Is using an Matrix account from matrix.org private and secure enough to talk with my family members
fedilink
69
Is using an Matrix account from matrix.org private and secure enough to talk with my family members

So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option

I know I am just a normie who doesn’t really know internal workings of them… But in my experience, XMPP is just easier to host, the servers are lighter, they don’t store everything they touch forever like Matrix does, and OMEMO doesn’t break like Matrix’s encryption. Synapse would be probably impossible to run on my VPS, while Conduit and Dendrite are not as full-featured.

OMEMO is a mixed bag. Some clients are still preferring older versions that aren’t the best for security & almost every client does a bad job explaining that new keys are being used need to be verified… Gajim only recently gave a decent in-client pop-up for it, but it’s doesn’t work all the time. That said, this is basically the same issue Matrix has in the space. Both are based on libsignal if not outright using it, except Signal gets a point of privilege in basically having just one client …one that must be on Android/iOS according to their statements… so they can do a ‘better’ job managing who, what, & how many keys are being used. Many XMPP clients will recommend blind trust by default just because it can be a real hassle to deal with multiple clients & users coming back to less-often-used devices. There have been proposals to fix it, but I haven’t seen anything really take off (meanwhile considering just using the PGP encryption option as less flaky).

Yeah, I agree it has some issues. Personally was fine verifying keys tho - either in-person or wherever I met them (usually IRC).

And yeah, the insistence on mobile in Signal bugs me a lot - a desktop is A LOT easier to make private (Linux runs on damn everything) while most phones won’t allow making them not spy due to locked bootloader.

I am just thankful so far that Signal has let WhisperFish exist as an alternative—even if it goes against what they say—which gives me an alternative to the Android/iOS duopoly.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 113 users / day
  • 519 users / week
  • 1.44K users / month
  • 4.49K users / 6 months
  • 1 subscriber
  • 4.33K Posts
  • 109K Comments
  • Modlog