You're telling me the messaging serving with a roll-your-own encryption that hasn't been audited and doesn't enable end-to-end-encryption by default, instead requiring you to initiate 1-to-1 "secret chats" isn't secure or trustworthy?? Holy balls!
this post was submitted on 06 Jan 2025
158 points (100.0% liked)
Technology
37968 readers
333 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
I can’t believe it! 😱
/s
I am shocked I tell you! Shocked!
Well, not that shocked.
Proton up people. And get your people on Signal or WIRE.
We’re probably the most boring people day to day and we’ve dove it for a while on general principle. Now, it feels important to have already made that shift.
also XMPP and Matrix/Element.
Also your choices should be impacted by your threat model. Not everyone needs to lock up like they're James Bond.
unable to decrypt message
unable to decrypt message
unable to decrypt message
unable to decrypt message
unable to decrypt message
unable to decrypt message
unable to decrypt message
I have two friends on Signal!
No one else believes me. Gonna be a weird future
I managed to get my entire family onto this service and even some friends. That said, they are almost all also using at least WhatsApp, because they are only using Signal to stay in touch with me (since I'm not on WhatsApp).
I'm a fan of self-hosted Matrix server. You can get a dozen of bridges for those stubborn people that refuse to leave messenger/whatsapp/telegram (at a loss of encryption, and they still get your convos, but at least you don't have their spyware on your mobile and you can have everything in one app), while also being decentralized.
Self-hosting a server is actually really, really easy. It took me like half an hour, because there is an amazing Matrix Ansible Deploy script, that has a pretty easy to follow documentation, and is also one of those super-rare projects that just works. Even if I forgot to update my server for several months, I could literally "just update", and the script is clever enough to figure out what changed, tell me what I need to update in the config files (which are still only like four rows of stuff I needed to setup), and it is a really smooth experience. Even when you want to set up some bridges, for most it's literally just adding "_bridge_enabled: true" to the ansible yml config file. I've already set up Telegram, WhatsApp, Discord and Messenger this way, and it was effortless.
unable to decrypt message
I've used matrix for the better part of a decade, and I get that reference.
That said, while the matrix crew have worked hard on the decryption issues, I'd much rather feel that particular pain on a federated network where I can change servers than be stuck with Signal if/when the single server's policies turn evil.
What do you do when you get that message.
Ive lost contact with friends because of that message. They just can't read anything I send them anymore.
I verify my sessions. its a hassle, but it's getting rarer and easier.
My contacts said they did verify their sessions. I never understand why this happens or how to fix it
Impressive!
What is that?
What problem does it solve
Matrix is a new-ish decentralized, private, E2EE encryption protocol. It's pretty neat. It still has some issues (at least that I experience. Mainly the Android app is constantly being super slow to receive messages), but it's super promising.
They also have some goals to improve email infrastructure by integrating the matrix protocol, but not sure if that will go anywhere. I remember reading this off hand remark on their blog. Can't find the source.
As the original comment said, there's the concept ifa "bridge" which allows you to bridge other services to a matrix chat. So you could have a discord channel and matrix room bridged, as an example. A ready to go option with bridges is Beeper. But you can also setup your own stuff, as they said.
If I give my Discord chats to Beeper, and authorities subpoena Beeper, will the authorities get my Discord chats?
Yes they would. Thats why Beeper is working on changing to a bridge setup that works client-side and not server-side. Remember, that Discord is not encrypted and authorities can just get your data from discord directly. Do not use discord in any sort of private context whatsoever. I don't believe Discord itself isn't actively using my messaging data anyways
Theoretically no, all of your messages stored on Beeper servers are encrypted. But they will get all your metadata.
But I wouldn't worry about that anyway since Discord not only has access to all of your messages but sells them to companies to process for AI. So that'd be the far easier and faster route for them.
I feel like introducing another attack surface for a minimal gain inconvenience just isn't worth it. I'll be passing, thanks
If I'm honest, it's not convenient either. I stopped using it years ago because I kept getting logged out of my accounts and flagged for "automated activity". Plus they straight up lie about supporting SMS and RCS. The only "support" they have is connecting it to your Google account.
It works simillarly to an IRC. You have a server, that server can have channels, I think it can even do voice. But, unlike IRC, you can also use your server to talk to people on other servers, similar to how Fediverse works - if I have a server hosted on myserver.com, and someone else has a public room on server otherserver.com, I can either join the [email protected] or message [email protected], all from my account on myserver.com.
And bridges are basically just bots that run on your own server, and by scraping websites/using API of the service your bridging they create a private room i.e [email protected], with subrooms per chat, and the bot then sends every message it recieves signed into your messenger account to the room, and vice versa - anything you send there will it forward to the real messenger, basically allowing you to chat with people on messenger through your matrix server. Which solves the problem of "Each of my friend is using different messaging service, can I have them all in one app? (The app being Matrix client)".
wonderful! thank you
A perfect example of why SimpleX is a great choice for messaging
Isn't simplex also funded by venture capitalists like Jack Dorsey? I don't think I'd trust then not to sell out users when it comes time to pay back the investors.
Dorsey, Zuck, Bill Gates. All the venture capital interests already got they teeth in Simplex Chat.
i would love an analysis of their federation because it seems built to make that impossible.
Not only is it possible, but people are already doing it.
without linking to examples or analyses this is unhelpful.
Herpes simplex?
I read that all the popular chat services provide similar information to law enforcement agencies. I don't think telegram is special in this regard.
If it’s stored on their servers then it isn’t private
I'm generally given to trust Malwarebytes regarding cybersecurity, but they don't mention at all that E2E encryption is not the default messaging style on Telegram. That, plus the article being from 2021, makes me distrustful of that source.
Signal is still the only service I am aware of that does not store logs of user messages on servers. Messages only exist on the devices of individual users.
Depends if you consider Signal "popular", because based on your own link, the only information they provide is:
No message content., Date and time a user registered. Last date of a user’s connectivity to the service.
why people don't use matrix is beyond me
open stuff scares people. plus with messengers, we're kind of bound to what our friends use. I've been slowly converting friends to Signal, and but people are very reluctant to change when the thing they have already works. Can't imagine how much friction I would hit with something like matrix.
How slow friends are blows my mind. Like a cool new app they is secure and private?! Who wouldn't jump on that?! I tell everyone" I don't do SMS. Signal is the only way to get a hold of me. If you have a more secure app I'll look into it. "
There's privacy and then there's user experience. UX on Matrix is awful. Not to mention Matrix collects all the metadata, and the vast majority of it sits on a single server (matrix.org), which is owned by a private company and subject to subpoenas.
Well this was always coming!
Here we go again. Once more, folks don't fucking listen when they're warned. And the ones who should have listened just got branched again.