So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option
In signal, You can turn off phone number visibility and make it so that you are only searchable by username or qr code. Yes, it’s centralized, but signal is a nonprofit project with generally good guiding ideals. I use matrix for some things and signal for everything else.
Matrix is great, you can use another instance though.
I am really concerned about the dominance of the central instance on Matrix. It has visibility into pretty much every groupchat - if not in content because of encryption, then in all the metadata. I’d rather use another public homeserver.
Who told you to not use Signal, and what reasons did they give? I’m very curious.
It uses phone numbers and is centralized. I personally dont use it cus of those reasons. Also wouldnt switch cus my folk already use matrix so im nt making a bunch of people get another app lol
Signal is most likely a fed honeypot.
They are super shady, blocked some important security researchers that found a vulnerability from them on all platforms, and they offer no explanation on why using a phone number is MANDATORY for signup.
No reason to trust signal IMO.
FUD is FUD
For normal end user average usage signal is the best option available, specially for family since they may already be used to the flow and UX of it. Simple and straight forward. All the “bad” things you read are about nerds being annoying and not liking a very particular specific thing and thinking that specific thing should be the only focus.
So just make people use signal. It’s the best and simplest way with the most common features for individuals and small groups. A simple download, in a common known place on a store without confusing people with differences between a protocol and a client and with and onboarding experience most are already familiar and ok using.
Even so you still need to make sure that the app does not have battery optimizations turned on, but that applies to all apps used for communication that are not blessed in specific phones (like facebook and whatsapp already having that setting by default because vendors make it so).
I have made so many people use Signal now. I sell it as, “I’m on Android. Signal gives us all of the features of iMessage and facetime” no need to mention the privacy concerns unless they are the kind of person who cares.
Great for now. Much better than doomers here who do nothing but cope.
But this teaches nothing to protect them from new scams, new anti-libre software.
Signal is perfectly fine to use.
Most packages/installs of Signal contain proprietary code. I suggest Molly-FOSS instead.
Molly also has some quality-of-life improvements - such as allowing to enter a device pairing link manually instead of scanning a QR code (thus allowing use in a VM for registration without a smartphone), or being able to use a generic Socks proxy instead of Signal’s own solution. Not only does that allow running Signal over Tor without using Orbot as a “VPN”, but is also more versatile (I wouldn’t want to set up a separate proxy just for Signal, and also their implementation is apparently inferior to some advanced obfuscation solutions).
P.S. Also idk if this has been fixed, but Signal’s app bugged out during registration and got stuck on “no google services” warning on my Graphene device, yet Molly went through flawlessly.
You can also set up MollySockets for notifications via unified push!
I think there is campaign to get people to use signal, while servers are proprietary and other things are questionable.
It is a great operation for convincing the majority.
simplex is good as an alternative
SimpleX has some interesting ideas, but also some shortcomings for people who want a practical messaging service. For example:
- It is funded by venture capital, which calls into question its longevity, and even if it does manage to stick around, suggests that it will be leveraged to exploit people once the user base is large enough.
- Its queue servers delete messages if they are not delivered within a certain time frame (21 days by default). Good luck if you take a vacation off-grid for a few weeks.
- No multi-device support. (This means a single account accessed concurrently from multiple independent devices.) The closest it comes is locally tethering a mobile device to a computer.
- Establishing new contacts requires sharing a large link or QR code, which is not always convenient.
- No support for group calls.
I would not recommend it for talking to family members and people in general, which is what OP requested.
Probably yes, it depends on your threat model.
If you are using E2EE on a matrix.org account then your message content, attachments (images) and most other traffic isn’t accessible to anyone but the people in the chat. However Matrix isn’t the most private option, it has a number of leaks such as reactions and chat topics (these are being worked on but aren’t close to happening).
For most people Matrix is a very private and secure option and the fact that it is federated is a huge plus. If you want something more secure you are probably looking at Signal (which you don’t want to use and isn’t federated) or Simplex Chat (which doesn’t have multi-device support).
Unfortunately even with E2EE, the admins of a homeserver can still impersonate you or take over your channel.
Of course you could run your own instance, or maybe none of this is part of your threat model, but I felt like bringing it up either way.
even with E2EE, the admins of a homeserver can still impersonate you
No, they cannot. Your homeserver admin could create an impostor login session on your account, but it would be pointless with E2EE, because it would be flagged with an obviously visible warning. You and all of your contacts would see that the impostor session was not verified as you (this typically shows up as a bright red icon on the impostor and another one on the room they’re in). Also, the impostor would be unable to read your communications.
What do you have to say about this then?
In an encrypted room even with fully verified members, a compromised or hostile home server can still take over the room by impersonating an admin. That admin (or even a newly minted user) can then send events or listen on the conversations.
Perhaps we have a different definition of “impersonate”… not everyone will pay attention to unverified warnings, and afaik they can still communicate with people (just maybe not read old messages)… but I would love to be proven wrong.
a compromised or hostile home server can still take over the room
A compromised server could affect a denial of service attack against its users, of course. The attacker could do the same thing by simply turning off the server. That’s true on all platforms that use servers. A reasonable response would be to switch to a different server.
That admin (or even a newly minted user) can then send events
Exactly what events do you think would be dangerous?
or listen on the conversations.
No. End-to-end encryption ensures that only the intended endpoints can read the messages. Older Matrix clients have a setting to block the user from sending messages to unverified devices/sessions, in case they somehow don’t understand the meaning of a bright red warning icon. I think newer ones (e.g. Element X) enforce that mode; if you’re concerned about this, you could check for yourself, but…
not everyone will pay attention to unverified warnings
…unfortunately, there are no guarantees when trying to fix human behavior. If you need a messaging app to make it hard for your contacts to do something obviously foolish, then I suggest waiting until Matrix 2.0 is officially released and implemented in the clients. The beta versions of Element X, for example, look like everything is locked down to avoid human mistakes like the one you’re describing.
End-to-end encryption ensures that only the intended endpoints can read the messages
But who/what gets to decide who the intended recipients are? Can’t the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?
But who/what gets to decide who the intended recipients are?
The sender, of course.
Can’t the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?
No. Verification prevents that.
I don’t understand. How would the sender prevent messages from going to the admin user that joined the room? It sounds like you’re implying new users simply can’t join a room? That makes no sense to me… I’ve certainly never experienced that. I see new users join encrypted rooms all the time and they can talk just fine… so what’s the deal? And isn’t verification off by default?
Yeah, sure. But Matrix is decentralized and federated. So you can pretty much join any instance and be able to talk with anyone on any instance. So why not select another instance
or maybe even self host one yourself?edit: didn’t read the text till the end
Why would Matrix be the only option? XMPP is significantly better. You can either sign up on a public server or pay a small sum to have your own private server for you and your family for example on https://snikket.org/ or I think https://jmp.chat/ also includes optionally a small server in the subscription.
I’ve always been curious with the differences between XMPP and matrix but i can’t ever find anything explaining it. Why is it in your opinion better?
I know I am just a normie who doesn’t really know internal workings of them… But in my experience, XMPP is just easier to host, the servers are lighter, they don’t store everything they touch forever like Matrix does, and OMEMO doesn’t break like Matrix’s encryption. Synapse would be probably impossible to run on my VPS, while Conduit and Dendrite are not as full-featured.
