As development has been going on for quite a while, the Librem Chat is going to use Riot as the chat service but with a hosted server from Purism themselfs. Just that Riot has to make connections to their main server also. Which is a really bad design part of them.
I went onto Privacytools.io which I do sometimes and saw they completely removed Riot from the “Instant Messager” section and not even in the “Worth mention list”. I went through their Issues on GitHub to see why Riot was removed as before it was listed above Wire in second place “against” Signal.
I didn’t really get a straight answer but from these two issues; 1049, 840. As it seems, Riot is soooo far from finished and the data being sent unencrypted is insane. I can’t believe they actually released the “Big 1.0” update. When it still should have been in Beta. Seriously.
The privacy concerns with Riot is so huge that I don’t even know why we are still “supporting” them w/Librem Chat. I don’t wanna use their service with my threat model.
Sure, Riot does keep making good Riot apps and the service that is almost similar to Discord. Maybe I am wrong, maybe they are on their way to fix all of the major and minor issues and I just haven’t heard about it yet? From the RiotX development they sure have removed all of the trackers embedded in the previous apps/versions on Android.
I saw Whonix is using qTox, preinstalled. While Tox is in the “Worth mention list” because it isn’t that great yet, development is kinda slow. We should maybe try to support them as much as Riot? To not just have one alternative to private and secure messaging and only use “decentralized” but Peer-to-Peer also? Without the need of physical servers.
PS. As in Quote>decentralized<Quote. I mean Riot isn’t decentralized if it has to rely on a centralized server? Or that’s just for signing up?