Is using an Matrix account from matrix.org private and secure enough to talk with my family members and people in general?
So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option
asudox
in reply to The Spectre • • •Yeah, sure. But Matrix is decentralized and federated. So you can pretty much join any instance and be able to talk with anyone on any instance. So why not select another instance ~~or maybe even self host one yourself?~~
edit: didn't read the text till the end
poVoq
in reply to The Spectre • • •JMP.chat
jmp.chatfxomt
in reply to poVoq • • •EngineerGaming
in reply to fxomt • • •toastal
in reply to EngineerGaming • • •libsignal
if not outright using it, except Signal gets a point of privilege in basically having just one client …one that must be on Android/iOS according to their statements… so they can do a ‘better’ job managing who, what, & how many keys are being used. Many XMPP clients will recommend blind trust by default just because it can be a real hassle to deal with multiple clients & users coming back to less-often-used devices. There have been proposals to fix it, but I haven’t seen anything really take off (meanwhile considering just using the PGP encryption option as less flaky).... show morelibsignal
if not outright using it, except Signal gets a point of privilege in basically having just one client …one that must be on Android/iOS according to their statements… so they can do a ‘better’ job managing who, what, & how many keys are being used. Many XMPP clients will recommend blind trust by default just because it can be a real hassle to deal with multiple clients & users coming back to less-often-used devices. There have been proposals to fix it, but I haven’t seen anything really take off (meanwhile considering just using the PGP encryption option as less flaky).EngineerGaming
in reply to toastal • • •Yeah, I agree it has some issues. Personally was fine verifying keys tho - either in-person or wherever I met them (usually IRC).
And yeah, the insistence on mobile in Signal bugs me a lot - a desktop is A LOT easier to make private (Linux runs on damn everything) while most phones won't allow making them not spy due to locked bootloader.
toastal
in reply to EngineerGaming • • •poVoq
in reply to fxomt • • •Basically Matrix is to Xmpp, what Bluesky is to ActivityPub. Which all the various issues both technically and related to VC and crypto-currency funding.
In addition Matrix uses a federation model that is extremely inefficient, making it hard to run your own server once you have a few users that join larger rooms. And as a side effect of this inefficient federation model that replicates the database onto all participating servers, it tends to centralize all the metadata on the servers (run on AWS under UK jurisdiction) hosted by the for-profit company that is behind Matrix.
And last but not least they rugpulled everyone very recently and made the only fully functional server implementation open-core to upsell larger servers to their proprietary hosted offering.
fxomt
in reply to poVoq • • •Interesting, and I didn't know matrix itself into that much short (though they always had a lifeless corpo feeling..)
I've always wanted to create an account but never was able to figure out how (for my chosen servers at least) but know i want to try again. thanks for the info :)
toastal
in reply to poVoq • • •0x0
in reply to fxomt • • •It's an open protocol, unlike 99% of chat protocols. It's self-hostable and federated.
It's IRC's successor and been around a long time, first popularized by Jabber. Snikket made it even easier to use.
It was also EEEed by Meta and Google to lure users at a given point, with leads some to say "it's dead" — far from it.
Edit: you may need to ensure OMEO versions are the same across all clients.
Snikket Chat
Snikket Chatfxomt
in reply to 0x0 • • •Right, but how does that make it better than matrix? it is also an open protocol, and most spaces that i use are on matrix anyway.
attempted to be EEEed is a good sign i guess, since it implies it's a threat to meta and google though.
0x0
in reply to fxomt • • •Better than matrix in the ways 2poVoq@slrpnk.net listed above.
fxomt
in reply to 0x0 • • •Emberleaf
in reply to The Spectre • • •like this
themadcodger likes this.
refalo
in reply to Emberleaf • • •Molly
Molly Instant MessengerEngineerGaming
in reply to refalo • • •Molly also has some quality-of-life improvements - such as allowing to enter a device pairing link manually instead of scanning a QR code (thus allowing use in a VM for registration without a smartphone), or being able to use a generic Socks proxy instead of Signal's own solution. Not only does that allow running Signal over Tor without using Orbot as a "VPN", but is also more versatile (I wouldn't want to set up a separate proxy just for Signal, and also their implementation is apparently inferior to some advanced obfuscation solutions).
P.S. Also idk if this has been fixed, but Signal's app bugged out during registration and got stuck on "no google services" warning on my Graphene device, yet Molly went through flawlessly.
mac
in reply to EngineerGaming • • •0x0
in reply to refalo • • •Kualk
in reply to Emberleaf • • •I think there is campaign to get people to use signal, while servers are proprietary and other things are questionable.
It is a great operation for convincing the majority.
irotsoma
in reply to Kualk • • •index
in reply to Emberleaf • • •Emberleaf
in reply to index • • •index
in reply to Emberleaf • • •kevincox
in reply to The Spectre • • •Probably yes, it depends on your threat model.
If you are using E2EE on a matrix.org account then your message content, attachments (images) and most other traffic isn't accessible to anyone but the people in the chat. However Matrix isn't the most private option, it has a number of leaks such as reactions and chat topics (these are being worked on but aren't close to happening).
For most people Matrix is a very private and secure option and the fact that it is federated is a huge plus. If you want something more secure you are probably looking at Signal (which you don't want to use and isn't federated) or Simplex Chat (which doesn't have multi-device support).
refalo
in reply to kevincox • • •Unfortunately even with E2EE, the admins of a homeserver can still impersonate you or take over your channel.
Of course you could run your own instance, or maybe none of this is part of your threat model, but I felt like bringing it up either way.
I Stopped Using Matrix - Tatsumoto - programming.dev
programming.devmox
in reply to refalo • • •No, they cannot. Your homeserver admin could create an impostor login session on your account, but it would be pointless with E2EE, because it would be flagged with an obviously visible warning. You and all of your contacts would see that the impostor session was not verified as you (this typically shows up as a bright red icon on the impostor and another one on the room they're in). Also, the impostor would be unable to read your communications.
refalo
in reply to mox • • •What do you have to say about this then?
Perhaps we have a different definition of "impersonate"... not everyone will pay attention to unverified warnings, and afaik they can still communicate with people (just maybe not read old messages)... but I would love to be proven wrong.
mox
in reply to refalo • • •A compromised server could affect a denial of service attack against its users, of course. The attacker could do the same thing by simply turning off the server. That's true on all platforms that use servers. A reasonable response would be to switch to a different server.
Exactly what events do you think would be dangerous?
No. End-to-end encryption ensures that only the intended endpoints can read the messages. Older Matrix clients have a setting to block the user from sending messages to unverified devices/sessions, in case they somehow don't understand the meaning of a bright red warning icon. I think newer ones (e.g. Element X) enforce that mode; if you're concerned about this, you could check for yourself, but...
... show more...unfortuna
A compromised server could affect a denial of service attack against its users, of course. The attacker could do the same thing by simply turning off the server. That's true on all platforms that use servers. A reasonable response would be to switch to a different server.
Exactly what events do you think would be dangerous?
No. End-to-end encryption ensures that only the intended endpoints can read the messages. Older Matrix clients have a setting to block the user from sending messages to unverified devices/sessions, in case they somehow don't understand the meaning of a bright red warning icon. I think newer ones (e.g. Element X) enforce that mode; if you're concerned about this, you could check for yourself, but...
...unfortunately, there are no guarantees when trying to fix human behavior. If you need a messaging app to make it hard for your contacts to do something obviously foolish, then I suggest waiting until Matrix 2.0 is officially released and implemented in the clients. The beta versions of Element X, for example, look like everything is locked down to avoid human mistakes like the one you're describing.
refalo
in reply to mox • • •But who/what gets to decide who the intended recipients are? Can't the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?
mox
in reply to refalo • • •The sender, of course.
No. Verification prevents that.
refalo
in reply to mox • • •mox
in reply to refalo • • •It wouldn't matter if a rogue admin eavesdropped on an E2EE room, because they would see encrypted blobs where the message content would be. That's what E2EE is for.
en.wikipedia.org/wiki/End-to-e…
You're conflating multiple things. Merely joining a room does not grant access to message decryption keys.
I respect your curiosity, but I think you're going to have to familiarize yourself with the software and concepts to get a detailed understanding of how all this stuff works. If you're technically inclined, I suggest reading the protocol spec, or at least the parts that interest you. You could also drop in to the public chat room and ask more questions there: #matrix:matrix.org
Client-Server API
Matrix Specificationrefalo
in reply to mox • • •kevincox
in reply to refalo • • •That isn't what that document says. It says that they can impersonate you in non-E2EE scenarios. The clients I use warn me when a message isn't properly encrypted so someone without E2EE keys can't impersonate someone in an E2EE room.
That being said the general concept is a problem. I would love to see progress where all events from a user are signed by a device key and non-forgable. There is some thinking about this with portable identities (such as MSC2787) where you server is basically just storing and forwarding events but the root of trust is your identity and keys that you control. But none of this will land soon, not for many years.
MSC2787: Portable Identities by neilalexander · Pull Request #2787 · matrix-org/matrix-spec-proposals
GitHubdevfuuu
in reply to The Spectre • • •For normal end user average usage signal is the best option available, specially for family since they may already be used to the flow and UX of it. Simple and straight forward. All the "bad" things you read are about nerds being annoying and not liking a very particular specific thing and thinking that specific thing should be the only focus.
So just make people use signal. It's the best and simplest way with the most common features for individuals and small groups. A simple download, in a common known place on a store without confusing people with differences between a protocol and a client and with and onboarding experience most are already familiar and ok using.
Even so you still need to make sure that the app does not have battery optimizations turned on, but that applies to all apps used for communication that are not blessed in specific phones (like facebook and whatsapp already having that setting by default because vendors make it so).
like this
themadcodger likes this.
λλλ
in reply to devfuuu • • •Autonomous User
in reply to λλλ • • •Great for now. Much better than doomers here who do nothing but cope.
But this teaches nothing to protect them from new scams, new anti-libre software.
nutbutter
in reply to The Spectre • • •bruhSoulz
in reply to nutbutter • • •toastal
in reply to bruhSoulz • • •index
in reply to toastal • • •There are plenty of different available homeservers and you can host yours.
toastal
in reply to index • • •It takes 2 to tango. It’s like trying to send an email from a self-hosted email server without following all of Google’s rules/guidelines… which means you won’t be able to send a message to most (sadly). Most folks are either on Matrix.org or a server they host in practice… you alone self-hosting will only help if you only communicate to folks also doing similar… to which if just one user from Matrix.org (or a server they host) joins your chatroom, then literally everything that is being & has been said in that room will now be synced to Matrix.org by its protocol design. With the expense it takes to self-host Matrix for a community, almost all medium-sized communities had to drop it on RAM & storage costs alone which caused most of those users to move to Matrix.org. You can run a single-user host with some efficiency, but most users are not technical enough for this. The only option to use Matrix & keep costs down is to unfederate… at least with Matrix.org (& servers they host), but that now defeats a huge part of the
... show moreIt takes 2 to tango. It’s like trying to send an email from a self-hosted email server without following all of Google’s rules/guidelines… which means you won’t be able to send a message to most (sadly). Most folks are either on Matrix.org or a server they host in practice… you alone self-hosting will only help if you only communicate to folks also doing similar… to which if just one user from Matrix.org (or a server they host) joins your chatroom, then literally everything that is being & has been said in that room will now be synced to Matrix.org by its protocol design. With the expense it takes to self-host Matrix for a community, almost all medium-sized communities had to drop it on RAM & storage costs alone which caused most of those users to move to Matrix.org. You can run a single-user host with some efficiency, but most users are not technical enough for this. The only option to use Matrix & keep costs down is to unfederate… at least with Matrix.org (& servers they host), but that now defeats a huge part of the argument those saying Matrix is federated/decentralized.
It isn’t decentralized in clients or servers either. Almost all servers must run Synapse which is resource intensive but actually has the features folks expect as the de facto reference server & Element is the only viable client considering most users will be using Element-exclusive features like threading, polls, etc. where protocol hasn’t done a great job of providing a progressive enhancement approach to its features & so folks on alternative clients straight-up just don’t see / can’t interact with this stuff.
The accessibility to small–medium-sized communities matters if you want a healthy federated/decentralized network …but luckily there are alternatives.
index
in reply to toastal • • •Don't say bullshit, a chat is not mails, matrix federation works similarly to lemmy
toastal
in reply to index • • •DeltaChat literally turns email into something more akin to chat mostly by just changing the UX. Matrix is less like chat tho & more like editing a document & syncing changes with someone but this is besides the point…
Lemmy would have the exact same issue if 90% of users were on Lemmy.ml or servers they hosted, but it is fairly distributed & not as heavy to run (nor does it have some startup mentality behind it trying to ‘disrupt’ chat by inventing new words like “bridges” instead of “gateways” & so on to put off casual users from the scent that chat has a well-worn path development for decentralization since the ’80s)
somegeek
in reply to nutbutter • • •Signal is most likely a fed honeypot.
They are super shady, blocked some important security researchers that found a vulnerability from them on all platforms, and they offer no explanation on why using a phone number is MANDATORY for signup.
No reason to trust signal IMO.
Yesbutnotreally
in reply to somegeek • • •jabib (he/him)
in reply to somegeek • • •When signal publishes their client source, you'll need to explain how E2EE on open source clients can be a honeypot
github.com/signalapp/Signal-An…
GitHub - signalapp/Signal-Android: A private messenger for Android.
GitHubturbule
in reply to jabib (he/him) • • •somegeek
in reply to jabib (he/him) • • •Telegram also has open source client.
Your data lives on their servers not clients and also, even if the server code is open source, there are many ways for a backdoor and violations of privacy in the infrastructure. When you give up your phone number, there is no privacy.
EngineerGaming
in reply to The Spectre • • •ReversalHatchery
in reply to The Spectre • • •toastal
in reply to ReversalHatchery • • •somegeek
in reply to The Spectre • • •Matrix is great, you can use another instance though.
servers.joinmatrix.org/
Public Matrix Homeserver List
servers.joinmatrix.orgwreckingball4good
in reply to The Spectre • • •EngineerGaming
in reply to wreckingball4good • • •communism
in reply to The Spectre • • •If it's low privacy needs (ie you don't have a state threat model), Signal is completely fine. I use it to talk to my friends. I also use Matrix, though federated Matrix isn't the best for privacy either due to the amount of metadata that leaks through federation. But federated Matrix is also fine for the kinds of things you would use eg Discord or IRC for.
If you do have a state threat model, I personally think SimpleX is ideal for that, but it doesn't have as much of a userbase so you probably need people who care enough (eg people actively under threat) to switch to a new platform. Whereas most people I know are already on either Signal or Matrix, and I'm not having particularly sensitive conversations with them either so both work fine.
irotsoma
in reply to The Spectre • • •Matrix isn't more secure/private than Signal. Both have advantages and disadvantages. Signal has a centralized server, but has no access to the keys to decrypt any of the data flowing through them. Matrix chat rooms live on servers that would theoretically be able to access the data in the rooms, so you need to trust the server owners. Advantage is that multiple servers are involved so no one sever can kill your chat room. With Signal, the disadvantage is if you join a chat room, you can't see any past messages because those are encrypted with keys you don't have access to. Similarly if you move to a new device, that device won't have any of your past conversations because the new device doesn't have the keys for those messages. (though migration is now somewhat possible but done poorly IMHO).
So, they address different concerns. Is your concern keeping your conversations private, or keeping your conversations from being censored? Signal is more secure and private, but more centralized and easier or to fail. Matrix can be secure if you host your own server or explicitly trus
... show moreMatrix isn't more secure/private than Signal. Both have advantages and disadvantages. Signal has a centralized server, but has no access to the keys to decrypt any of the data flowing through them. Matrix chat rooms live on servers that would theoretically be able to access the data in the rooms, so you need to trust the server owners. Advantage is that multiple servers are involved so no one sever can kill your chat room. With Signal, the disadvantage is if you join a chat room, you can't see any past messages because those are encrypted with keys you don't have access to. Similarly if you move to a new device, that device won't have any of your past conversations because the new device doesn't have the keys for those messages. (though migration is now somewhat possible but done poorly IMHO).
So, they address different concerns. Is your concern keeping your conversations private, or keeping your conversations from being censored? Signal is more secure and private, but more centralized and easier or to fail. Matrix can be secure if you host your own server or explicitly trust the owners of all servers that house your chatrooms to keep them secure and to not sell their servers in the future. Matrix is more distributed, so more difficult to be censored or have your data lost by a single point of failure.
Is it "secure enough" depends on what your concerns are. If you host your own, then it's as secure as you are technically able to keep them secure yourself. Otherwise it depends on the server owner.
Jay🚩
in reply to The Spectre • • •kekmacska
in reply to The Spectre • • •bigFab
in reply to kekmacska • • •kekmacska
in reply to bigFab • • •bigFab
in reply to kekmacska • • •kekmacska
in reply to bigFab • • •bigFab
in reply to kekmacska • • •iPhone notifications to US gvt.
Apple admits to secretly giving governments push notification data
Ashley Belanger (Ars Technica)Mathias Hellquist (Friendica)
in reply to The Spectre • •@The Spectre
Signal is fine to use. These days I mostly recommend Delta Chat though. Delta Chat is free, encrypted, open source, audited, decentralised & federated in the same way as email is as it literally is email, it just looks like a chat, and it will work almost out of the box for anyone who has an email address (which is most people). This includes gmail/icloud/outlook etc. There are also chatmail servers you can sign up on if you'd prefer that.
It is no more complicated to configure than it is to configure any other email client. It has group chats, you can even share applications in the chat such as playing games or collaborate etc, all within the security of knowing your email provider can not read your conversations, whilst you still get the benefit of using the existing infrastructure of email.
Check it out: delta.chat/en/
PS. I'm not affiliated with them in any way. In fact, I have no idea if/how they make money. The service "just works" though.
PPS. They are also present in the Fediverse at @Delta Chat
like this
bjoern likes this.
Privacy reshared this.
comfy
in reply to The Spectre • • •Private against who?
Privacy communities need to really drill in the idea of threat models instead of pretending privacy is some linear scale and the ultimate goal is to bury your phone and computer in a lead-lined concrete block underground. Privacy and security are meaningless concepts unless you know who your are protecting it from and what their capabilities might be. I don't need to hide from NSA Tailored Access Operations because I'm not trying to x the y of the USA. I do need to protect myself from basic scam attackers, copyright trolls and neo-nazi stalkers. And Matrix, along with certain basic opsec guidelines, does that and more for me.
Zerush
in reply to The Spectre • • •toastal
in reply to The Spectre • • •activist
in reply to The Spectre • • •