this post was submitted on 06 Apr 2024
77 points (97.5% liked)

Selfhosted

40221 readers
1055 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hi. I have a group of 6 people using Discord to chat. Recently Discord changed a lot and we're looking for an alternative. We have a few requirements:

  • Good client on multiple platforms
  • Easy to use search
  • Self hosted
  • Permanently saved chat history & attachments on server (no expiration)
  • Easy image upload (Ctrl+V to post image from clipboard)

IRC isn't an option as chat history is saved on the client, and there's no good integrated way to share files and preview images. Matrix would be an overkill as we're a small group not interested in federation, and the available clients had a few bugs. Mattermost lacks a good mobile app (their current one had bunch of bugs). XMPP appears to be the best as it is extensible and has many clients available.

However, I tried configuring prosody on my FreeBSD server and it seems like it doesn't permanently save chat history or attachment files. Does anyone know if these can be solved? Or is there any better alternative than XMPP?

Thanks.

you are viewing a single comment's thread
view the rest of the comments
[–] TCB13 4 points 7 months ago* (last edited 7 months ago) (3 children)

Yes, but Matrix a plague of questionable open-source and a metadata disaster.

Matrix’s E2EE does not, however, encrypt everything. The following information is not encrypted: Message senders, Session/device IDs, Message timestamps, Room members (join/leave/invite events), Message edit events, Message reactions, Read receipts, Nicknames, Profile pictures

Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force people into jumping through hoops and kind of drawing all attention to Matrix itself instead of the end result.

Decentralized communication protocol Matrix shifts to less-permissive AGPL open source license Element, the company and core developer behind the decentralized communication protocol known as Matrix, has announced a notable license change that will make the open source project just that little bit less appealing for companies looking to build on top of it.

https://techcrunch.com/2023/11/06/decentralized-communication-protocol-matrix-shifts-to-less-permissive-agpl-open-source-license/

Stop recommending questionable open-source like Matrix. XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.

What people fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation and it can be configured to be secure and private. Everything else is just an attempt at yet another vendor lock-in. Here a quick overview of the architecture.

[–] [email protected] 3 points 7 months ago (1 children)

What also bothers me is how prominent matrix.org instance is. So you got a system that is supposed to be decentralized... Yet defederating from the one central server would break a lot.

[–] TCB13 2 points 7 months ago

The way Matrix is designed is to force people into jumping through hoops and kind of drawing all attention to Matrix itself instead of the end result

That's just another detail where we see that.

[–] [email protected] 3 points 7 months ago (1 children)

Yes, but Matrix a plague of questionable open-source and a metadata disaster.

Matrix does not "leak" metadata. It HAS metadata.

[–] TCB13 2 points 7 months ago

Fair enough 😂😂😂

[–] [email protected] 1 points 7 months ago (1 children)

Does XMPP not have the same metadata?

[–] [email protected] 3 points 7 months ago (2 children)

No, or rather not quite. XMPP is designed on a need-to-see system where basically only the meta-data that a server or client really requires to function is shared with it. This can mean that there is quite a bit of meta-data shared with various servers in a popular group-chat, but that is rather the exception.

Matrix on the other hand is designed as a replicated data-store, meaning that really everything is shared with every connected server by design. The reason for this is so that chats can continue to function even when the original server is removed etc. This was the big original selling point of Matrix, but lately they have been somewhat quiet about it as it largely contradicts privacy concerns and might even be fundamentally GDPR incompatible. In any case it is pretty much a meta-data nightmare.

[–] TCB13 1 points 7 months ago (1 children)

Let me add the following: the problem is that that metadata is all over the place AND you can't remove it from those 3rd party servers. Also there's a ton of questionable stuff like read receipts and reactions that are never encrypted (not sure if this was fixed already). XMPP with OMEMO enables will encrypt everything.

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

Currently the OMEMO as implemented in most clients only encrypts message content, but not the meta-data. There is a newer, sadly incompatible version that encrypts more, but few XMPP clients support it (AFAIK only Kaidan and Moxxy).

[–] TCB13 3 points 7 months ago

About the metadata part: one of the issues with Matrix is that it considers some stuff like read receipts as metadata. In XMPP all that information is special messages inside your conversation thus they get encrypted as well.

[–] [email protected] 1 points 7 months ago (1 children)

Well you also can't remove shit on someone else's email servers so is that not GDPR compatible?

[–] [email protected] 4 points 7 months ago (1 children)

In the case of email you have to actively send something to someone for it to be on their server. In Matrix it is sufficient for a 3rd party to join a chat for them to get the entire chat history (hopefully e2ee) including all meta-data back to the very first day the chat was created.

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago) (1 children)

They're actually working on that, which is nice. It's called lazy loading I think? Not sure if it's implemented yet.

[–] [email protected] 3 points 7 months ago

No, that is only solving the problem of long loading times when first joining a chat (caused by the server having to download the entire chat history and meta-data). Eventually the server still has to synchronize the entire chat. There is no way around it by design.