Why are we still supporting Matrix/Riot?


#1

As development has been going on for quite a while, the Librem Chat is going to use Riot as the chat service but with a hosted server from Purism themselfs. Just that Riot has to make connections to their main server also. Which is a really bad design part of them.

I went onto Privacytools.io which I do sometimes and saw they completely removed Riot from the “Instant Messager” section and not even in the “Worth mention list”. I went through their Issues on GitHub to see why Riot was removed as before it was listed above Wire in second place “against” Signal.

I didn’t really get a straight answer but from these two issues; 1049, 840. As it seems, Riot is soooo far from finished and the data being sent unencrypted is insane. I can’t believe they actually released the “Big 1.0” update. When it still should have been in Beta. Seriously.

The privacy concerns with Riot is so huge that I don’t even know why we are still “supporting” them w/Librem Chat. I don’t wanna use their service with my threat model.

Sure, Riot does keep making good Riot apps and the service that is almost similar to Discord. Maybe I am wrong, maybe they are on their way to fix all of the major and minor issues and I just haven’t heard about it yet? From the RiotX development they sure have removed all of the trackers embedded in the previous apps/versions on Android.

I saw Whonix is using qTox, preinstalled. While Tox is in the “Worth mention list” because it isn’t that great yet, development is kinda slow. We should maybe try to support them as much as Riot? To not just have one alternative to private and secure messaging and only use “decentralized” but Peer-to-Peer also? Without the need of physical servers.
PS. As in Quote>decentralized<Quote. I mean Riot isn’t decentralized if it has to rely on a centralized server? Or that’s just for signing up?


#2

I haven’t come accross any statement from purism other than that an integration of the Email-chat plugin in the “Chatty” app would be welcome (plug-in is ready for packaging: https://source.puri.sm/Librem5/chatty/issues/96).

The matrix fork “grid” and other alternatives may not be ready, yet :


#3

Alternatives: Did anybody have a look yet at Jami and patchwork?


#4

I do wonder why rocket chat or mattermost weren’t considered. I just assumed it was because of encryption.

Jami is a great idea, super ambitious, but it needs still a lot of work from what I can tell to be usable for the average customer.


#5

Not sure if the GNU Jami gnome client would need some (libhandy?) adaptions to be usable on a phone sized display. A big plus is that it already supports audio and video chat.

On the other hand, SMS, XMPP, matrix, telegram and Email-chat all work completely integrated within the default “Chatty” app.


#6

That’s true. But on the other hand of all of these Jami and the technology behind it for me looks like the one that is closest to respecting privacy and it’s the one which is really decentralized.


#7

I second Jami - it is a great application. I don’t know enough about GTK development to know how much work it would take to make it libhandy-friendly - but! I know enough about Jami to say that I hope it is possible. I’d love to be able to use it easily on a phone :smiley:


#8

Jami still needs someone to work on adaptions:


#9

Concerning the original question. Based on

it’s really not understandable if purism would not up their guards and remove the matrix vector from its systems. It’s not only the impact this group happily implemented, but also the shown follow-up behavior.


#10

This seems like a critical issue. Can we get an official response from Purism on the usage of Riot vs other alternatives?


#11

I don’t work for purism but i’l spend my 2 cent there
Purism will offer 2 different technology for IM one is Matrix, and the other one is Xmpp. On android and ios the only reliable client is Riot, while in the Librem5 we gonna get 2 apps that will handle Matrix, one is Chatty and the other one is Fractal, so if you ordered a Librem5 you shoudn’t be concerned too much about Riot since you will don’t use it, btw the devs beyond Riot are developing RiotX that is a lot better and shoudn’t have trackers.
If you don’t like Matrix, it will be, i hope soon the Xmpp solution from purism, so you can use it


#12

Much of the PTIO community (including myself) thought removing Matrix was childish.

Please review the some other threads as well:

For some reason the devs seem to have this unwavering trust in platforms like Signal and have a record for completely disregarding any attempts to change this.

Even after serious flaws in Signal: https://forum.privacytools.io/t/signal-has-non-free-dependencies-android/1115/5 (PR)

PTIO doesn’t have a good record here.


Nonetheless, Matrix has its flaws. Some tools like encryption are still in beta
However, I’m really excited for alternative implementations like Ruma:

Hopefully this can help make Matrix the chatting service we all want to see.


#13

@ChriChri Doesn’t Scuttlebutt leak your IP? I think it is more of a IRC-style microblogging platform.
You may want to start a separate discussion for this. :slight_smile:

https://www.scuttlebutt.nz/

https://www.wikipedia.org/wiki/Scuttlebutt_software


#14

Perhaps they could add support for bridges:

https://www.wikipedia.org/wiki/Matrix_(protocol)#Bridges

Allowing people to communicate regardless of protocols used.


#15

I use Riot since quite some time on a daily basis. And I can not understand this level of attack I see here on it.

It offers end-to-end encryption and it seems to work really well. The main issues with it, are, that it is too strict at times and somewhat annoying to handle UI wise when people change/reinstall their devices. But they are ever improving on this. Yes they have the beta warning (do they really though?) on the encryption feature. But I think this is them being extra cautious and humble, which is a plus in my book.

What I love about it, compared to Signal.

  • open source server
  • no mobile phone required
  • multi site support
  • no personal information like phone numbers required (but you still can use the ease of use for it if you so prefer)
  • Works on Librem 5

#16

Did anybody in this thread really want signal? I think bridges and extra features are means by which vector inc. introduced centrality into the protocol (and also taping into other protocols).

Do you believe any amount of side-step dances or me-nicely-feels will ever straighten out a flaw baker’s bagels?

Maybe a matrix protocol fork https://gitlab.com/thegridprotocol/home can straighten things out, otherwise an alternative protocol.


#17

i’ve been using matrix (with riot.im) and must confirm too, that it’s very nice, it’s user friendly, openly federated (it’s quite easy to run your own server, and it can send messages to everyone from there, try that with signal :cry:)

some of the rustlang community has been moving to matrix and their experience has been pretty good, from what i gather

i was skeptical at first too, but don’t think all the negativity is warranted !

overall, though, it looks like matrix is more of a IRC and discord replacement than for signal or other IM, and it’s true that the E2E encryption is still in heavy development so if that’s your primary concern then yes, it’s not the most mature solution


#18

Well, those marketing speaches just don’t match what they implement:


#19

There is still no Messenger I can fully recommend. I have the hope that the Matrix protocol and the resulting apps will have all necessary privacy features.


#20

Yep, I think the closest (and to be used) are:

  • The Librem 5’s Chatty (fully integrated and compatible comunication with the entire world, hopefully soon also with added support for the jitsi-meet webrtc audio/video chat toolkit and its standard web browser compatible fallback links)
    With installed plug-ins for
    • SMS
    • XMPP
    • Email-chat
    • (matrix, rather not, better a privacy focused fork: grid )
  • GNU Jami (p2p with audio and video support, hopefully soon with support for the small phone screen https://git.ring.cx/savoirfairelinux/ring-client-gnome/issues/818 )