WhatsApp had, because it's centralized. If something on their infrastructure goes down, it might have consequences for all users. This is not the case for distributes solutions like Matrix. (I actually use Signal, though, and not Matrix, because the latter, although it has many advantages, has a relatively bad UX compared to Signal, or at least used to, and it's hard to get contacts to get to use it...)
No, this is not a question, this is an answer. At this point, XMPP is not a solution, but a basis for an actual coherent solution to be built on, but it does not exist yet (or anymore).
Matrix is also only a partial answer, because in practice you will direct users to matrix.org, and that makes matrix.org not a single point of failure, but still a huge point of failure and matrix will be down for most people if matrix.org goes down.
Disagree completely. I’d much rather have a link to a trustworthy source than a random person writing “Tell HN: WhatsApp is down”. The post you think should be frontpage is useless imo. Take the time to link to a source instead of trying to beat everyone to the punch to get a little karma.
yeah, but people just can't be bothered to check if maybe the big thing that happened in the last 30 minutes could possibly have been submitted already before posting submission number 10 about it, so that's what happens.
It does exist a twitter[0] account not updated since 2014 that has, ironically, in its bio: "We are working very hard to make this twitter account irrelevant."
Even though I do have WhatsApp I wouldn't have noticed without this HN headline.
Everyone I message with is via iMessage or Signal nowadays and I only have WhatsApp because I am part of a few sports clubs which have a WhatsApp group but we don't chat enough for me to notice a downtime like today.
Makes me happy to see how I've actually managed to rid myself of WhatsApp for the most part.
WhatsApp is end to end encrypted and AFAIK now has encrypted backups.
iMessage intentionally preserves a backdoor in its crypto so that the FBI can read approximately every iMessage sent/received without a warrant, should they so desire.
Both whatsapp and imessage are run by american companies, you can sure both of them are compromised and I wouldn't pass US state secrets via either of them.
For the normal person this matters less of course, intelligence services are not interested in your nudes.
> iMessage intentionally preserves a backdoor in its crypto so that the FBI can read approximately every iMessage sent/received without a warrant, should they so desire.
Email is slowly becoming centralised unfortunately as small providers are pushed out by big companies. So it won't be long until we have global email outages.
Open source, doesn't require a phone number, and a big strength is that it's decentralized, which makes it much less vulnerable to outages like this.
"Session utilises the decentralised Oxen Service Node Network to store
and route messages. This means that unlike P2P messaging applications
you can message Session users when they are offline.
This network consists of community operated nodes which are stationed
all over the world. Service nodes are organised into collections of small
co-operative groups called swarms.
Swarms offer additional redundancy and message delivery guarantees even if some service nodes become unreachable. By using this network, Session doesn’t have a central point
of failure, and Session’s creators have no capacity to collect or store
personal information about people using the app"
I have investigated session previously and gotten the feeling that it's backed by some kind of crypto pyramid scheme. I can't shake that feeling and the front page talk of joining "the movement" isn't helping.
Nothing on iOS is decentralized, all push notifications must be proxied via Apple's APNS servers from the app developer. There's no support in iOS for p2p messaging apps, even Matrix/Element proxy the notifications via centralized developer-run servers (which are then routed via centralized (but non-SPOF) Apple APNS servers).
I supposed it's a Matrix client, but couldn't find anything by glancing the home page.
Btw, the whole idea of "no phone numbers" makes it really hard to spread. It basically means you can't send a message to anyone in your address book that already has Session installed, unless you get his Session username by other means.
It is not a matrix client. I haven't dug too deep into their system, but it looks to me like a centralized server with additional steps (ie. still a single entity owning the server infrastructure)
That's a good thing.
Forcing people to give their phone number to use an instant messaging app/protocol is a sign the company just wants your private data.
Also, by doing that and letting the account existence be publicly known, anyone with their phone number will know that they have an account on that service and lets you try to contact them. That can range from privacy violation to life-in-danger situations.
Coincidental timing for me- anecdotally I noticed a few WhatsApp commercials during the Monday Night Football game last evening. Meta was hyping up how its end to end encrypted. That’s the first time I have seen national tv adverting for WhatsApp. There also were commercials for Meta’s new headsets so maybe it was part of a larger spend.
Readit News
Honestly, we just need a drop dead simple chat client/server that can be self hosted and may be eventually extended via wireguard/tailscale networks and MagicDNS.
XMPP, again and again. But that's not a solution, because the problem is absolutely not technical.
Deleted Comment
https://bugs.telegram.org/c/65
Telegram is great for other no privacy related stuff as bots, channels and groups.
I'd rather recommend Briar [1] which is really end to end encrypted, and works even offline via bluetooth or Wi-Fi LAN.
[1] https://briarproject.org/
https://code.briarproject.org/briar/briar/-/wikis/FAQ#can-i-...
(Of course, it did so roughly as we finally qualified for the nonprofit Slack plan, so it was a bit too late to have a real advantage - but it's an option now where it wasn't before.)
Copied from last "This week in Matrix":
- Another big thing in Synapse 1.69 is experimental support for faster remote room joins!
- The new WYSIWYG (What You See Is What You Get) composer is available in Labs soon; It’s in active development and we’ll be adding more functionality soon.
- Notifications research is near conclusion; We trawled hundreds of GitHub issues, discussions, looked at competitors and interviewed some users. We’re really excited to bring improvements to your experience.
- Threads is making great progress and we’re hoping you’ll start seeing these improvements in the next few weeks! Keep your eyes open for updates.
There's no way for you to avoid SPOFs for notifications on Apple devices, because APNS is designed so that the only way you can wake up an app to talk to an API is via notifications sent from the developer of that app.
This means that if the APNS servers go down (unlikely), or that the vector.im notification relay servers go down, nobody using Element on iOS gets any notifications.
It also means that vector.im sees all of the notification events (who got notified when), though I don't believe they see the notification content. The notifications (I speculate) are simply app wakeup events that make the app then contact the homeserver to see what it has new.
We're keeping one alive with friends, not because we need it, but because we can and it's easy to do so.
We can argue matrix has not the most fancyful clients right now, and it might not be a perfect solution for everybody, however there are many clients to choose from, you can write one easily with many support libraries, it's easy to script, you can have full control.
This is what we should push for. I've recommended signal to a lot of friends, and I currently feel stupid for doing so: It was a hurdle to convince them, and what I achieved was to move some to another privately run network with arbitrary rules and mandated software controlled by a single entity which is now starting to do random crap.
No, this is not a question, this is an answer. At this point, XMPP is not a solution, but a basis for an actual coherent solution to be built on, but it does not exist yet (or anymore).
Matrix is also only a partial answer, because in practice you will direct users to matrix.org, and that makes matrix.org not a single point of failure, but still a huge point of failure and matrix will be down for most people if matrix.org goes down.
[0] https://nitter.net/wa_status
shrug
Everyone I message with is via iMessage or Signal nowadays and I only have WhatsApp because I am part of a few sports clubs which have a WhatsApp group but we don't chat enough for me to notice a downtime like today.
Makes me happy to see how I've actually managed to rid myself of WhatsApp for the most part.
iMessage intentionally preserves a backdoor in its crypto so that the FBI can read approximately every iMessage sent/received without a warrant, should they so desire.
For the normal person this matters less of course, intelligence services are not interested in your nudes.
Would be great if you provide a source for that.
In some countries WhatsApp is used by almost everyone. I wonder how much all those free users cost Meta each year. Just as a side thought :)
There really is no technical reason to use Whatsapp anymore
Deleted Comment
IP networks have much more reach than the PSTN these days. It's not 1995.
Open source, doesn't require a phone number, and a big strength is that it's decentralized, which makes it much less vulnerable to outages like this.
"Session utilises the decentralised Oxen Service Node Network to store and route messages. This means that unlike P2P messaging applications you can message Session users when they are offline. This network consists of community operated nodes which are stationed all over the world. Service nodes are organised into collections of small co-operative groups called swarms.
Swarms offer additional redundancy and message delivery guarantees even if some service nodes become unreachable. By using this network, Session doesn’t have a central point of failure, and Session’s creators have no capacity to collect or store personal information about people using the app"
> Oxen blockchain and the $OXEN privacy token
Btw, the whole idea of "no phone numbers" makes it really hard to spread. It basically means you can't send a message to anyone in your address book that already has Session installed, unless you get his Session username by other means.
Also, by doing that and letting the account existence be publicly known, anyone with their phone number will know that they have an account on that service and lets you try to contact them. That can range from privacy violation to life-in-danger situations.