Ugh. I’ve always liked Matrix (and was not bothered too much by the metadata leaks because my home server was not federated anyways), but after noticing some issues and finally reading up on the actual protocol spec a couple of weeks ago… oof. Yeah. No.
Set up XMPP for now. Works really well and the protocol seems so much saner. Unfortunately, it too has some annoyances that are unacceptable to me in the long term. I’m this close to saying “fuck it” and wasting the next couple of years of my life on a new protocol that no one is gonna use. (Cue the XKCD here.)
Ha, thanks, I’d already read that. And I do, mostly, agree; the OMEMO implementation is not great both from the security perspective discussed in the post, as well as the UX (not being able to decrypt old messages on new devices at all).
That being said, I primarily want a selfhosted, federated messenger which also takes privacy and security seriously, and at least for the former, XMPP is really refreshingly good.
addendum (to ensure someone gets hopping mad):
You should also link Ariadne’s post saying she rather use signal, but that would be against the tone of your post, right?
https://social.treehouse.systems/@ariadne/116043045098562878
Ugh. I’ve always liked Matrix (and was not bothered too much by the metadata leaks because my home server was not federated anyways), but after noticing some issues and finally reading up on the actual protocol spec a couple of weeks ago… oof. Yeah. No.
Set up XMPP for now. Works really well and the protocol seems so much saner. Unfortunately, it too has some annoyances that are unacceptable to me in the long term. I’m this close to saying “fuck it” and wasting the next couple of years of my life on a new protocol that no one is gonna use. (Cue the XKCD here.)
Unfortunately, it is not.
Ha, thanks, I’d already read that. And I do, mostly, agree; the OMEMO implementation is not great both from the security perspective discussed in the post, as well as the UX (not being able to decrypt old messages on new devices at all).
That being said, I primarily want a selfhosted, federated messenger which also takes privacy and security seriously, and at least for the former, XMPP is really refreshingly good.
They’re still far more encrypted than literally every other alternative.
Meanwhile Discord in it’s entirety is unencrypted
To be fair, Discord has encrypted voice calls using their “Dave” protocol.
https://discord.com/blog/meet-dave-e2ee-for-audio-video
I can’t believe that worked. Well, it’s a good thing we have more than three options