Signal is to privacy what duct tape is to a broken item - it solves your issues and concerns, but you shouldn't expect it to last. Instead, consider Matrix.
AceKat
link
fedilink
179M

I constantly see this argument but let’s face it, it’s very unlikely that enough people will ever switch to something like Matrix. I like decentralization and the matrix protocol is brilliant, but it brings many problems:

  • Many people will have to care enough to host their own servers (which now is not remotely as common as it should be) otherwise everyone will just use the biggest severs, weakening the advantages of decentralization
  • It’s way harder to implement new features that people care about
  • People are not used to Element’s UI and there aren’t clients good enough to compete with Telegram, Whatsapp or even Signal
  • The performance wouldn’t be as good exept for the biggest servers, causing centralization again
  • If people don’t use it, it becomes useless, which is the same problem other alternatives have. This means that people must want to change naturally to it, meaning clients, ease of use and performance would have to be at least on par with what they’re using at the moment

On the other hand, Signal:

  • Is very similar to the way Whatsapp works, which is what most people are used to
  • The Android and iOS clients are getting better with time (the desktop client needs to abandon electron but it’s hard with only few developers and it’s a lot of work)
  • The protocol is robust and audited
  • It doesn’t leak metadata, as Matrix does
  • Even if it’s centralized and Signal runs their servers on AWS, the only useful information third parties could gather are timestamps and the recipient of the message, not even the sender
  • It’s easy to jump on Signal, the network of contacts already exists and you wouldn’t need to ask for usernames or email addresses
  • Don’t foget that the clients and the server are open source, and even if the Signal Foundation decides to stop working on Signal, shutting down the services (VERY unlikely), we could fork the projects and bring them back up

Centralization can be problematic, but if it’s done correctly the pros may outweigh the cons, and in my opinion this is the case for Signal, but I’d happy to be proved wrong in future

@Looki
link
fedilink
39M

The performance wouldn’t be as good exept for the biggest servers, causing centralization again

In my experience, self hosted matrix is way faster than matrix.org ^^

AceKat
link
fedilink
39M

It depends on what hardware you host it. Most people can’t affort powerful hardware. My experience with self-hosted matrix on a raspi 4 and on an old desktop pc hasn’t been great, and the problems grow with the number of users

CHEF-KOCH
banned
link
fedilink
14
edit-2
9M

Signal just proven again that the feds cannot get any data.

https://signal.org/bigbrother/santaclara/

@Lynda
link
fedilink
49M

I wonder how much longer until governments require corporations to Know Your Customer, especially if they offer crypto.

Afaik there was some shady stuff with Signal. Idk if it’s even true, but I think that centralisation just sucks for privacy and just by having common sense this is an issue. I think that signal it’s a pretty good alternative compared to Whatsapp, Instagram Direct, Facebook Messenger or SMS (if someone uses that) . But I think that we need to move to a decentralized alternative.

@bluebell
banned
link
fedilink
39M

Yeah signal is good, but the thing I dislike about it is that its centralized and you don’t actually have the option to run your own server. Maybe one of the forks of session like session is a good alternative. But I feel like Signal is the best alternative to things like Whatsapp and Facebook messenger and it is arguably a lot more user friendly that matrix and XMPP.

poVoq
link
fedilink
4
edit-2
9M

Compared to the Conversations XMPP client the main “advantage” of Signal in regards to user friendliness is basically that people got used to using their phone numbers for messengers. But that is a bit like printing you phone number on your t-shirt and claiming that is is easier for people to contact you that way…

Also there is Quicksy.im which is Conversations but with a phone-number… if you really want to remove your privacy like that.

@nasp
link
fedilink
5
edit-2
9M

Conversations is indeed a far better alternative here…

  • It uses a very popular protocol, xmpp
  • works with e2e encryption for text, files, video, audio,
  • it can be self hosted,
  • it’s fully open source, and has a couple of popular forks (like blabber)
  • devs got no funding from intelligence agencies (like matrix has)
  • it’s highly efficient (unlike matrix) and runs on the cheapest of vps servers / raspberry pi
@Lynda
link
fedilink
2
edit-2
9M

You can run your own Session server, if you stake it. But Session is about relaying messages, so its not an exclusive server. And because a node is staked, I’m skeptical where Lokinet/Oxen is going (sounds like there’s eventually going to be a business model somewhere in there).

I think the future needs to go towards something serverless. P2P has its drawbacks (offline messages and battery usage). Server based communication has dependence on someone else’s infrastructure. Blockchain might be a solution, combined with either something like Signal Secret Sender, Whisper, or Tor/Lokinet/I2P/relay. Not sure…but I believe it can be a lot better than what we have.

Matrix and XMPP is just not streamlined enough for mass adoption like Signal is. If Signal removes the phone number requirement, that will be HUGE. But keep in mind, Signal could easily be blocked.

CHEF-KOCH
banned
link
fedilink
1
edit-2
9M

I think the ability to run your own server could be added in the future, if they want that. The beauty about software is that most stuff can be fixed.

poVoq
link
fedilink
10
edit-2
9M

Matrix edit: Element aims to be more of a replacement for Slack/Discord than WhatsApp/Signal/Telegram though.

I think XMPP is probably the better replacement for the latter. With apps like Conversations/Blabber.im and Siskin for iOS the “personal messenger” experience is quite good these days (but not perfect), and with e2ee coming to Movim, there is a strong contender for a convenient to use XMPP webapp as well.

@Looki
link
fedilink
79M

Funny thing is, every time Matrix is proposed as an alternative for Slack/Discord, people say the opposite, i.e. that Matrix is more a replacement for WA/Signal/TG.

After using Matrix for a while, IMO it’s closer to a personal messenger, since you have less focus on collections of channels (Servers, Categories) and more on single groups and PMs. True, there is Spaces and Threading in Beta, but that is a pretty recent development in the Matrix world.

But the lines get blurrier anyways, so I don’t think it’s useful to discern between these two kinds of messaging platforms any more

@blkpws
link
fedilink
69M

I use Matrix for different communities (public group chats) also for personal group chats and then for private one to one messaging. It works in any case.

poVoq
link
fedilink
4
edit-2
9M

Ok, maybe I should have said Element, i.e. their official Matrix web-client. Which is clearly much closer to Slack/Discord and also aimed at being a team-chat client like that. You can argue that it isn’t a very good one, but even more clearly it isn’t a good personal messenger like WhatsApp etc.

I share your view that XMPP is superior to Matrix as replacement for WhatsApp (which actually uses XMPP internally but does not participate in federation) in the context of personal/direct 1:1 messaging.

The reason, though, is more technical. Matrix works like a globally synchronized database - it duplicates the message history to all participants of a chat and is stored on the server which makes it incredibly complex, expensive and error prone. XMPP rather works like a simple relay - the message is only stored until delivery. This makes the server part way more lightweight and adminstration easier as you don’t run out of memory as fast as with matrix. (See more)

Regarding the clients I don’t like either. Element is too Slack-ish and the more modern clients like FluffyChat are quite buggy. Conversations one the other side looks outdated with a design from like 2015. I would like to see it adopting more recent iterations of material design such as cards or rounded corners.

After all both protocols unfortunately leak considerable meta data :/

@nasp
link
fedilink
49M

Very good break-down.

Besides the meta-data leaking, I would always use xmpp Conversations app over anything else. I don’t find it too outdated UI wise, but I’m no expert in this area. It does feel intuitive - somewhat like watsapp. But the blabber fork does a sligthly better job in UI

@federico3
link
fedilink
29M

Matrix works like a globally synchronized database

And, among other issues, this is why it leaks tons of metadata and allow for easy correlation attacks and social graph discovery.

ferret
link
fedilink
10
edit-2
9M

I daily drove Matrix for a while and honestly, the UI/UX isn’t so good. Signal is the only platform I can reasonably get people on, and it’s just a better user experience (stickers, nice look, fast messages, link previews, etc.).

I’m honestly sick of people saying some alternatives are great for everyone when they still have work to do, you can’t even easily make encrypted groupchats on there. So much fragmentation, so little polish - still love the devs but like, be realistic

@TaiAurori
link
fedilink
49M

I imagine when someone says Matrix and “UX/UI isn’t good” they usually mean Element, which is the most popular of the multiple clients available (one example being Fluffychat which I hear is somewhat simpler in UX), but choice of client usually doesn’t fix fundamental problems with the protocol itself, so pick your poison.

On the bright side, it seems the Element team recently started really picking up on the complaints yearning for a good fix-up of the Element UX, so the original issue itself might change up soon.

SeerLite
link
fedilink
49M

you can’t even easily do encrypted groupchats on there

I’m curious about this. You’re not the first one to say this, but it’s been the complete opposite experience for me. The “Create room” dialog has encryption enabled by default. All group chats I’ve been in (where there aren’t any bridge bots to other services) work perfectly well with encryption enabled.

I agree the UI/UX sucks though. I’ve been waiting for it to get better for a while but lately I’ve been considering just moving to Telegram.

ferret
link
fedilink
5
edit-2
9M

Right now I’m using Signal for people I personally know and Matrix for some big communities (it’s fine for that). I wouldn’t recommend Telegram because of privacy concerns, though it definitely does have the advantage of a large userbase. But I think Signal has a comparable UI/UX to Telegram so it’s worth making it work

@KLISHDFSDF
link
fedilink
49M

a better user experience (stickers, nice look, fast messages, link previews, etc.). I’m honestly sick of people saying some alternatives a Hard agree. Additional some of his points don’t make sense, like his stance on “what if a better app ever appears” - like, who cares? If there’s a significantly better app, suggest it, if there isn’t, why caution people about something that doesn’t exist?

He also brings up the point about LibreSignal being shut down by Moxie but doesn’t bring up the fact there are 3rd party clients that exist, which the devs are aware about, but haven’t been shut down/blocked and its been years.

Anyways, I would disagree with the message as Signal is currently the best private and cross-platform SMS/text replacement available.

@nasp
link
fedilink
99M

I would like to thank the good people of Lemmy here, who helped me avoid the logistical nightmare of setting up a matrix server, and instead choose xmpp. It’s been so fun and easy to get my family on my xmpp server using Conversations/blabber app. Resource usage is minimal, and it works very easily.

Great article and it is strange that Moxie doesn’t really like Signal forks using their servers. Isn’t what Moxie doing against the license of the project?

Signal is great but as written in the article there are problems with it. But the great thing about Signal is that it is really simple to use and there is nothing to really set up.

Element on the other hand has a kind of complicated UI. I am fine with the UI but I often hear new people complaining about it.

The matrix protocol is great and I love the decentralised aspect of it.

If you install the app on another device, sometimes old messages in an encrypted room won’t appear and then you have to request a key from another session, get the device verified, etc. This process is kinda difficult to understand for me.

@rek2
link
fedilink
69M

Matrix is awesome, but guys try to not use the one node out of thousands(matrix.org) choose another node of people you trust, also avoid using vector.im other than that… matrix FTW.

Some matrix instances

@ChinaNumberOne
banned
link
fedilink
59M

Isn’t what Moxie doing against the license of the project

no. you can moderate your own signal server however you want, moxie own the signal.org server and doesn’t allowed unofficial clients to use it

having said that, you could argue that it goes against the idea of the license and foss software in general

krolden
link
fedilink
79M

yeah right there’s no way to convince the signal users I know to switch platforms yet again. I tried getting some to switch to xmpp which is much simpler than setting up a matrix account and they wouldn’t do it.

@lionelcr
link
fedilink
3
edit-2
9M

I chose matrix over signal because of the centralization problem. That being said, I could convert some friends and family to use matrix but a lot of people went to (or already were on it) signal.

After a few months I decided to install a signal bridge on my matrix server so I guess I’m having kind of best of both worlds, even though it’s not a perfect solution, it is one acomodating both sides.

EDIT: it really bothered me to use my personal phone number as well so I use an other number I had laying around

krolden
link
fedilink
19M

Well the phone number requirement is one of the best parts of signal IMO. Makes it much easier to find your contacts that are also using signal. Plus there’s no account to create.

I just use both and its been fine for me.

Bilb!
link
fedilink
29M

You’re basically competing with “Simply download the app (Signal) and use it.” That’s a tough thing to motivate anyone to do, and I can’t articulate in a convincing way to anyone I know why it’s better. In practical terms as far as they’re concerned, Matrix are XMPP are not any better and my preference that we didn’t use siloed centralized services is purely abstract to them.

CHEF-KOCH
banned
link
fedilink
6
edit-2
9M
  • Matrix has no SMS support, it is a weak argument but it is one because some people prefer All-in-One Apps instead of installing 1000 apps.
  • You can use Signal with burner Sim, the old argument … but but it uses your phone number is nonsense.
  • You can use Signal forks that work without phone number like e.g. Molly.
  • It is correct that Matrix uses AWS, azure and co. as servers, however the metadata impact those servers can see or use or abuse is not given. This is proven, same like that the code is considerable good enough. From what I know the Matrix clients … none of them nor the protocol got audited.
  • Skipping each time a new player pops up instead of fixing the existent protocols and clients is not for everyone a solution.
  • Most Matrix clients, at least on Desktop suck, it ends up with using alternative clients and then there is the problem of fragmentation and that those clients might even be more insecure or do not implement all feature.

I use both Matrix and Signal and they both suck in terms of usability and alternatives clients with better GUIs and resource usage.

Claiming over and over and over Matrix is the solution when it is not and had multiple times already incidents is cringe. There is metadata leakage, there is the group chat encryption problematic and and and, I do not even mention all problems. It will take years to address all of this.

@pinknoise
link
fedilink
49M

You can use Signal with burner Sim, the old argument … but but it uses your phone number is nonsense.

It’s not that easy to get anonymous SIM-cards in many countrys. Also it’s just incredibly inconvenient and insecure. (enables easy impersonation)

But yes most matrix clients (and servers) suck big time.

CHEF-KOCH
banned
link
fedilink
-1
edit-2
9M

You can buy SIMs online via Monera and Bitcoin.

It is really that easy, I do not post websites because it is a gray-zone but Google it and you find entire phones without SIM tracking and websites connected to it selling only the SIMs. Every scammer use this method.

How is that insecure if I may ask. There is no attack scenario, SMS is simply not designed to be secure, you know that before you can send something. Impersonation is on all anonymous networks like Session a problem, this is not an exclusive SMS or Signal problem. God knows how many CHEF-KOCH fakes I already encountered on Telegram and Session. I stopped counting.

Also secure networks like Session do not stop someone from data exfiltration attacks or if you leak information yourself others can use against you. SO those networks and so-called alternatives are by no means any real alternative, Signal is designed for friends, not strangers. My friends have my real-name and my phone number, not sure about your friends…

@pinknoise
link
fedilink
29M

You can buy SIMs online via Monera and Bitcoin.

I know, there are also sms-gateways and if you’re in the EU you can use a SIM from another EU country for quite cheap. It’s still inconvenient, may leak your location and is probably illegal.

Impersonation is on all anonymous networks like Session a problem

Using a mobile number as ID gives a false sense of authenticity. Signal only shows tiny warnings when someones “security code changes” when it should block further communication and show a warning that cannot be clicked away without knowing the implications.

Also secure networks like Session do not stop someone from data exfiltration attacks or if you leak information yourself others can use against you.

It’s impossible to defend against this at the software level.

Signal is designed for friends, not strangers.

Is your communication with friends less sensitive than that with strangers?

CHEF-KOCH
banned
link
fedilink
2
edit-2
9M
  • Farming data without opt-in is also illegal and no one cares.
  • Using no authentication at all is also false sense of authenticity because you do not know who you are talking too which disqualifies Session. Another problem is you need to trust others servers, joining them without any chance to verify that these servers are not a honeypot or alt-right.
  • I agree there is no network nor software which prevents data exfiltration attacks. But this shows that the main issue is on users end, not the network.
  • My point is that you to 100 Percent already shared sensitive information, so there is no privacy intrusion if you use Signal. Signal is proven to be secure and the metadata stuff on the servers are so minimal that the feds cannot do anything at all with it. I do not see to suggest other IMs who had leaks in the last + there are no audits or evidence that it is really as secure as you think it is.

Verification, at some point will so or so become a part in the EU, if not via SMS than age check, ID or whatever they come up with. The dream that you can be fully anonymous than this is what this is about ,not privacy, will end so or so, thanks to alt-right people who abuse every anonymous network to share illegal material, to scam others. The privacy argument is for most nothing but an excuse and the Govt is also not stupid and can see that. How is it helpful suggesting software or alternatives that are ore complicated to setup and you never know who you are talking too better, I do not see it, you run into more problems if you trust anonymous strangers, besides you can block on every Android phone at least Contacts and SMS permission without root if you dislike those permissions or features - some networks or alternatives do not even allow that.

There are problems on both ends, not only centralization and decentralization does not solve all of mentioned problems. No beginner wants to setup his own server to just chat, and no one I know does that, so at the end of the day it anyway ends up trusting a random stranger with your data because you use his server, network with your data.

I think Signal is good for beginners, like ever software it is not perfect and like every network nothing is fully anonymous. I do not see how Matrix beats simplicity, functionality and usability - right-now - over Signals for beginners. In fact by default depending on what server you are connected too on Matrix you are less secure. There is absolute no verification, so complaining about that Signals verification process is not perfect while Matrix ones is not existing or flawed is weird.

@bashrc
link
fedilink
09M

Matrix is quite good. Other alternatives are Briar and Anonymous Messenger. https://briarproject.org https://anonymousmessenger.ly

@Lynda
link
fedilink
19M

I hope they eventually become multi-platform, and good support.

@Lynda
link
fedilink
09M

Skip Signal, skip Matrix, go independent, go P2P.

@null_radix
link
fedilink
29M

with what? tox?

@Lynda
link
fedilink
09M

Tox is well implemented, but we need something that can handle messages when a recipient is offline, and something that won’t consume a lot of energy on a mobile device. Regardless of what options we have today, we need to push for the next gen of P2P, not accept less.

@je_vv
link
fedilink
2
edit-2
9M

deleted by creator

@Lynda
link
fedilink
19M

I didn’t like Briar because it isn’t cross platform. I didn’t like Jami because the configuration is confusing and the UI on Linux is not good. Tox has issues, but I’m over Tor. It is simple…and very fast…even over Tor. Status.im is another to take a look at. They may have solved the offline issues. Like I’ve said, there still a lot of room for a new generation of messengers.

@je_vv
link
fedilink
1
edit-2
9M

deleted by creator

@Lynda
link
fedilink
19M

Status is something I’m trying to better understand. It solves the P2P problem of offline messages, but I haven’t tried the mobile version to measure battery consumption. I would assume the battery usage is better because Status doesn’t require to be constantly online.

I think there needs to be a mind set change for these types of apps. The big shift is to refer to these apps/platforms as decentralized/distributed. Decentralization/distributed includes messaging + currency + websites. Status is also built with Ethereum. So if they have the technology already built, it would seem logical a lot of these apps/platforms are going to include similar crypto/blockchain features. And if you don’t like the dapps and wallet, you can disable the features in the app. So far I haven’t seen a downside.

@federico3
link
fedilink
19M

Use Briar, the only messaging system that protects your metadata and does not need servers.

Does Briar work well? I have never tried it

@Lynda
link
fedilink
-19M

I think it would be nice to have a consumer focused document covering:

  • Product risks.
  • Roadmap of where we want to go.
  • Feature implementation matrix of where we want to go.
  • I would also like to know the challenges to what we want (feasibility? pros/cons?)

In addition: I don’t want to depend on servers.
I don’t want the risk of self hosting a server. I don’t want a server that can be blocked. I don’t want to trust client/server code. I don’t want people/admins to know who I am talking to. I don’t want people/admins to know where I’m talking from. I don’t want admins to know about groups, the subject, or the members. I don’t want to depend on an organization that can be controlled by government or ideology. I don’t want to depend on anything that can be shutdown.

Status and Session seem to be the next evolution (though still not perfect).

@je_vv
link
fedilink
1
edit-2
9M

deleted by creator

Kromonos
link
fedilink
10
edit-2
19d

deleted by creator

CHEF-KOCH
banned
link
fedilink
4
edit-2
9M

XMPP had the issue that it did not supported Video and file-sharing as we know it today. They created more XEPs to address it but the client mess made it impossible for people to really use it. There was no OTR for group-chats implemented nor originally planned and other things.

Above mentioned things changed but in the meantime people switched.

@nasp
link
fedilink
39M

Video, voice , files - all e2e ecrypted now on conversations (xmpp) using OMEO

Works well

CHEF-KOCH
banned
link
fedilink
29M

Not every client supports OMEO and none of those clients got an independent audit.

https://omemo.top/

@je_vv
link
fedilink
7
edit-2
9M

deleted by creator

@peppermint
link
fedilink
3
edit-2
7M

deleted by creator

@0x90
banned
link
fedilink
1
edit-2
7M

removed by mod

Halce
link
fedilink
29M

Shame is, Revolt refuses to support any kind of federation…

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 27 users / day
  • 58 users / week
  • 120 users / month
  • 442 users / 6 months
  • 5.05K subscribers
  • 1.92K Posts
  • 7.74K Comments
  • Modlog