I'm sorry but matrix is a convoluted mess. Speaking from experience, when there's a deep focus on protocols and technical architecture before usability it becomes incredibly hard for the consumer side to get started. It's still very much a DIY thing and the promise of Element hosted offerings kind of just defies the point of the federated design for what most came into it for, self hosting.
Honestly, we just need a drop dead simple chat client/server that can be self hosted and may be eventually extended via wireguard/tailscale networks and MagicDNS.
The problem is developers pushing a technical choice of protocol with little regard for user experience. How does the XMPP protocol improve on the user experience? It doesn't unless you have a client/server implementation that can be deployed and showcases that power. Think SMTP and email. You want XMPP to work, find a simple way to showcase they power.
I've run the original jabberd server for an organizations internal chat server along with all the open source bells and whistles that go with it. Let me tell you I didn't once see the value of that except to save money and for privacy. But it was an organisation. If we want open federated communication the standout thing has to be the ease of use, the quality of experience and to actually highlight it's benefits. Right now I don't see that.
What you are describing is basically the gap that Snikket aims to fill - although for personal communication, it's not particularly aimed at organizations (I think the requirements for that are different, and there are many existing options already).
I know at least one project aiming to fill the same gap for organizations though (again, using XMPP), but pre-release currently: https://prose.org/
I'm a firm believer in essentially what you said: The protocol doesn't matter, it's all about the products and what they can do and how easy they are to deploy and use.
I'm sorry but if your point of data is the original jabberd server then you are not up to date with the experience you can have today. And the experience today is good, whether you use Prosody, Metronome, ejabberd and probably others, and when you chat with Conversations. You have all the bells and whistles of social networking with Movim.
It' s not necessarily a better user experience but it provides a far better user independence, and that definitely counts.
The project was founded in 2014. It was heavily focused on building a federated protocol before there was anything related to end usability. Maybe they've just flubbed the implementation and done a poor job of it, I don't know. I can tell you from the external perspective it's not doing a great job at anything technical or end UX.
WhatsApp nailed distribution, Signal does privacy well, Telegram is simple and scalable. What is Matrix? None of the above. I'm sorry, that might come across as harsh but I see a lot of wishful posts here that kind of throw users in that direction without real insight and knowledge into it. We don't want DIY that's endlessly complex and hard to maintain. The reason centralised apps work is because there's no setup, so really you're fighting frictionless experiences. Want to make self hosting a better experience, make it frictionless.
I'm a fan of Matrix but am inclined to agree. In 2018 I looked at the Riot (Element) codebase with a hope to contribute to improving the client. In my estimation, the interfaces and data structures were bonkers convoluted and the maintainers gave dire warnings about how all of them were subject to radical change. I put my attention elsewhere.
I wish they'd focused on building a messenger first, rather than trying to be a Slack/Teams/Discord. That said, it's taken a while but the Element client is dramatically better now. It still doesn't have the polish of other messengers, but I'm rooting for them to dial that in.
Matrix does decentralization/federation well? The problem is that it's a philosophical/political goal and most people place other values (social cachet, ease of use, total cost) above that.
Another problem is that a focus on federation limits your appeal to people who like to self-host things.
Yeah I don't even know if that upper post was meant to be sarcastic. Telegram, despite the security theater, is amazing UX-wise. It's such a joy to use and I see myself more and more engaging with Telegram contacts just because it's convenient in many subtle yet impactful ways.
Well if you can, then why aren't they as good as Telegram, and why should I be holding my breath for their UI / UX to suddenly improve? Matrix has been around for almost as long as Telegram.
I don't use either so I don't really care. I just don't expect a consumer service with subpar UI to win market share solely on technical merits.
It won't surprise you that to improve a product, you need people working on it. In a capitalistic society you need to pay them to do that. Telegram sits on the billions of its founders and doesn't need to make revenue, they have money. What company with an infinite supply of money (and, thus, developers, managers, QA, interviewers) are building a Matrix client and can afford to have as many people working in it ?
Of course, I see that. But open source projects routinely manage to meet technical expectations while failing specifically at meeting UI / UX expectations.
That makes sense for unfunded projects because most developers are not good designers, and designers don't have a culture of contributing to open source, but for a project that pays (some of) its developers, it's their choice how much to pay developers vs designers vs managers, and they are responsible for the way in which they allocate their limited resources.
I recently had to move my open source project's chat from Gitter to Discord, not because we like Discord or "don't care about open source" but because everyone is so damn tired of Gitter's terrible UX that it became the overriding concern.
Matrix bought Gitter two years ago, and I kept waiting, hoping that they would improve it, but they did literally nothing to it except connect it to Matrix within a couple months – and even that doesn't work well, with Matrix users still unable to respond in threads.
I assume there is a good reason for that. I'm not here to judge, only to point out that this "good reason", whether it's lack of funding or priorities or whatever – won't change anytime soon, so I won't be holding my breath anymore.
> However: in the medium/long term, it’s simply not going to be efficient for the combined Element/Gitter team to split our efforts maintaining two high-profile Matrix clients. Our plan is instead to merge Gitter’s features into Element (or next generations of Element) itself and then - if and only if Element has achieved parity with Gitter based on the above list - we expect to upgrade the deployment on gitter.im to a Gitter-customised version of Element. The inevitable side-effect is that we’ll be adding new features to Element rather than Gitter going forwards.
We’re almost at the point of being able to switch Gitter over to being a branded Element.
Element funds a lot of Matrix work, and we have a large team working on both Matrix, Element clients, Matrix hosting, and our various customer projects (around 100 people). And while Element has taken longer than I’d like to improve in terms of UI/UX, it is definitely getting there - cf https://element.io/blog/an-unrecognisable-improvement-elemen... etc.
Oh, I didn't mean to say no one is working on the Matrix ecosystem. The reason Matrix is where it is today is thanks to you guys. But I don't think you can say you have as many resources and as many people working on it as Telegram, and you're solving a problem 10x more difficult than what Telegram does.
Checking the box of ideals doesn't mean that open source software is off the hook in having to compete on features. Regular users do not give a rat's ass about source code being open; it's an extremely abstract concept if you're not in the field. All they care about is free as in beer. Matrix can either target the niche demographic of the highly technical, or it needs to level up on usability to reach a wide audience.
The number of people who have tried LibreOffice, Gimp, etc is probably orders of magnitude higher than the number of actual daily users. If these software applications were businesses, their exec teams would have been fired many times over for the atrocious churn. Free as in beer is an excellent foot in the door, but it's wasted time and again by huffy developers who don't know how to create good UX and who won't open the door to good product people who want to help out.
> Checking the box of ideals doesn't mean that open source software is off the hook in having to compete on features.
No one said that.
> Regular users do not give a rat's ass about source code being open
Open source or not, they should care about reliability, avoiding lock-in, abusive practices from monopolistic players, privacy...
> If these software applications were businesses, their exec teams would have been fired many times over for the atrocious churn.
If these applications were business, you'd also have to look at Cost of Customer Acquisition, at how much is being spent on marketing, you'd also have to see how much your developer team is being compensated, how much they are getting in shares, etc.
If the investment is zero, the ROI from FOSS will be by definition infinitely superior to closed solutions.
What I am trying to say is: TANSTAAFL. OP's seems to not care about his freedoms, so he is willing (like many others) to trade it away for the convenience brought by closed solutions. So it is no surprise that a FOSS project (which has no way to monetize the user to finance its development) will lag behind. This will only change when people start covering some of this difference and start supporting FOSS projects directly.
And there's your problem. Regular users do not give a rat's ass about your shoulds. In addition, for example, I've never seen any serious UX bugs in Telegram, and I've seen many in Element. Regular users care waaay more about that than some vague notion of "reliability".
It's not my data that is being mined and it's not my business that can disappear if WhatsApp goes offline.
Yeah, I'm fully aware that people generally don't care about any of that. Lots of people also don't care about their eating habits, the effects of their economic actions, etc, etc. But if they don't want to face the bad consequences of their choices, they should.
Just as FOSS should produce high quality, usable, popular, free software.
But it doesn't.
Your shoulds look an awful lot like a tribal affectation which the FOSS community uses to exclude non-technical users.
It doesn't matter if the exclusion is conscious (I suspect it isn't) or deliberate (likewise.)
The point is the exclusion happens. Self-evidently and empirically. Outside of the technical community FOSS might as well not exist.
If you actually want people to use FOSS you need to stop shoulding potential users and start making software that satisfies their needs in obvious and delightful ways.
Security and privacy are important but secondary features.
And access to source code trails at the end of the list. It's of zero interest - and even less use - to non-technical users.
> which the FOSS community uses to exclude non-technical users.
Sorry, that is bullshit. Any FOSS enthusiast will gladly help other people, when there is a clear path to make the change. When I told my friends and family "I am not going to use WhatsApp anymore, but there is this program that we use instead", I went to help all of them that were interested. I didn't force them to choose between Element or WhatsApp, I just said "here is one alternative."
> Just as FOSS should produce high quality, usable, popular, free software.
I can bet FOSS beats proprietary solutions on any class on a dollar-per-unit-of-quality and even dollar-per-user-acquired metric.
> If you actually want people to use FOSS you need to stop shoulding potential users and start making software that satisfies their needs in obvious and delightful ways.
Everyone wants an unicorn. No one wants to pay for it. If we want developers to work on FOSS projects, we need to foment a marketplace that rewards FOSS developers.
"Oh, but I don't care about FOSS. I care about getting things done, or less inconveniences, etc"
Fine, then enjoy your shit sandwich that is called "Big Tech".
Therefore the idea will continue to flounder indefinitely, used by a microscopically small user base representing a microscopically small niche of the market. In effect it doesn’t exist and has negligible impact on the bigger picture. But at least you get to feel like you did the right thing, right?
> Therefore the idea will continue to flounder indefinitely, used by a microscopically small user base.
I have no control over what others do. The only power I have is over my own choices.
> But at least you get to feel like you did the right thing, right?
I am more concerned about not doing the wrong thing (if I can avoid it) then any display of righteousness.
In the case, no one is forcing me to use WhatsApp, so if I can avoid being a participant in something that I believe to be hurtful to me and others, I will. The inconvenience is a small price to pay.
I think you're right, but perhaps more aggressive marketing already helps a lot.
I'm not a marketing person, but for example, take advantage of these kind of events to let people know that Matrix's network is impossible to go down like this because it works like e-mail.
Reiterate the point that Whatsapp is part of Facebook's network. So, your Whatsapp account is under Facebook's control just like your Facebook account. Matrix accounts work like e-mail addresses. You choose a provider for your account, and you can always choose a different one without losing access to the network.
Present these kinds of talking points to the actual mainstream. Advertise on Youtube, go on TV... maybe people care less about the UX than we think.
Apparently, that has not been a priority in many years.
Matrix/Element is so far behind usability/features that it's really only used by people that favor decentralization/openess at the expense of actual users.
The point is that “it’s open source” is a really bad selling point when you’re talking about a messaging tool meant to be used by everyone.
Good luck trying to convince the general population that “the UX is bad but theoretically anyone can improve it” is better than what you get out of the box with other messengers.
You don't need to convince "the general population" to switch. You don't even need to convince anyone to "switch".
Just do the change yourself. Help those people close to you to install Element alongside whatever they are using now. Even if just because they are using to talk with you, it's better than nothing.
You don't get to migrate things that are on huge network effects in one go. But we can help the growth of one network organically until it reaches critical mass.
But other people don't install element alongside whatever (except maybe your parents), but they continue using what works for them... Are you really so "special", you can convince all of your friends with "I know all your friends are using app X, but if you want to chat with me, you need app Y, which noone else is using right now, but maybe, some day..."?
Not all, but the ones that mattered and bothered, yes.
I am not asking them to delete the other app, I am not asking them to join a religion. I am just asking them (and helping if necessary) to install an app and set up an account on my server.
I have been discouraged to use that form because native English speakers have corrected me that unless I am a British monarch, it would be incorrect language use.
Maybe I'm missing a joke, but this is not the case unless you're using "one" as a way of referring to yourself. Saying "one could" to mean "someone could" is perfectly standard English.
One does have to be a little careful with that... It's generally old-fashioned, and can end up sounding sarcastic or passive-aggressive if the statement is obviously meant to refer to a particular person. (Cf. the upper-Midwestern "a guy could" or "a lotta guys", as in "A lotta guys would have made sure that was tied to the roof of the car before they drove off.")
It must be exhausting never to take a break from befuddlement, you really ought to consider only feeling this way some of the time, or at least spend some time befuddled by other things.
Honest question, is there are Matrix client that has a decent amount of UX work gone into it? I recently started to use Fluffy, that looks pretty good with a nice clean design, but does not have the same level of polish as Telegram, at least not yet. It's open source and one should try to contribute and not complain, that I figure, but not everyone can contribute in the first place.
The opposite is true - of all the major messengers, Telegram is the least secure.
It uses a homebrew encryption scheme and does not have E2E encryption (yes, you can enable E2E for individual chats, but nobody uses it because it breaks most features).
Not to mention the weird corporate structure, lack of transparency, failed crypto token launch, dishonest marketing...
Please stop with that. At some point every encryption scheme was "homebrew" (or rather, new). MTProto 1.0 had flaws, which were addressed in 2.0. The latter has been independently formally verified to be secure[0].
> Telegram is the least secure.
Against who? What is your threat model? Such absolutist blanket statements are useless by design.
> of all the major messengers
Which are Messenger, Whatsapp, and SMS/RCS around here. Signal shows up from time to time, and Matrix doesn't even register above statistical noise so I won't count them as "major" (Signal, being, in a stroke of optimism, at best a challenger)
Of these, SMS/RCS is a total clusterfuck, and the remainder is owned by Meta. Yes, Meta is high on my list of adversaries, and given their track record should probably be for anyone out there caring about their privacy. No, WhatsApp's E2E is not to be trusted[1][2].
So is Telegram the least secure of major messengers? definitely not.
Is Telegram perfect security, certainly not either, because that doesn't exist[6], but their E2E is solid, even without E2E, extra steps are taken to thwart certain adversaries[3][4], they have reproducible builds for their client binary builds[5], and as can be observed so far their actions are veering on the complete opposite side of Meta's.
Is Telegram an opportunity to convince non-{privacy,security}-minded random joes and janes to jump out of a bunch of terrible chat platform for a better (or less worse if you want) chat platform? I'd say probably. I mean, it really really looks like they're trying hard to get the job done.
The other contender here is iMessage, which is likely more secure, but has such a terrible UX it’s not worth using. Their architecture is really poorly thought out and imitates SMS when it doesn’t need to.
For example, if you travel internationally with a different SIM card, iMessage doesn’t allow your main phone number to be used for iMessage any more.
Another terrible “feature” is that to have a complete history of your chats, you need to back up to iCloud. Even for plaintext messages. And uploading photos will quickly blow through your iCloud storage.
Telegram, on the other hand, maintains your complete searchable message history including media for free, and when your phone number changes, it just asks “hey did your phone number change?” You press no, and the experience is completely identical.
Whereas when your phone number goes away on iMessage, you’ll have to fiddle around with settings to get something else working, your contacts will be fucked, and people will have issues sending you messages, etc.
In telegram, the model is that my messages are associated with me. In iMessage, the model is that my messages are associated with my device and SIM card. I think the latter model is boneheaded for a personal messaging app. Which means that iMessage is fundamentally problematic.
Sorry for my iMessage rant, but I do love telegram :)
> The other contender here is iMessage, which is likely more secure
Indeed, it is. I did not mention it because it's Apple ecosystem only, leaving a lot of people out. It appears to do many things very right, some lacking, and a few "wrong".
AIUI, with Messages backups in iCloud disabled, each device has its own key. Each message sent gets E2E encrypted with the key to each destination device and sent once for each device. So if the recipient has three devices, that's three encryptions and three messages sent. (That's how I recall someone describing it back in the day, I'm not sure today and I can't find the source of that anymore)
> Another terrible “feature” is that to have a complete history of your chats, you need to back up to iCloud.
The above means that a newly added device doesn't get access to the message history. This actually implements perfect forward secrecy! An attacker who manages to convince someone in some way to add a new device would a) be name to decrypt any old message intercepted and b) only be able to see new messages.
In that setup the only thing really lacking is being able to jointly check a contact (sender or recipient) key via a secondary channel and maybe TOFU it and displaying a warning when a contact key is added, changed, or revoked. You do get a warning for new devices added to your account but it could also apply to already added devices who unexpectedly get a new key.
Enabling backups in iCloud breaks perfect forward secrecy somewhat since the goal is being able to obtain the whole history, so an attacker managing to enroll a new device would presumably get the history. That said I also hear that this iCloud backup isn't zero-trust encrypted (technically it could be, think borg backup) but I'm really not sure about that.
> And uploading photos will quickly blow through your iCloud storage.
Not just that, it seems to do an absolutely terrible job at clearing the local cache, eating space like crazy and with no easy option to clear it: the settings app storage section is hopeless in that regard, Telegram's way of handling that manually plus the automated ones are muuuch more clear.
> For example, if you travel internationally with a different SIM card, iMessage doesn’t allow your main phone number to be used for iMessage any more.
I did not witness that when swapping SIM cards with new numbers: Messages popped up a dialog or something asking "keep using +XXXXXX" || "use +YYYYYY". I seem to recall I could even have both numbers for some time (IIRC there was a 2 week - or was it one month? - delay before a number is forcefully dropped out if you don't pop the SIM with that number back in). It was annoying the hell out of me as it was a short-lived number that was temporarily assigned while my real number was transferred between operators. My mistake though for tapping the wrong answer, but admittedly something there could use some improvement.
That was with local numbers though, the international story might be different? I would not expect that though as it would be truly an awful experience for international travelers that swap SIMs on non-multiSIM (eSIM+tray) iPhones.
And finally there's trust... it's completely closed and very hard to audit, but then again Apple owns the OS and hardware, so one could audit the app all they want, they have a much more potent vector for exfiltration.
Your reasoning basically reduces to: I trust Telegram and I don't trust Meta. Security-wise WhatsApp is way more secure than Telegram because it uses the open-source Signal protocol [0].
Ultimately it always ends up being about trust at various levels, and how one can validate that trust, hence why I linked to "Reflections on trusting trust" by Ken Thompson.
That said, WhatsApp using the E2E Signal protocol is immaterial if they exfilter the locally stored private keys out to their servers, which is what the redaction of that line in the whitepaper we both linked (you directly, me via that Twitter link highlighting the diff) alludes to:
> At no time does the WhatsApp server has access to any of the client's private key.
Unless one checks every update of the client's code and the matching published reproducible binary output one can't be sure that keys (or any other data for that matter, since it has full access to anything decrypted) are not exfiltrated.
Now, that line deletion could be a subtle canary because law enforcement/state actor, or that could be Meta being nefarious following the cofounders departure, or anything in between. Either way I find it a worrisome signal that this specific line has been removed.
> That said, WhatsApp using the E2E Signal protocol is immaterial if they exfilter the locally stored private keys out to their servers
They don't do that.
Biggest issue with WA is the backup mechanism. You can encrypt it with a passphrase nowadays but AFAIK that's off by default, rendering E2E moot if either party backs it up to their Google Drive.
A non-standardized, homebrew encryption scheme does not necessarily have to be worse than a standardized algorithm - even though it often is. But if implemented correctly and by someone who knows what they are doing, I'd trust a homebrew algo more than one which has been approved by the west's codebreakers for general use.
I feel you are unnecessarily combative in your approach. I was making a general observation on the merits of different sourced encryption algorithms.
I also would like to point out how your false dichotomy leaves no legitimate position when arguing against NSA-approved encryption mechanisms for the general public.
From a security perspective, I don't care if open source is solving the backdoor problem - the use of NSA-approved algorithms is the problem, not the source code availability.
From a civics perspective, I find potentially insecure algorithms that can be broken into by more local governments a lot more problematic than insecure algorithms that have a backdoor for governments far removed from, and ideally antagonistic to, my own if my own government cannot read it. The government of China or Russia is unlikely to abduct me in the night to put me into a black site. My own, or their American "friends", are a lot more likely to do so.
If you have a counter-argument other than another ad hominem, I'm happy to hear it.
If you are worried about being dragged to a "black site" Telegram is giving you a false sense of security. The corporation (and the owners i assume) are long gone from Russia, ironically because it could not operate there and was in danger of being censored or appropriated by the Kremlin (they never do things like that...).
Telegram sits firmly within the western legal system and somehow manages to stay online. Their privacy policy references the British Virgin Islands.
I don't agree with that claim. While there is no e2e encryption, the number of people that can see the chats between me and my mother has just gone from two (me and her) to 500 (all the engineers on the telegram team).
Also, being based in the UAE doesn't inspire confidence on the privacy and security front... Nor the fact they promised to release yearly transparency reports and then never did so... Or the fact Der Spiegel claims they have evidence of Telegram handing over user chats to authorities despite the fact telegrams FAQ claims they have never done so...
You can enable e2e chats. But you lose cloud sync.
> Also, being based in the UAE doesn't inspire confidence on the privacy and security front...
Well the 5 eyes do not inspire confidence either, and that's where whatsapp is based.
And Apple has plans to automatically inform law enforcement from device scans. At least telegram client is open source so that is unlikely to happen on the client side directly.
Also AFAIK Telegram has access to the plain text data from stickers so when they are downloaded by a person on a secret chat, everybody with server access can also figure a bit of the context of the conversation.
> the number of people that can see the chats between me and my mother has just gone from two (me and her) to 500 (all the engineers on the telegram team).
And everyone from all companies to which Telegram will sell the data once they figure that there is a good money to be made from it.
If they have the plain text data they can do whatever they want with it.
Poor example seeing how most use gmail.com or some other centralized service for email these days or risk emails not showing up from a self host solution.
I'd disagree. In terms of privacy and anonymity, Matrix is an unguaranteeable nightmare. Just all the IRC bridges alone are a worst case scenario on what can happen with your data.
I'd rather recommend Briar [1] which is really end to end encrypted, and works even offline via bluetooth or Wi-Fi LAN.
The Matrix team seems to be focusing on anything but making it as performant and usable as Telegram or Slack. The project leaders have been told this multiple times but there is always a reason.
Speak for yourself. The recent addition of space-protected rooms eliminated one of the biggest issues preventing my local hackerspace from using it.
(Of course, it did so roughly as we finally qualified for the nonprofit Slack plan, so it was a bit too late to have a real advantage - but it's an option now where it wasn't before.)
I've been using spaces for a while, but I am genuinely still baffled by it. Intuitively, a space should be where I group rooms or people in a non-overlapping way, and cleanup the side-panel clutter... But I can access all rooms from all spaces, so what is it's purpose exactly other than a namespace in which to connect to other places?
The most important thing in my view is that you can invite other people to the space, and you can use that membership to control access to multiple rooms.
So let's say I were using Matrix for the hackerspace. With spaces, I can invite a new member to the space and they can join whatever associated rooms they want on their own.
Without spaces, I'd be stuck either inviting people individually to every room, or making every room completely public, neither of which are particularly palatable.
while I think there is a lot of room for improvement, I don't think that's true.
Copied from last "This week in Matrix":
- Another big thing in Synapse 1.69 is experimental support for faster remote room joins!
- The new WYSIWYG (What You See Is What You Get) composer is available in Labs soon; It’s in active development and we’ll be adding more functionality soon.
- Notifications research is near conclusion; We trawled hundreds of GitHub issues, discussions, looked at competitors and interviewed some users. We’re really excited to bring improvements to your experience.
- Threads is making great progress and we’re hoping you’ll start seeing these improvements in the next few weeks! Keep your eyes open for updates.
I'm unhappy with the python implementation's performance too (ran it on a $5 VPS for a while and then gave up) but I think the Go implementation is much better and catching up in features really quickly, and I'd be happy to give it a shot again when I have more time.
Matrix/Element iOS builds send all notifications (by Apple's design) through centralized developer-run servers that wake up your client app to talk to your homeserver.
There's no way for you to avoid SPOFs for notifications on Apple devices, because APNS is designed so that the only way you can wake up an app to talk to an API is via notifications sent from the developer of that app.
This means that if the APNS servers go down (unlikely), or that the vector.im notification relay servers go down, nobody using Element on iOS gets any notifications.
It also means that vector.im sees all of the notification events (who got notified when), though I don't believe they see the notification content. The notifications (I speculate) are simply app wakeup events that make the app then contact the homeserver to see what it has new.
This is a problem with iOS, not Matrix or any other chat protocol. If you want more freedom and control over your communications, you wouldn't choose iOS anyway.
I mean, that's great and all, but it would still be pretty annoying if large parts of your network go down, and especially if matrix.org would go down.
But nobody is forcing you to use matrix.org, and if you have the resources it's easy to run a separate instance with peering, so that you get both the benefits of being able to communicate with everyone and have a faster/locally controlled instance with whatever rules you like.
We're keeping one alive with friends, not because we need it, but because we can and it's easy to do so.
We can argue matrix has not the most fancyful clients right now, and it might not be a perfect solution for everybody, however there are many clients to choose from, you can write one easily with many support libraries, it's easy to script, you can have full control.
This is what we should push for. I've recommended signal to a lot of friends, and I currently feel stupid for doing so: It was a hurdle to convince them, and what I achieved was to move some to another privately run network with arbitrary rules and mandated software controlled by a single entity which is now starting to do random crap.
Perfectly understandable. If matrix took off a little more, we might see an increase in resources for the official homeserver, or see more peered homeservers becoming popular (as people today get a gmail account and expect to work with users on offic360 without questioning).
Meanwhile you also have the option to get a client with multi-account support. Again, not all clients have this, but this is again something that no other messenger does, or will ever allow purely for market reasons.
If running your own homeserver weren't so painful for some folks this might be a bit more addressable, but currently if you're in a few popular rooms it's going to make a monster of your digitalocean bill, and sucks to maintain.
Hint: the correct answer to this is not "Well there's your problem you're expecting to run it on Digital oc-" no, this attitude helps nobody. Like Picard said, make it so.
I'm actually convinced that all the open source messaging apps are harder to install than postfix or opensmtpd thus a true pain in the butt. I get that most are trying to sell services but having an easy to install and setup program would make a real difference.
Agreed, simple installs for the win. The true test. How quickly can I get something running on a pure VPS. Maybe even without docker. How do I build it, how I do run it. Are there pre-packaged binaries, even better.
Because it can suffer the same problem WhatsApp had, because it's centralized. If something on their infrastructure goes down, it might have consequences for all users. This is not the case for distributes solutions like Matrix. (I actually use Signal, though, and not Matrix, because the latter, although it has many advantages, has a relatively bad UX compared to Signal, or at least used to, and it's hard to get contacts to get to use it...)
Centralized management does not mean centralized infrastructure. Any of these systems could distribute the APIs and message delivery infra across multiple independent jurisdictions, regions, and providers, and do clientside load balancing.
The fact that these systems are centralized in management does not mean that they need to have any SPOFs.
Also, the Apple App Store and iOS activation servers are the biggest SPOFs of all. Without them, even with a brand new working device, you can't activate it or install apps to communicate.
> Centralized management does not mean centralized infrastructure. Any of these systems could distribute the APIs and message delivery infra across multiple independent jurisdictions, regions, and providers, and do clientside load balancing.
While true, Signal hasn't done this as far as I know. Until they do, their infrastructure is just as centralized as WhatsApps.
WhatsApp's infrastructure is not centralized; I would bet that this outage was caused by an engineering mistake, not by the failure of some datacenter or cable.
They are owned/managed by the company that popularized "move fast and break things" (though to be clear I do not think that they intentionally take this approach with WA or IG or the FB advertising infrastructure).
> WhatsApp's infrastructure is not centralized; I would bet that this outage was caused by an engineering mistake, not by the failure of some datacenter or cable.
If one engineering mistake can take it down, it's not decentralized. Or an action, not necessarily a mistake. It's at least somewhat centralized. An individual can be asked to take it down. In a correctly decentralized service, that can't happen.
In fact, this did happen last year[1]. Moxie has infamously made the argument that decentralisation reduces reliability because if any one server goes down reliability is affected (ignoring that partial outages are better than total outages).
Interesting. I think it's a semantical battle between reliability (literally "can I rely on the system to be up ?") and resiliency ("if it takes a hit can I keep using it in degraded mode")
No, this is not a question, this is an answer. At this point, XMPP is not a solution, but a basis for an actual coherent solution to be built on, but it does not exist yet (or anymore).
Matrix is also only a partial answer, because in practice you will direct users to matrix.org, and that makes matrix.org not a single point of failure, but still a huge point of failure and matrix will be down for most people if matrix.org goes down.
Core XMPP is decentralized today. Room chats standardization in XMPP started 20 years ago. Any server existing today has solved the issue whatsapp is facing right now.
It has decentralization today, but also no users today.
I would be happy with it but my contact list quite empty.
I'm not outright rejecting XMPP. I would like it very much to just use XMPP, but something needs to happen. It needs to be easy to use, friction-less, have all the fancy features and probably more to sell than Signal, Telegram, WhatsApp, Facebook Messenger and Matrix at the same time, which is no small feat.
Core XMPP does not cut it. People expect more from a chat solution and won't adopt it as-is.
XMPP has had decentralization for a very long time, but almost no users (if speaking about actual, decentralized, chat; it's used in many other things). It had both decentralization and users for a short time with Google chat, and user with no decentralization with Google chat and Facebook chat for a longer time, but both things are dead now.
The network effect is the biggest issue to overcome for a chat system, not the actual tech, and XMPP has not solved it. Unfortunately, if you ask me.
Element/Matrix, in contrast, have the features and a beginning of adoption. it now needs polish, smoothing the rough edges, and adoption. And also adoption. And even more adoption. Including from people/entities providing homeservers. I tried to make people adopt it. I failed. Signal, however, has been a success so far. Element/Matrix is great and a success in my company, however.
I can't claim it has exact feature parity with Signal/Telegram/WhatsApp, but it has all the important stuff and is good enough for my family to use daily. It also has some advantages, such as not requiring a phone number (which e.g. means that my children can use it on the old "living room tablet").
Snikket counters the "empty contact list" problem and the network effects by focusing on small groups like this, automatically including everyone else in the same group(s) in your contact list. It helps a lot.
The ultimate goal is that we get enough such small groups operating on open networks, eventually the members of those groups will find they can communicate with each other. It's better approach than isolated individuals using XMPP/whatever with empty contact lists just because they believe in it.
Okay, this actually looks like a serious attempt at solving the exact problems I pointed out! I wish you all the best for Snikket! Congratulations and thanks for working on this issue that definitely needs a solution.
Thanks! The project is generally going well, if a little ambitious for the resources it currently has :)
Having been down the venture capital route in the past and not particularly enjoyed it, I'm trying to work on Snikket as close to full-time as possible while self-limiting to funding that's compatible with the open nature of the project and the ecosystem it's a part of. Currently grants, sponsorships and donations are helping immensely with that.
There is no desktop app yet, but it's firmly on the roadmap. For now I tend to point people towards Dino or Gajim for Windows and Linux, or Beagle for MacOS. None are a perfect match for the project right now, but power users can generally deal with it, and all of them are under active development and constantly improving.
XMPP is just the internet standard, it does not try to solve the network effect problem. But it would be important if platforms like Signal, Telegram or Matrix would adopt it instead of inventing their own incompatible protocols.
Without a internet standard for IM we cannot hope for advanced features like usable federation, encrypted messaging or A/V calls between platforms. We probably should not be promoting platforms which are not standards compliant.
The core spec allows you to send messages and presence and is actually enough in many cases. It's far from enough for a modern experience, bust all servers and at least 1 client per platform exist with all the expected XEPs that will bring you an experience close to what Whatsapp provides (with the notorious lack of A/V calls and maybe not so straightforward file exchanges)
Naysayers keep arguing that the jungle of XEPs make it too hard to implement and use and that's what halting the adoption of XMPP, but that's like saying no one is doing any web innovation because the specs are too big. The reality is that only a big name with continuous marketing work and advocacy is missing from XMPP, and is the one reason Matrix got where it is today.
Disagree completely. I’d much rather have a link to a trustworthy source than a random person writing “Tell HN: WhatsApp is down”. The post you think should be frontpage is useless imo. Take the time to link to a source instead of trying to beat everyone to the punch to get a little karma.
yeah, but people just can't be bothered to check if maybe the big thing that happened in the last 30 minutes could possibly have been submitted already before posting submission number 10 about it, so that's what happens.
It does exist a twitter[0] account not updated since 2014 that has, ironically, in its bio: "We are working very hard to make this twitter account irrelevant."
Even though I do have WhatsApp I wouldn't have noticed without this HN headline.
Everyone I message with is via iMessage or Signal nowadays and I only have WhatsApp because I am part of a few sports clubs which have a WhatsApp group but we don't chat enough for me to notice a downtime like today.
Makes me happy to see how I've actually managed to rid myself of WhatsApp for the most part.
WhatsApp is end to end encrypted and AFAIK now has encrypted backups.
iMessage intentionally preserves a backdoor in its crypto so that the FBI can read approximately every iMessage sent/received without a warrant, should they so desire.
Both whatsapp and imessage are run by american companies, you can sure both of them are compromised and I wouldn't pass US state secrets via either of them.
For the normal person this matters less of course, intelligence services are not interested in your nudes.
> iMessage intentionally preserves a backdoor in its crypto so that the FBI can read approximately every iMessage sent/received without a warrant, should they so desire.
Email is slowly becoming centralised unfortunately as small providers are pushed out by big companies. So it won't be long until we have global email outages.
We practice giving up on the whole ordeal as we have to send another damn email to Microsoft asking for them to investigate their standards-non-compliant black box email filtering systems which even they don't understand.
I tried to go the self-hosted route. It became impossible to manage. I don't know how many hours I sunk in to figuring out why, seemingly randomly, my emails were being marked as spam by Google. If you can't get through to Google, you're effectively invisible for most people
Sure but if you have them in WhatsApp, you have them in your phone. At least, I can't add someone to WhatsApp - I can only add them as a phone contact and then WhatsApp magically parasites off that.
Open source, doesn't require a phone number, and a big strength is that it's decentralized, which makes it much less vulnerable to outages like this.
"Session utilises the decentralised Oxen Service Node Network to store
and route messages. This means that unlike P2P messaging applications
you can message Session users when they are offline.
This network consists of community operated nodes which are stationed
all over the world. Service nodes are organised into collections of small
co-operative groups called swarms.
Swarms offer additional redundancy and message delivery guarantees even if some service nodes become unreachable. By using this network, Session doesn’t have a central point
of failure, and Session’s creators have no capacity to collect or store
personal information about people using the app"
I have investigated session previously and gotten the feeling that it's backed by some kind of crypto pyramid scheme. I can't shake that feeling and the front page talk of joining "the movement" isn't helping.
Nothing on iOS is decentralized, all push notifications must be proxied via Apple's APNS servers from the app developer. There's no support in iOS for p2p messaging apps, even Matrix/Element proxy the notifications via centralized developer-run servers (which are then routed via centralized (but non-SPOF) Apple APNS servers).
I supposed it's a Matrix client, but couldn't find anything by glancing the home page.
Btw, the whole idea of "no phone numbers" makes it really hard to spread. It basically means you can't send a message to anyone in your address book that already has Session installed, unless you get his Session username by other means.
It is not a matrix client. I haven't dug too deep into their system, but it looks to me like a centralized server with additional steps (ie. still a single entity owning the server infrastructure)
From what I read in their documentation[1], session's network is built upon an onion routing system where nodes are registered in the OXEN blockchain; you stake 15000 $OXEN to create a node and if you are "well-behaved" you get rewards in that blockchain -- otherwise you lose your stake.
I haven't dug too deep either but it doesn't sound much more centralized than the tor network for example.
That's a good thing.
Forcing people to give their phone number to use an instant messaging app/protocol is a sign the company just wants your private data.
Also, by doing that and letting the account existence be publicly known, anyone with their phone number will know that they have an account on that service and lets you try to contact them. That can range from privacy violation to life-in-danger situations.
I adamantly refuse to register for accounts that require my phone number unless it's for commercial or official purposes. The likes of Google, Facebook and Microsoft can go take a long walk off a short plank.
We give too much information away. Companies have shown that they are incapable of keeping the information private anyway. We get big scandals, the interwebs kick up a big stink, brows are furrowed, and then we go back to doing what we did before with nobody learning anything.
I agree with you when it comes to random apps, but messengers are probably the only exception where I accept it.
If I gave my phone number to someone, I made an implicit social contract with that person or organization that they may contact me using that phone number. I don't see it as a big stretch if they use that number to send me a message or call me using WhatsApp, Signal or any other messenger where I registered using that same number. It's for the same purpose of communication, after all.
If I don't want to be contacted, I just don't share that number.
And it's not like people don't know that messengers or social networks can collect contact metadata about messages and calls. It's what traditional landline and mobile providers have been doing for ages.
I find phone numbers awesome because you actually "own" them to some degree. (i.e. you can take your number to a new provider). Moving to a different messenger app with the same phone number means I can at least still find some of my network there. Only email on your own domain would have that feature.
I don't really care if they sell my phone number, it's already out there, I don't consider it private data anymore.
Quite true. It would be better, though, to be able to use an instant messaging system using a simple identifier lie an e-mail address, as an alternative to a phone number. Simply because there are quite some people out there who mainly want to message on a computer, and want to keep only some kind of messages on their phones.
Coincidental timing for me- anecdotally I noticed a few WhatsApp commercials during the Monday Night Football game last evening. Meta was hyping up how its end to end encrypted. That’s the first time I have seen national tv adverting for WhatsApp. There also were commercials for Meta’s new headsets so maybe it was part of a larger spend.
I sent a support question. Anyway, Google doesn't return any concerning info. It could be just kids... but I asked and with 90% probability, those ain't kids :)
EDIT: Support answered with generic mail on what to do if problems registering device... eh, whatever.
Take my advice - switch off notifications. You'll still see the badge on the app itself e.g. with a red dot, at least that's how it is on iOS. So when you see that you'll know to open it. Before that, there's no reason to be bothered while you're doing something else.
You mean switch off banners - if you switch off notifications entirely, the badge will not update as the app will not wake up in the background to fetch new messages when they come in.
That sounds like a really sketchy version of whatsapp that I wouldn't use if I were you.
> Most of the time while using the official WhatsApp app, you can get banned maybe because of some issues going on with your mobile number. With the use of GB WhatsApp, such a ban isn’t available. You will absolutely be off the banning problems while using Gb WhatsApp Download the 2023 New Version
So, basically Whatsapp can ban you but you can still use Whatsapp? Hard doubt. Sounds like it's not actually Whatsapp at all and they are sitting in the middle.
I'm amazed people still use WhatsApp. We mostly abandoned it in the United States back in the mid 2010's. I mostly use it with friends over in european countries, just like I do with people in China with WeChat.
