this post was submitted on 28 Jun 2023
45 points (100.0% liked)

Selfhosted

39435 readers
7 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I want to selfhost a messaging service for my family. It should be secure and have voice calling option, ideally. Thank you.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

This is true but if you're self-hosting it's not that much bother to add additional copies of a bridge for other users (granted, it's not ideal).

[–] [email protected] 0 points 1 year ago (1 children)

Bridges were not that easy to manage in my case (regarding process management, and ease of config deployment/reproductibility). It was on OpenBSD though, so your mileage may vary. And still, it leaks all of your contact informations to the other users of the server (like their phone number eventually), so definitely not suited for public instances.

[–] [email protected] 0 points 1 year ago (1 children)

Leaks contact information to the other users? Can you elaborate on that? I haven't heard anything like that

[–] [email protected] 2 points 1 year ago (1 children)

That's from my own experience. I had a self-hosted matrix server running with Dendrite, and the mautrix-whatsapp bridge running. The bridge was running in puppeted mode, so upon synchronizing contacts, the bridge created "fake" users on the matrix server, one for each of my whatsapp contacts. The matrix username of these contacts is (by default) whatsapp_<phone_number>:domain.tld. And these users are visible (at least) by other users on the same server. It was my own instance and I was the sole user so I didn't really care. But when a friend of mine wanted to try matrix, I created an account for him on the server, and when he joined, he could see all the fake whatsapp/telegram/discord users created by the bridge on the server. And as the default username includes the phone number, he basically had access to my whole phone contact list in real time.

[–] [email protected] 2 points 1 year ago

Very interesting.

https://github.com/matrix-org/synapse/issues/8969 This may be of interest- it's basically the same thing. Seems that before that patch was merged, bridge-created puppet contacts would show up in searches.
Of course that's for Synapse not Dendrite. So it sounds like Dendrite never applied that same functionality.