this post was submitted on 29 Oct 2024
440 points (98.7% liked)

Technology

59094 readers
5089 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] jg1i 52 points 6 days ago (3 children)

Hopefully the clients get much better. I convinced a few friends to get on Matrix last year... and... boy... it was a terrible experience. Everyone ended up going back to Discord and they probably won't trust another recommendation from me.

[–] [email protected] 29 points 6 days ago (2 children)

UX is very difficult, unfortunately, especially for open-source projects where the contributors are usually programmers and not so much UX/product managers.

[–] [email protected] 7 points 5 days ago (1 children)

Look at the telegram client, which is open source and has the best UX for a messenger I know

[–] [email protected] 7 points 5 days ago (1 children)

Isn't telegram a for-profit company?

[–] [email protected] 2 points 5 days ago

The telegram apps are open source

[–] [email protected] 5 points 5 days ago

Yeah, but repeated "This message cannot be decrypted" breaks its primary function as a chat app.

It's getting harder and harder to disable their broken end to end encryption by default too.

[–] [email protected] 16 points 5 days ago

I've been very mindful not to recommend Matrix until the clients and protocol become much more stable. When you're recommending platforms to average users you really need to jump in and try it yourself. If too many problems come up just don't recommend. Or alternatively do recommend if you want them to leave you alone :3

[–] [email protected] 5 points 5 days ago

Yes I'm waiting until it's ready for the average user before I recommend it to anyone.

[–] CluckN 73 points 6 days ago (2 children)

It’s been here since 2003

[–] [email protected] 12 points 6 days ago

I laughed a bit. Thanks.

load more comments (1 replies)
[–] [email protected] 47 points 6 days ago (2 children)

great project getting better all the time!

[–] [email protected] 16 points 6 days ago* (last edited 6 days ago) (2 children)

Encryption is a mess with Matrix. Randomly doesn‘t decrypt messages. Most non-techies don‘t get the process of saving key files or creating secure passphrases.

[–] [email protected] 33 points 6 days ago* (last edited 6 days ago) (5 children)

Looks like someone didn't read the article. See part 4: Invisible Encryption. (Also note the Conclusion paragraph that explains the new functionality is only just starting to appear in clients.)

load more comments (5 replies)
[–] [email protected] 5 points 6 days ago (1 children)

Honestly in my experience all issues with decryption have been solved for more than a year. No matter if im using android, web or desktop. Idk about apple shit but thats just not a priority probably.

Todays desktop release finally enables the new voice/video calls/rooms feature which was the last serious complaint i had.

[–] [email protected] 1 points 11 hours ago

Even this week I still had the issue where I couldn't decrypt messages in Element on android.

[–] Neon 3 points 5 days ago* (last edited 5 days ago) (1 children)

Awful to self-host (resources, administration) and rolling their own crypto

On the UX-Side it's too complicated to explain to my parents.

I'd love for it to succeed, but for now I'll just stick woth Signal

[–] [email protected] 8 points 5 days ago (1 children)

rolling their own crypto

No, it uses well-known, well-proven, standard crypto.

It also uses double-ratchet key management, much like what Signal does.

The reference server is a bit heavy if you're federating with large public rooms, but lighter alternative servers are available.

[–] jimmy90 3 points 5 days ago

they do have a special crypto usage which they have sensibly rewritten in Matrix 2.0

[–] [email protected] 24 points 6 days ago (1 children)

But I haven’t even escaped the original matrix. Or the matrix reloaded.

[–] [email protected] 12 points 6 days ago (1 children)

You're not the chosen one.

load more comments (1 replies)
[–] [email protected] 10 points 5 days ago (6 children)

Could someone smarter than me explain Matrix to me? In particular,

  • What would be the utility for someone, who cares about privacy and currently uses Signal and email for communication?
  • What advantage would it give me over other services?
  • Is Matrix anything good already, or is it something with potential that's still fully in development?
  • How tech savvy does one need to be to use Matrix?
[–] [email protected] 10 points 5 days ago* (last edited 5 days ago) (1 children)

Could someone smarter than me explain Matrix to me?

I wouldn't assume that I'm smarter, but I do have more than a little experience here, so I'll try to answer your questions. :)

It's a real-time messaging platform. The most common use for it is text chat, both in groups (like Discord or IRC) and person-to-person (like mobile phone text/SMS). It supports other uses as well, like voice chat, video conference, and screen sharing, although much of that is newer and gradually showing up in clients.

What would be the utility for someone, who cares about privacy and currently uses Signal and email for communication?

Compared to Signal:

  • Matrix doesn't require a phone number, or even an email address (although some public homeservers want an email address these days, as a recovery method in case you forget your password).
  • Matrix has a variety of clients, so it's more likely that an app fitting your needs exists.
  • Matrix clients typically don't require Google services at all; neither to get the software nor to receive notifications.
  • Matrix cannot be monitored at any single location, so it's more resistant to meta-data tracking at the network level.
  • Matrix cannot be shut down by any single organization, so it's more resistant to censorship and denial-of-service attacks. If a homeserver is ever forced offline, only the accounts on that homeserver go away; all your other contacts remain intact. Same thing if a service operator changes its policies or goes out of business.
  • Matrix (last time I checked) had better support for using multiple devices on the same account. Phone, laptop, and office computer, for example.
  • Matrix homeservers can be self-hosted by anyone, and still participate in the global network.
  • Signal's encryption covers more meta-data at the application level than Matrix currently does. This might be important if you're a whistleblower or journalist whose safety depends on hiding your contacts from well-positioned adversaries.

Compared to email:

  • Matrix has end-to-end encryption, with forward secrecy, built in. It's generally better for privacy than bolting PGP onto email, and it's far easier.
  • Matrix is well suited to instant messaging.
  • Matrix supports features that people have come to expect from modern chat platforms, like reaction emoji and editing after sending.
  • Email has a greater variety of servers and clients.
  • Email apps often have more composition features to support long-form writing.

What advantage would it give me over other services?

We already covered Signal, and there are too many other services to compare every difference in all of them, but here are some more common advantages:

  • Matrix is a completely open protocol, developed through a public and open process, with open-source servers and client apps. This is important to people who care about privacy because it can be scrutinized by anyone to verify that it operates as it claims to, and can be improved by anyone with a good idea and motivation to participate. It's important to people who care about longevity because nobody can take it away.
  • Matrix has multiple clients for every major platform: desktop, mobile, and web.
  • Matrix handles groups of practically any size (including just one or two people).
  • Matrix messages are delivered even when you're offline.

Is Matrix anything good already, or is it something with potential that’s still fully in development?

Until recently: Ever since cross-signing and encryption-by-default arrived a couple years ago, it has been somewhere between "still rough" and "pretty good", depending on one's needs and habits. I have been using it with friends and small groups for about five years, and although encrypted chats have sometimes been temperamental, they have worked pretty well most of the time. When frustrating glitches have turned up, we sorted them out and continued to use it. This has been worthwhile because Matrix offers a combination of features that is important to us and doesn't exist anywhere else. I haven't recommended it to extended family members yet, because not everyone cares as much about privacy or has the patience for troubleshooting in order to get it. However...

Recently: The frequency of glitches has dropped dramatically. Most of the encryption errors have disappeared, and the remaining ones look likely to be solved by the "Invisible Encryption" measures in Matrix 2.0. Likewise with things like sign-in lag and client set-up.

If you're considering whether it's time to try it, I suggest waiting until Matrix 2.0 features are formally released in the clients and servers you want to use, which should be very soon for the official ones. I wouldn't be surprised if I could confidently recommend it to family members in the coming year.

How tech savvy does one need to be to use Matrix?

If you just want to chat, not very. Even one or two of my friends who can barely use email got up and running pretty quickly with a little guidance. Someone who can get started using Lemmy by themselves can probably handle it on their own.

If you want to host your own server, moderately tech savvy.

[–] ozymandias117 1 points 5 days ago (1 children)

I've used Matrix since the app was called Riot.im and there was no encryption

I didn't realize once encryption was added, that there were still metadata leaks as compared to Signal

Could you give me some information on what metadata is unencrypted, or point me towards documentation about that?

[–] [email protected] 1 points 5 days ago* (last edited 4 days ago)

Room membership and various other room state events are not currently end-to-end encrypted, which means a nosy admin on a participating homeserver could peek at them. (They're still not visible on the wire, though, nor on homeservers whose users haven't been invited.)

I don't know if Signal is actually much better here, since I haven't looked at their protocol. They hyped their Sealed Sender feature as a solution to some of this, but it can't really protect from nosy server admins who are able to alter the code, and they fundamentally cannot hide network-level meta-data like who is talking with whom. There's a brief and pretty accessible description of why in the video accompanying this paper.

I don't have a list of Matrix events that remain unencrypted in encrypted rooms. You could read the spec to find them if you're motivated enough to slog through it, but be warned that network protocol specs tend to be long and boring. :) Unfortunately, the few easy-to-digest blog posts about it that I've encountered have been both alarmist and inaccurate on important points (one widely circulated one was so bad that the author even retracted it), so not very useful for getting an objective view of the issue.

However, the maintainers have publicly acknowledged the issue as something they want to fix, both in online forums and in bug reports like this one:

https://github.com/element-hq/element-meta/issues/1214

[–] [email protected] 10 points 5 days ago* (last edited 5 days ago)

What would be the utility for someone, who cares about privacy and currently uses Signal and email for communication?

Matrix is more like discord, no phone numbers, just email, and you can make big groups with different channels within. More meant for communities then something like Signal, that's mostly for 1:1 conversation or small groups

What advantage would it give me over other services? Keeping the discord example i said above, no tracking, possibility to have end to end encryption, and open source code, along with the ability of having different instances that can communicate to each other, just like here on lemmy, so if you don't trust anyone else you can run your own instance

Is Matrix anything good already, or is it something with potential that's still fully in development?

It's mostly good already, but as with many other privacy focused services it lacks a wide adoption, so most of the communities there are about privacy, Linux and that type of stuff.

How tech savvy does one need to be to use Matrix?

The most used client, Element, is IMO very easy to use, you can directly register through there, and you get the choice of choosing between the official matrix.org instance (which on certain occasions is laggy due to the many people using it), or other instances

[–] [email protected] 8 points 5 days ago

What would be the utility for someone, who cares about privacy and currently uses Signal and email for communication?

Your organization can't host a federated Signal server, and email isn't private.

Is Matrix anything good already, or is it something with potential that's still fully in development?

My previous organization has used it for over 4 years without issues, however mostly limited to text.

How tech savvy does one need to be to use Matrix?

Simply using? Not very much, basically like Lemmy.

[–] nutsack 4 points 5 days ago

matrix is for chat rooms full of strangers. signal is for talking to your friends

[–] [email protected] 4 points 5 days ago
  • What would be the utility for someone, who cares about privacy and currently uses Signal and email for communication?

None? Use signal, as long as it works. If the Signal server goes down tho, you could selfhost Matrix.

[–] [email protected] 2 points 5 days ago* (last edited 5 days ago)

Its slack but it can be more secure (e2ee DMs).

Its good already and used as a public channel for most popular Foss projects' chats

[–] nadiaraven 15 points 6 days ago (1 children)

I tried running a matrix server last year. I guess I will try again and see if a normie like me can make it somewhat usable.

[–] Takumidesh 8 points 6 days ago (1 children)

With docker it's quite easy (assuming you are familiar with docker)

But docker / containerization is a skill that becomes really really helpful to learn if you are interested in this type of thing.

[–] nadiaraven 1 points 4 days ago

What was difficult was the constant security checks, it happened like every time I changed devices and occasionally things were encrypted and unable to be read, it felt totally unusable. It's true that I don't quite get docker, I have a few services that run on dcker, but most of them run straight on arch. Yes I know arch isn't ideal for servers, I'll fix it next summer during school break

[–] [email protected] 9 points 5 days ago

If the Matrix Foundation can deliver on all the points of this blog post then Matrix will take off as a platform. The problem I have is that in the past they've been poor at handling issues in any sort of reasonable time frame, or at all.

Hoping they'll eventually turn over a new leaf.

[–] donuts 7 points 5 days ago

Epic timing, I want to dive in and see if I can mirror setting up Discord communities in the most painless way possible. This seems to be a great step in the right direction. Imagine a place.. where you get the best of both worlds and we can leave Discord behind.

[–] [email protected] 8 points 5 days ago

Is it an improvement over xmpp ?

[–] [email protected] 9 points 6 days ago (2 children)

I interviewed with them and wanted to work for them. They said I wanted too much money :(

[–] jg1i 8 points 6 days ago (1 children)
[–] [email protected] 3 points 5 days ago

I asked for an American tech worker salary, and they’re British so they thought it was preposterous

[–] ripcord 2 points 6 days ago
[–] [email protected] 5 points 6 days ago

I need to give Matrix another try

[–] [email protected] 4 points 6 days ago (1 children)
[–] [email protected] 43 points 6 days ago* (last edited 4 days ago) (1 children)

I like this reddit comment's explanation:

As someone said before, compare it to E-Mail.

Matrix ~ smtp/pop3/imap (protocol layer)

synapse ~ sendmail/postfix/dovecot/exchange/... (server)

element, fluffy, ... ~ thunderbird, outlook, pine, elm, ... (clients)

Everyone can host it's own server and have it's on private chat cloud. Thats like E-Mail and other opensource chat servers like Rocket.Chat, Mattermost and so on.

But like for E-Mail, it is easy possible to federate with others (like mail: "talk" to other mailservers), to be able to chat with people on other Matrix Servers. That's the difference to most of the other opensource chat.servers, which are stuck to their cloud.

As for EMail: Choose your best weapon, will say, client or server software. The protocol is free and will stay free. At this time, there's mainly synapse as the reference implementation from matrix.org and upcoming dendrite, but more servers will be available in future I think. At client side, theres element as the reference implementation and also some others, for example fluffy.chat.

Another cool feature ist bridging. The protocol specification allows bridges to other chat-systems, so you are for example able to talk to IRC-Servers or XMPP-Servers too. Many bridges are in development, less are stable. But more to come in future.

Matrix.org is "outsourced" from university and responsble for developing the specs. They are the big brain behind. They also server matrix.org as free service for people to test matrix or use it without having their own servers.

Element.io is also an outsourced company, which is developing element (reference clients). They are also selling hosted solutions to get money to the project.

Both are under the roof of the new Vector limited.

Because the Api is free, everyone can produce own servers an clients and (in theory) no one can take the whole network over. (in practice: if a big company does its own "cool" non open addons and has enough users, the same shit as for xmpp and WhatsApp could happen...)

Because everyone can host its own servers *and* optionally federate, the same product can be used for high secure private chat-clouds, for example in hostpital, military, schools, whatever, but it can also be uses to talk everyone like e-mail or phone. *And* no one has the masterhost, so no one has all data and no one can change the rules overnight to get money, more data or whatever.

From functional side: Matrix is what some people call "modern", it has text chat, you can send files, you can do voice- and video-calls (in element: 1:1, for groups with jisi as backend) and send voice-messages (at least in fluffy.chat, upcoming in element also). You can also plugin things like etherpad or BigBluButton and send cute stickers if needed. You can structure your contacts with "spaces" (beta).

Element got better and better in the last year and is imho very easy to use for now, but with some last edges. Fluffy is somewhat easier some users as far as I've heared but not feature complete.

I hope, Matrix will be the E-Mail-Version of Chat in the future. I have reviewed some systems for my university and it was the only one from which I think it has the potential to do so. So, give it a try. It's great.

load more comments (1 replies)
[–] jimmy90 2 points 5 days ago

i guess they'll actually be done Summer next year

load more comments
view more: next ›