this post was submitted on 08 Apr 2025
40 points (69.2% liked)

Privacy

36712 readers
417 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
40
JWZ weighs in on Signal again (www.jwz.org)
submitted 5 days ago by [email protected] to c/[email protected]
82 comments fedilink hide all child comments
 

JWZ previously:

See also: Why not Signal?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 5 days ago (4 children)

Is there a better alternative? I don't see anything conclusive in the link on that front

[–] [email protected] 10 points 5 days ago

It’s like a politician, “Look how bad the others are” and then not proposing anything better (because at this moment, there isn’t).

[–] [email protected] 9 points 5 days ago (2 children)

I sure don’t know. SimpleX is suggested, among others: https://dessalines.github.io/essays/why_not_signal.html#good-alternatives

[–] [email protected] 3 points 5 days ago (3 children)

Could you explain/elaborate to a know-nothing (me) on the following from your link?:

Caveats of federation: Metadata leaking

When using federation, Matrix’s room states (containing a lot of Metadata) get replicated and stored indefinitely on every homeserver any user connects with or connects to. While this is a feature for enabling distributed chat rooms, it comes at a serious privacy cost.

To avoid this, you can either disable federation, or make sure that your users signed up with no linkable identifiers other than their user names.

[–] [email protected] 9 points 5 days ago

The author of that essay (@[email protected]) is one of the main devs of lemmy, so you’re asking in the right place lmao

[–] [email protected] 5 points 5 days ago (1 children)

Matrix is not really a chat system, but rather a distributed database that pretends to be a chat system. As a result all servers participating in a room get a full copy of the room metadata all the way back to when the room was created, which is a serious privacy issue.

This is not a general problem of federated systems though, and XMPP for example basically only shares the metadata that other participating servers strictly need to function.

[–] [email protected] 1 points 5 days ago* (last edited 5 days ago) (2 children)

How...do you think chat systems with storage are supposed to work? They store data. In a database

What specific fields are shared by matrix but not xmpp?

[–] [email protected] 1 points 4 days ago

The main difference is that in Matrix, a chat's history and media is stored indefinitely on every participating server, while on XMPP it's only the duty of the one "hosting" it. And to my understanding, in 1-to-1 chats, the server doesn't even retain the messages after delivering them, since there's a separate module for "syncing" the history between devices (that you can set the retention time for).

[–] [email protected] 2 points 5 days ago

Yes in a local database, not a distributed one.

The main difference is that XMPP (like most other federated systems) is based on passing messages, so if a new server joins a chat, it gets send messages from that point onwards.

In Matrix that is different. When a new server joins a chat it exchanges the entire database for that chat, and for DAG consistency reasons this means all the metadata since the chat was first created, often years ago.

[–] [email protected] 4 points 5 days ago

I’ve never looked into how Matrix works at all, so I can’t really speak to that.

[–] [email protected] 2 points 5 days ago (1 children)

That could work, it looks like it was a lot of features like reacts and video calls. How easy it is to setup and 'plug-and-play' will determine whether I'll be able to convince people to use it

[–] [email protected] 1 points 5 days ago

It is still in early stages but the bones are good.

I would not advise for people who expect shit to just work.

Maybe next year. A lot of progress since last time I tried it.

[–] [email protected] 4 points 5 days ago (3 children)
  • matrix if you want cloud storage for conversations
  • jami or briar if you're okay with p2p
  • simplex for the most secure cryptography and "just works" better than p2p
[–] [email protected] 2 points 5 days ago (1 children)

Why do you claim simplex has the "most secure" crypto? Why is it more secure than the standard double ratchet everyone else uses?

[–] [email protected] 3 points 4 days ago

it is using double ratchet but heres the most recent tob. the fact that they use distributed self hostable relays and no user identifiers is more secure imo

[–] [email protected] 2 points 5 days ago (1 children)

Last time I tried SimpleX, you had to scan a QR code to go from Desktop to mobile and vice versa, any chance of them changing that? Otherwise it did look promising.

[–] [email protected] 5 points 5 days ago (2 children)

yeah you can only use one device at a time because simplex doesn't have accounts, just devices. but you can make another account per device and add them to your chats

[–] [email protected] 0 points 5 days ago (1 children)

Wowww that's bad design

[–] [email protected] 3 points 5 days ago

yeah it's annoying, but they're pretty committed to the no user id thing

[–] [email protected] 2 points 5 days ago

Conversations is very simple