About matrix and riot

For those interested in running said “vapourware scifi”, I would advise you read the official instructions over on GitHub.
The link is: https://github.com/matrix-org/synapse/blob/master/README.rst.

https://matrix.org/blog/2018/01/29/status-partners-up-with-new-vector-fueling-decentralised-comms-and-the-matrix-ecosystem/

great news from @matthew
i’m really happy to see they are start to work actively to this project again, improve the feature already have without pushing on newer things like other project do is a good news, i’m curious to see how they can make riot more user friendly, so i can finally bring more people to riot/matrix

dear matthew just don’t forget us about privacy policy, i know you have to focus on other things and i understand, but just no delay this topic too much please

3 Likes

Indeed amazing news! Congratulations @matthew

Can’t wait for a more stable version of Riot with better PP so that I could introduce it to friends. :heart:

2 Likes

I totally back this. I managed to get somehow most of my friends on Signal because I’m concerned about privacy, and Signal’s interface is simple enough for Average Joe.

I think the most important things to address for Matrix to gain traction are:

  1. Fix the privacy policy, because the early adopters and the most willing to give Matrix another chance when a changelog appears are people concerned with privacy
  2. Improve the UI, so the early adopters can bring in their family and friends along the way

Thanks for your great work :slight_smile:

2 Likes

I just managed to self-host some home server on a raspberry pi with yunohost, and will be able to serve a matrix-synapse node soon https://github.com/YunoHost-Apps/synapse_ynh. That + matrix on phone :slight_smile:

2 Likes

Signal has some privacy issues. And well, by starting my research here I understood that Signal has no intent fixing them. github link (Signal developer nickname: moxie0)

So again, I hope soon to jump ships and focus only on a single platform, the closest to my ideologies.

1 Like

In my understanding, the main concerns are:

  • Signal uses Google Cloud Messages to push notifications (while the notifications themselves are empty, it is “only” meta-data)
  • The Signal application has an auto-update mechanism that could allow silent replacement by a backdoored app

In a purely selfish way:

  • I currently have a phone with LineageOS and no GApps nor MicroG, which prevents Signal from being reached by GCM. My Signal app does active polling against Signal servers using websockets
  • I use Noise, the rebranded app built by Copperhead and distributed through F-Droid, which I think does not suffer the auto-update issue (to be confirmed).

m0xie has been known to be incredibly stubborn when confronted to privacy issues raised by users. More than 5 years in, and he still refuses to produce a 100% free build of Signal, which would allow it to be distributed by F-Droid. Moreover, he has stated that he wants a no opt-out feature of telemetry, so he can provide a quality app.

Long story short, the code is open source and anyone willing to put enough energy into it could fork Signal. I am one of the critics of m0xie for some aspects (the main concerns raised about Signal are valid in my opinion), but I do not have the time nor energy to fork it and provide an alternative.

To get back to the topic: as a heavy user of Signal, my hopes and expectations are very high about Matrix. I am willing to spend much time to test it and provide feedback, so a polished app could surface. This could be a total game changer for me.

4 Likes

Hi, I just found this interesting app called Ring. What is interesting in this open-source app is that it works P2P, with E2E encryption without any server.
If I understood well, the server is your phone/desktop. I know that this feature about Matrix is kind of vapourwave for the moment, but I would like to share anyway, maybe this can help to get such feature in Matrix :

1 Like

Given that running one’s own server for Matrix is not currently possible, is it better to use Conversations(XMPP)?

This is slightly off-topic: currently, I run my own Asterisk server and clients use SRTP+TLS. I believe I am only managing hop by hop encryption since the clients are behind a carrier grade NAT. Is there any way to get true end-to-end encryption using SIP? I hear ZRTP is the way to go but I’m not sure.

Given that running one’s own server for Matrix is not currently possible

?

is it better to use Conversations(XMPP)?

XMPP is it’s own bag of problems. Mostly revolving around E2E encryption, which requires a plugin to work (OTR) and federation of rooms with different servers.

Running one’s own matrix server is absolutely possible. What isn’t possible is running that server on your phone. But you can definitely run your own server.

So is this no longer true or am I missing something?

I believe that @matthew was referring to running a homeserver on a phone. That does not exist. Running your own homeserver on an actual always on computer has existed for a while now.

2 Likes

Now I know a bit more, what I am talking about, since I used Riot more intensively. I fortunately managed to bring the whole family to Matrix/Riot for testing (also even incredible WhatsApp Noops :slight_smile: )

From ease and usability point of view - of course this is also related to personal taste - I find it superior against Jabber
(It even convinced our ,Family-WhatsApp-Terrorist’ in using it daily, which already means something)
Also the reliability for me looks better than Jabber/XMPP. To be frank, I’d like to stay with Riot.

But there are still 2 major Points which bother me and which currently let me think staying at Jabber, accepting its disadvantages:

  • Why Matrix must stay with the creepy privacy policy ?
  • Why is it not possible for a Room-Owner, to fully and securely delete a complete Room ?

That looks pretty odd to me. I can throw out any member out of my rooms and can delete any single message - which is a lot of work and actually the same as if terminating and shutting down a room.
What is the strange idea sticking behind that ?

It looks a bit, as my data should be kept and as if it is the approach to make it a bit more complicated to stay the Master of my data …

ftr we’re currently working on rewriting our privacy policy and fixing the mess that we inherited there, thanks to the impulse provided by GDPR deadlines.

GDPR deadline - May 25

okay, I shut up :smile:

Can you also explain, why deleting rooms isn’t possible ?

Nope, but I’m sure one person out of 7.2k, will be able to answer you that https://riot.im/app/#/room/#riot:matrix.org

you can neither delete your own message, someone on matrix chat explained me, when you will revision/delete the message, this is not a MUST DO for the server, it’s just a request a server could ignore, and i don’t like it too, because this means, you have no control on your message, and if the room is on more servers, this means your message is spread across the servers room belong to

imho you should have a one click option “delete all my message on this room” and the single message delete to be really deleted

You can be interested in Matrix’s blog post about GDPR compliance and right to erasure.

The following paragraph is kind of interesting:

The key question boils down to whether Matrix should be considered more like email (where people would be horrified if senders could erase their messages from your mail spool), or should it be considered more like Facebook (where people would be horrified if their posts were visible anywhere after they avail themselves of their right to erasure).

From a technical standpoint how will this be implemented? Anybody could save a copy of your message on there own server or device. How will you ensure that a device actually deletes your messages?

You cannot force somebody else to delete your messages unless you use a DRM scheme. And obviously Matrix will not be implementing DRM.

1 Like