Skip to main content


Is using an Matrix account from matrix.org private and secure enough to talk with my family members and people in general?


So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option
in reply to The Spectre

Yeah, sure. But Matrix is decentralized and federated. So you can pretty much join any instance and be able to talk with anyone on any instance. So why not select another instance ~~or maybe even self host one yourself?~~

edit: didn't read the text till the end

This entry was edited (1 week ago)
in reply to The Spectre

Why would Matrix be the only option? XMPP is significantly better. You can either sign up on a public server or pay a small sum to have your own private server for you and your family for example on snikket.org/ or I think jmp.chat/ also includes optionally a small server in the subscription.
in reply to poVoq

I've always been curious with the differences between XMPP and matrix but i can't ever find anything explaining it. Why is it in your opinion better?
in reply to fxomt

I know I am just a normie who doesn't really know internal workings of them... But in my experience, XMPP is just easier to host, the servers are lighter, they don't store everything they touch forever like Matrix does, and OMEMO doesn't break like Matrix's encryption. Synapse would be probably impossible to run on my VPS, while Conduit and Dendrite are not as full-featured.
in reply to EngineerGaming

in reply to toastal

Yeah, I agree it has some issues. Personally was fine verifying keys tho - either in-person or wherever I met them (usually IRC).

And yeah, the insistence on mobile in Signal bugs me a lot - a desktop is A LOT easier to make private (Linux runs on damn everything) while most phones won't allow making them not spy due to locked bootloader.

in reply to EngineerGaming

I am just thankful so far that Signal has let WhisperFish exist as an alternative—even if it goes against what they say—which gives me an alternative to the Android/iOS duopoly.
in reply to fxomt

Basically Matrix is to Xmpp, what Bluesky is to ActivityPub. Which all the various issues both technically and related to VC and crypto-currency funding.

In addition Matrix uses a federation model that is extremely inefficient, making it hard to run your own server once you have a few users that join larger rooms. And as a side effect of this inefficient federation model that replicates the database onto all participating servers, it tends to centralize all the metadata on the servers (run on AWS under UK jurisdiction) hosted by the for-profit company that is behind Matrix.

And last but not least they rugpulled everyone very recently and made the only fully functional server implementation open-core to upsell larger servers to their proprietary hosted offering.

in reply to poVoq

Interesting, and I didn't know matrix itself into that much short (though they always had a lifeless corpo feeling..)

I've always wanted to create an account but never was able to figure out how (for my chosen servers at least) but know i want to try again. thanks for the info :)

in reply to poVoq

You’re always here to talk to sense into the folks :)
in reply to fxomt

Why is it in your opinion better?


It's an open protocol, unlike 99% of chat protocols. It's self-hostable and federated.
It's IRC's successor and been around a long time, first popularized by Jabber. Snikket made it even easier to use.
It was also EEEed by Meta and Google to lure users at a given point, with leads some to say "it's dead" — far from it.
Edit: you may need to ensure OMEO versions are the same across all clients.

This entry was edited (1 week ago)
in reply to 0x0

Right, but how does that make it better than matrix? it is also an open protocol, and most spaces that i use are on matrix anyway.

attempted to be EEEed is a good sign i guess, since it implies it's a threat to meta and google though.

in reply to fxomt

They succeded in a way, XMPP lost a lot of users back then in the era when communications where migrating from group-focussed IRC to individual-focused Whatsapp (or their respective walled-gardened messengers).
Better than matrix in the ways 2poVoq@slrpnk.net listed above.
in reply to The Spectre

Signal is perfectly fine to use.
in reply to Emberleaf

Most packages of Signal contains proprietary code. I suggest Molly-FOSS instead.
This entry was edited (1 week ago)
in reply to refalo

Molly also has some quality-of-life improvements - such as allowing to enter a device pairing link manually instead of scanning a QR code (thus allowing use in a VM for registration without a smartphone), or being able to use a generic Socks proxy instead of Signal's own solution. Not only does that allow running Signal over Tor without using Orbot as a "VPN", but is also more versatile (I wouldn't want to set up a separate proxy just for Signal, and also their implementation is apparently inferior to some advanced obfuscation solutions).

P.S. Also idk if this has been fixed, but Signal's app bugged out during registration and got stuck on "no google services" warning on my Graphene device, yet Molly went through flawlessly.

This entry was edited (1 week ago)
in reply to EngineerGaming

You can also set up MollySockets for notifications via unified push!
in reply to Emberleaf

I think there is campaign to get people to use signal, while servers are proprietary and other things are questionable.

It is a great operation for convincing the majority.

in reply to Kualk

Servers are always going to be owned by someone. But the data is encrypted with keys not available to the server. Signal isn't perfect, and I don't like some stuff they do, but it's the best design out there that is also relatively user friendly and doesn't have holes that are easy to exploit by the server owner.
in reply to Emberleaf

It is not. We are on a privacy sub on lemmy, services that require mandatory phone number are far away from been fine to use.
in reply to index

Can you please provide any data where Signal has been compromised? I'm not saying that the possibility doesn't exist, but I've certainly never seen one single instance where Signal was compromised, so please do share.
in reply to Emberleaf

Go ahead and send me your phone number. If you don't want to do it please provide data that i'm compromised.
in reply to The Spectre

Probably yes, it depends on your threat model.

If you are using E2EE on a matrix.org account then your message content, attachments (images) and most other traffic isn't accessible to anyone but the people in the chat. However Matrix isn't the most private option, it has a number of leaks such as reactions and chat topics (these are being worked on but aren't close to happening).

For most people Matrix is a very private and secure option and the fact that it is federated is a huge plus. If you want something more secure you are probably looking at Signal (which you don't want to use and isn't federated) or Simplex Chat (which doesn't have multi-device support).

in reply to kevincox

Unfortunately even with E2EE, the admins of a homeserver can still impersonate you or take over your channel.

Of course you could run your own instance, or maybe none of this is part of your threat model, but I felt like bringing it up either way.

This entry was edited (1 week ago)
in reply to refalo

even with E2EE, the admins of a homeserver can still impersonate you


No, they cannot. Your homeserver admin could create an impostor login session on your account, but it would be pointless with E2EE, because it would be flagged with an obviously visible warning. You and all of your contacts would see that the impostor session was not verified as you (this typically shows up as a bright red icon on the impostor and another one on the room they're in). Also, the impostor would be unable to read your communications.

This entry was edited (1 week ago)
in reply to mox

What do you have to say about this then?

In an encrypted room even with fully verified members, a compromised or hostile home server can still take over the room by impersonating an admin. That admin (or even a newly minted user) can then send events or listen on the conversations.


Perhaps we have a different definition of "impersonate"... not everyone will pay attention to unverified warnings, and afaik they can still communicate with people (just maybe not read old messages)... but I would love to be proven wrong.

This entry was edited (1 week ago)
in reply to refalo

This entry was edited (1 week ago)
in reply to mox

End-to-end encryption ensures that only the intended endpoints can read the messages


But who/what gets to decide who the intended recipients are? Can't the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?

in reply to refalo

But who/what gets to decide who the intended recipients are?


The sender, of course.

Can’t the homeserver admin just join the channel and then the other members would exchange keys automatically and now they can see what people say?


No. Verification prevents that.

This entry was edited (1 week ago)
in reply to mox

I don't understand. How would the sender prevent messages from going to the admin user that joined the room? It sounds like you're implying new users simply can't join a room? That makes no sense to me... I've certainly never experienced that. I see new users join encrypted rooms all the time and they can talk just fine... so what's the deal? And isn't verification off by default?
in reply to refalo

How would the sender prevent messages from going to the admin user that joined the room?


It wouldn't matter if a rogue admin eavesdropped on an E2EE room, because they would see encrypted blobs where the message content would be. That's what E2EE is for.

en.wikipedia.org/wiki/End-to-e…

How would the sender prevent messages from going to the admin user that joined the room?


You're conflating multiple things. Merely joining a room does not grant access to message decryption keys.

I respect your curiosity, but I think you're going to have to familiarize yourself with the software and concepts to get a detailed understanding of how all this stuff works. If you're technically inclined, I suggest reading the protocol spec, or at least the parts that interest you. You could also drop in to the public chat room and ask more questions there: #matrix:matrix.org

This entry was edited (1 week ago)
in reply to mox

I have read the spec, used the service and also implemented my own clients before, that is why I'm so confused by what you're saying, because this has not been my experience at all. If a user joins a channel, whether they are an admin or not, whether it is encrypted or not, then unless the channel is explicitly setup to only allow verified users to talk (not the default), my understanding is there is nothing preventing that new user from seeing all new messages in the chat.
in reply to refalo

That isn't what that document says. It says that they can impersonate you in non-E2EE scenarios. The clients I use warn me when a message isn't properly encrypted so someone without E2EE keys can't impersonate someone in an E2EE room.

That being said the general concept is a problem. I would love to see progress where all events from a user are signed by a device key and non-forgable. There is some thinking about this with portable identities (such as MSC2787) where you server is basically just storing and forwarding events but the root of trust is your identity and keys that you control. But none of this will land soon, not for many years.

in reply to The Spectre

For normal end user average usage signal is the best option available, specially for family since they may already be used to the flow and UX of it. Simple and straight forward. All the "bad" things you read are about nerds being annoying and not liking a very particular specific thing and thinking that specific thing should be the only focus.

So just make people use signal. It's the best and simplest way with the most common features for individuals and small groups. A simple download, in a common known place on a store without confusing people with differences between a protocol and a client and with and onboarding experience most are already familiar and ok using.

Even so you still need to make sure that the app does not have battery optimizations turned on, but that applies to all apps used for communication that are not blessed in specific phones (like facebook and whatsapp already having that setting by default because vendors make it so).

in reply to devfuuu

I have made so many people use Signal now. I sell it as, "I'm on Android. Signal gives us all of the features of iMessage and facetime" no need to mention the privacy concerns unless they are the kind of person who cares.
in reply to λλλ

Great for now. Much better than doomers here who do nothing but cope.

But this teaches nothing to protect them from new scams, new anti-libre software.

This entry was edited (1 week ago)
in reply to The Spectre

Who told you to not use Signal, and what reasons did they give? I'm very curious.
in reply to nutbutter

It uses phone numbers and is centralized. I personally dont use it cus of those reasons. Also wouldnt switch cus my folk already use matrix so im nt making a bunch of people get another app lol
in reply to bruhSoulz

Matrix is centralized too in practice … & syncs even more metadata than Signal so I wouldn’t call that an upgrade—especially when you see how slow the clients & servers are.
in reply to toastal

Matrix is centralized too in practice


There are plenty of different available homeservers and you can host yours.

in reply to index

This entry was edited (1 week ago)
in reply to toastal

It takes 2 to tango. It’s like trying to send an email from a self-hosted email server without following all of Google’s rules/guidelines…


Don't say bullshit, a chat is not mails, matrix federation works similarly to lemmy

in reply to index

DeltaChat literally turns email into something more akin to chat mostly by just changing the UX. Matrix is less like chat tho & more like editing a document & syncing changes with someone but this is besides the point…

Lemmy would have the exact same issue if 90% of users were on Lemmy.ml or servers they hosted, but it is fairly distributed & not as heavy to run (nor does it have some startup mentality behind it trying to ‘disrupt’ chat by inventing new words like “bridges” instead of “gateways” & so on to put off casual users from the scent that chat has a well-worn path development for decentralization since the ’80s)

in reply to nutbutter

Signal is most likely a fed honeypot.

They are super shady, blocked some important security researchers that found a vulnerability from them on all platforms, and they offer no explanation on why using a phone number is MANDATORY for signup.

No reason to trust signal IMO.

in reply to somegeek

When signal publishes their client source, you'll need to explain how E2EE on open source clients can be a honeypot

github.com/signalapp/Signal-An…

in reply to jabib (he/him)

The open source client doesn't mean jack shit dude.
Telegram also has open source client.
Your data lives on their servers not clients and also, even if the server code is open source, there are many ways for a backdoor and violations of privacy in the infrastructure. When you give up your phone number, there is no privacy.
in reply to The Spectre

I am really concerned about the dominance of the central instance on Matrix. It has visibility into pretty much every groupchat - if not in content because of encryption, then in all the metadata. I'd rather use another public homeserver.
in reply to The Spectre

you don't need to use matrix.org. there are several open homeservers, like chat.mozilla.org, but also there are people who host services for others to use. you may have a look at current lemmy hosts, and their other services if they have them.
in reply to ReversalHatchery

AFAIK, chat.mozilla.org was set up on modular.im, now element.io, which if it still using the same host, is owned by Matrix.org. So even using a different host means Matrix.org might still have your metadata.
in reply to The Spectre

In signal, You can turn off phone number visibility and make it so that you are only searchable by username or qr code. Yes, it's centralized, but signal is a nonprofit project with generally good guiding ideals. I use matrix for some things and signal for everything else.
in reply to wreckingball4good

Yeah, but it is still just one account per number, so it would make managing alts annoying. Not only is the main client (as well as the major unofficial ones, haven't found one that doesn't do that) not support multiacc directly, forcing use of profiles or VMs, but you're also at risk of whoever rents the associated phone number after you deleting the account (that or you could pay a recurring fee just to retain the number, which is just wasteful).
in reply to The Spectre

If it's low privacy needs (ie you don't have a state threat model), Signal is completely fine. I use it to talk to my friends. I also use Matrix, though federated Matrix isn't the best for privacy either due to the amount of metadata that leaks through federation. But federated Matrix is also fine for the kinds of things you would use eg Discord or IRC for.

If you do have a state threat model, I personally think SimpleX is ideal for that, but it doesn't have as much of a userbase so you probably need people who care enough (eg people actively under threat) to switch to a new platform. Whereas most people I know are already on either Signal or Matrix, and I'm not having particularly sensitive conversations with them either so both work fine.

in reply to The Spectre

in reply to The Spectre

Matrix and Simplex is fine but I would recommend Signal for family and friends. Threema is also option but not user friendly for friends and family who wants easy user discovery than sharing userIDs.
in reply to The Spectre

both are good, even Signal. For private conversations, you only need to avoid Telegram and other obvious ones
in reply to kekmacska

What are the biggest threats in telegram? Corporations, widespread scams or individual ppl closer to me?
in reply to bigFab

telegram has a lot of illegal stuff on it. Plus the ceo has been caught and this way, the whole thing was compromised
in reply to kekmacska

Okey, but I mean what are the threats to my privacy if I use telegram?
in reply to bigFab

your data can land at french police, who caught Pavel Durov. i only use telegram to track custom rom updates, for that it is fine. but don't use it for private conversations
in reply to kekmacska

That is a shame, but still not a big surprise. In comparison Apple has been sharing all kind of iPhone push notifications with the US government. I guess no other app will save your privacy from gvt.
iPhone notifications to US gvt.
in reply to The Spectre

@The Spectre

Signal is fine to use. These days I mostly recommend Delta Chat though. Delta Chat is free, encrypted, open source, audited, decentralised & federated in the same way as email is as it literally is email, it just looks like a chat, and it will work almost out of the box for anyone who has an email address (which is most people). This includes gmail/icloud/outlook etc. There are also chatmail servers you can sign up on if you'd prefer that.

It is no more complicated to configure than it is to configure any other email client. It has group chats, you can even share applications in the chat such as playing games or collaborate etc, all within the security of knowing your email provider can not read your conversations, whilst you still get the benefit of using the existing infrastructure of email.

Check it out: delta.chat/en/

PS. I'm not affiliated with them in any way. In fact, I have no idea if/how they make money. The service "just works" though.

PPS. They are also present in the Fediverse at @Delta Chat

Privacy reshared this.

in reply to The Spectre

Private against who?

Privacy communities need to really drill in the idea of threat models instead of pretending privacy is some linear scale and the ultimate goal is to bury your phone and computer in a lead-lined concrete block underground. Privacy and security are meaningless concepts unless you know who your are protecting it from and what their capabilities might be. I don't need to hide from NSA Tailored Access Operations because I'm not trying to x the y of the USA. I do need to protect myself from basic scam attackers, copyright trolls and neo-nazi stalkers. And Matrix, along with certain basic opsec guidelines, does that and more for me.

in reply to The Spectre

Matrix/Element is pretty private, but not wide spreaded. For the use with friends and Family is more realisticto use Signal or any other decentralized Chat.
in reply to The Spectre

Matrix.org is centralized like Signal (you can say Matrix is not centralized on paper, but in practice this isn’t remotely true). Both are stockpiling metadata in the West… what’s worse is Matrix’s eventual consistency model means syncing metadata to all servers is a by-design requirement (& also why all servers & clients are slow). There are options like Snikket to take all the hard parts of self-hosting out of the equation, but finding someone you can trust to host a server might be worthwhile. I would be wary of anything centralized.