You can “trust” it, because its self hostable, and buildable from source, unlike other not self hostable services. Its origins and funding are important, but less so because of those two attributes.
The metadata leaking is a problem with every federated system, xmpp included. You could even call the metadata leaking a feature, not a bug, since its what makes federation possible.
Whats important is that the metadata being leaked, isn’t linked to your identity, unlike with signal. Matrix doesn’t require phone numbers, or emails to sign up. You also can run an instance without turning on federation, if that’s still a concern.
The cloudflare concerns aren’t an issue as long as you run your own instance, or join one that doesn’t use cloudflare. There’s nothing requiring cloudflare built into the software or the protocol.
Yes this is needed for room persistence across multiple servers, but IMHO that is a solution looking for a problem and also a highly over-engineered one.
Without this solution the transition to p2p would be much more complicated, would it not?
I understand it even though I also hate cloudflare, as ddos attacks are extremely difficult to thwart otherwise. But of course it stands that nothing in the code of any of the homeservers, apps, or protocol requires cloudflare.
Also you listed signal below as something you prefer, and they use cloudflare (and required phone numbers), and since its not self hostable, that’s mandatory.
What’s the best alternative? Jami seems good and I generally trust the FSF and I found Revolt which seems to basically aim to recreate all Discord features and is currently in public beta.
Fosscord aims to be compatible with Discord which is why I think it has an edge over Revolt. It will be possible to use Fosscord client as a free alternative to the proprietary Discord client while in the process of switching over to a self-hosted instance.
signal is centralized, requires your phone number, hosted in the US, has very limited interface and features, and run by a steve jobs type personality. thanks, but no thanks.
I feel the same, Telegram and Matrix got hyped and whatnot but same like Signal they got millions of dollars and are light years behind the competition. Which makes me wonder what they do with the money and why they do not hire competent people, which I would do in such case to address all concerns and design flaws.
Matrix encryption is flawed too, avatars, reactions etc. are NOT encrypted. Matrix might be an alternative until all flaws are fixed, but that might take years from now.
and this requires devices to exchange the shared private key which is inherently risky.
There is some risk, sure. I don’t see how this would be any more risky than a TLS exchange. Obviously the exchange can be implemented badly, but if done correctly it seems like it would work with certs and send the key encrypted.
I think the bigger risk is the key sitting at rest on multiple devices, some of which are easily lost (cell phones) and could then compromise an account.
deleted by creator
deleted by creator
deleted by creator
deleted by creator
And ARPANET, basically the ancestor of the Internet itself.
You can “trust” it, because its self hostable, and buildable from source, unlike other not self hostable services. Its origins and funding are important, but less so because of those two attributes.
The metadata leaking is a problem with every federated system, xmpp included. You could even call the metadata leaking a feature, not a bug, since its what makes federation possible.
Whats important is that the metadata being leaked, isn’t linked to your identity, unlike with signal. Matrix doesn’t require phone numbers, or emails to sign up. You also can run an instance without turning on federation, if that’s still a concern.
The cloudflare concerns aren’t an issue as long as you run your own instance, or join one that doesn’t use cloudflare. There’s nothing requiring cloudflare built into the software or the protocol.
deleted by creator
How does xmpp not store information about federated users joining a room?
deleted by creator
There’s ongoing work to encrypt much of the metadata. https://github.com/matrix-org/matrix-doc/pull/3414
Without this solution the transition to p2p would be much more complicated, would it not?
deleted by creator
I understand it even though I also hate cloudflare, as ddos attacks are extremely difficult to thwart otherwise. But of course it stands that nothing in the code of any of the homeservers, apps, or protocol requires cloudflare.
Also you listed signal below as something you prefer, and they use cloudflare (and required phone numbers), and since its not self hostable, that’s mandatory.
deleted by creator
me too.
deleted by creator
deleted by creator
deleted by creator
What’s the best alternative? Jami seems good and I generally trust the FSF and I found Revolt which seems to basically aim to recreate all Discord features and is currently in public beta.
https://github.com/revoltchat
deleted by creator
Fosscord aims to be compatible with Discord which is why I think it has an edge over Revolt. It will be possible to use Fosscord client as a free alternative to the proprietary Discord client while in the process of switching over to a self-hosted instance.
deleted by creator
I’m actually not sure, nor can I see what encryption they use on the website. Maybe someone smarter than me can check out the code
deleted by creator
deleted by creator
Revolt is not federated.
Thanks!
deleted by creator
Signal is the way to go, Matrix is like Odysee
Signal is more Odysee-like if anything, not federated and having crypto bs builtin.
signal is centralized, requires your phone number, hosted in the US, has very limited interface and features, and run by a steve jobs type personality. thanks, but no thanks.
deleted by creator
deleted by creator
deleted by creator
I feel the same, Telegram and Matrix got hyped and whatnot but same like Signal they got millions of dollars and are light years behind the competition. Which makes me wonder what they do with the money and why they do not hire competent people, which I would do in such case to address all concerns and design flaws.
Matrix encryption is flawed too, avatars, reactions etc. are NOT encrypted. Matrix might be an alternative until all flaws are fixed, but that might take years from now.
deleted by creator
There is some risk, sure. I don’t see how this would be any more risky than a TLS exchange. Obviously the exchange can be implemented badly, but if done correctly it seems like it would work with certs and send the key encrypted.
I think the bigger risk is the key sitting at rest on multiple devices, some of which are easily lost (cell phones) and could then compromise an account.
deleted by creator
deleted by creator