this post was submitted on 21 May 2024
46 points (97.9% liked)

Privacy

31981 readers
273 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
46
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]
 

Anone heard about it? Anything bad about security?

I've checked speeds with my friend, the're quite good, file transfer speed is insane compared to signal.

top 24 comments
sorted by: hot top controversial new old
[–] [email protected] 18 points 5 months ago* (last edited 5 months ago) (1 children)

It's cool p2p protocol but nowdays no good clients, most of them unmaintained and qtox have so shit code.Feels like developer didn't learn anything about writing safe c++ code.On android there trifa app but it's works... pretty weird,there also atox but it's doesn't implemented feature about video/voice calls.

[–] [email protected] 5 points 5 months ago (2 children)

Looks like it's got same problems as Matrix does (despite architecture diffirences).

[–] [email protected] 12 points 5 months ago (2 children)

Matrix has problems, but lack of clients and users isn't one of them

[–] [email protected] 7 points 5 months ago (2 children)

What are the main problems of Matrix? I have searched around for this but not found anything concrete. I use Element with E2EE and haven't had any real problems with it.

[–] [email protected] 8 points 5 months ago (1 children)

It supports unencrypted messages. Lots of metadata is not encrypted (eg all reactions).

Many orgs cant use software where users can send messages unencrypted. Its a security risk, even if the user did it by mistake.

[–] [email protected] 2 points 5 months ago (1 children)

I think most orgs would want to own the server and for messages to not be end-to-end encrypted. All connections to the server would still be encrypted.

That would be more in-line with slack or something.

If you're referring to federation specifically then that's going to get pretty complicated with security policies.

[–] [email protected] 1 points 5 months ago

That would fail a whole lotta regulatory requirements.

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (1 children)

High resource usage (RAM, but also CPU), slow syncs especially after being offline for a longer time with many public rooms, group chats are hard with encryption (new members can't read old messages because secure key sharing wasn't solved yet), if your partner did not set up key backup they'll have problems with access to messages when moving or just switching devices

I would say though that the problems of Tox sound to be more serious

[–] [email protected] 2 points 5 months ago (1 children)

High resource usage

That's Synapse being bad and already having a tech debt. Matrix is surely more expensive to run than other protocols, but not much considering federated nature.

slow syncs

Being worked on with syncv3. New sync is crazy fast.

About encryption, it is also being worked on heavly.

The one bad thing I can say about Matrix is just how much is being "work in progress". But I would choose a protocol that is going to do my checklist than others that would never do.

[–] [email protected] 1 points 5 months ago

That's Synapse being bad and already having a tech debt.

No, I mean the clients.

element web consumes 2-3 GB of RAM according to about:processes when my matrix.org account with membership in a few dozen public rooms is logged in.

The android client is also as slow as nearly nothing else on my phone. It lags, so much that it's not rare that I have to wait seconds before a click gets processed to start opening a menu.
And that's how it is when the app is synced. While it is still syncing it's even worse.

Being worked on with syncv3. New sync is crazy fast.

I have element x. It still can take seconds until it is usable, like if I haven't used it for a while, on a fast connection. But yeah, at least it's not minutes.

While most of the known chat apps already work this way, I am sad that element x won't try in any way to store a copy of my messages on the phone for offline access anymore.

[–] [email protected] 4 points 5 months ago

I mean efficient clients that are both easy for non-techy ppl and their 4GB of RAM.

[–] [email protected] 4 points 5 months ago (1 children)

Matrix is way better than Tox

[–] [email protected] 2 points 5 months ago (1 children)

XMPP is way better than Matrix.

[–] [email protected] 0 points 5 months ago

In your dreams

[–] [email protected] 12 points 5 months ago (2 children)

Have you read it's github front page?

This is an experimental cryptographic network library. It has not been formally audited by an independent third party that specializes in cryptography or cryptanalysis. Use this library at your own risk.

BTW, if you look at its issues (including closed ones, which most probably aren't really closed) you'll find pretty interesting discussions about its crypto not being right. That said, I'm not sure what irungentoo brings to the picture...

At any rate, if you're looking for distributed messaging, I'd look into Jami. It also uses DHT and something similar to torrents mechanism. Jami is my only option so far for distributed messaging. There's also Briar, but I don't like it for regular messaging, particularly on phones (too much battery usage), neither its underlying technology, but if it's to your liking, then that's another option for distributing messaging.

[–] [email protected] 4 points 5 months ago (1 children)

Jami has the same issues as Tox. It needs a security audit and probably a rewrite.

[–] [email protected] 3 points 5 months ago (2 children)

The audit is true, but at least Jami didn't make up its own crypto lib, it uses standard already in use crypto stuff. To there's a huge difference there.

BTW, they are actually re-writing stuff... But yes, they need more recent audits...

[–] [email protected] 1 points 5 months ago

Tox uses NaCl as its crypto library, don't spread misinformation

[–] [email protected] 1 points 5 months ago

True there

I also think its funny that the fsf endorses it.

[–] [email protected] 2 points 5 months ago (1 children)

Worth mentioning that I could not for the life of me get Jami to work in any way the last time I tried it; I've seen many guides and overviews, but couldn't find a single one where it's actually successfully used. Cool idea, though

[–] [email protected] 3 points 5 months ago

I has improved quite a bit. The phone app still requires navigating over its settings to get less battery consumption, and having ntfy or any other unifiedPush notification provider available in the phone. But with the default configs, you get Jami working at least. I tried it before, and I found before synchronization between devices was a mess. Currently it just works. I still find it hard on immediate/urgent calls or messages, which might not happen when you expect, but other than that it's working.

On the desktop, the default configs are pretty sane.

And the best part, it's being actively developed. And the UI is undergoing through lots of improvements. So if usability is your concern, it's getting better, and each release improves over the prior one...

[–] [email protected] 7 points 5 months ago* (last edited 5 months ago)

Tox has pretty much been dead from the beginning. There never was a significant user base.

[–] [email protected] 2 points 5 months ago (1 children)

Maybe try delta.chat? I use it, and it's quite good. Just make sure the guaranteed end to end encryption thing is on.

[–] [email protected] 2 points 5 months ago

Yeah delta chat rocks!