Encryption happens client side, not server side, so that should alleviate some concerns however it's still worthy of discussion.

Signal is the only private messaging app that I've tried that hasn't sucked, or wasn't a privacy concern in itself.

Comments

BlackWinnerYoshi wrote on March 11, 2021 at 11:30 AM

Well, while open source does not mean it's secure, this is still a weird thing to do.

I would simply recommend to stop using Signal and start using XMPP with OMEMO encryption, since this is the gold standard of instant messengers, at least for me. You should especially stop using Signal because it requires your phone number, which immediately disqualifies it for a private messenger.

Kalchaya wrote on March 12, 2021 at 4:09 AM

Any time you have to download an app to use something, you should be concerned. Apps and anonymity tend not to coexist.

KeeJef wrote on March 11, 2021 at 5:17 AM

Yes lol, the client is making calls to endpoints on the server which don't even exist in the publicly released code. Saying all messages are encrypted avoids the question of metadata and how the server actually deals with that metadata.

Imperator wrote on March 11, 2021 at 8:44 AM

Have you tried element.io and Matrix? Been using it for years now and I'm very happy with it. Clients for all kinds of platforms and bridges to all kinds of networks exist.

Toxicant wrote on March 11, 2021 at 2:10 PM

Element.io is fantastic

AWiggerInTime wrote on March 13, 2021 at 9:46 PM

Matrix itself is decent, but the official software is utter shit.

Element is a bloated electron mess that's somehow bigger than pisscord and it's buggy as all hell (from small UI bugs to losing connection/not receving messages). Don't get me started on the mobile version. Oh and fun fact, even though olm is implemented in C so it can run natively on pretty much anything, desktop Element still goes through wasm for EVERY MESSAGE, because the devs are retarded enough to not be able to link a binary to a release exec.

The server is even worse, even installing this piece of shit can be a challenge (especially out of the Linux comfort zone) and it hogs EVERYTHING. Say goodbye to like 3 GBs of RAM for a few rooms and users. Say goodbye to your disk space & cpu because python.

The only thing they haven't fucked up yet is Dendrite, the second-gen server which actually looks promising, but it's still in beta it's probably too early to call.

Imperator wrote on March 14, 2021 at 7:46 AM

Installing Synapse with docker and a TLS reverse proxy is a relative breeze. Like almost all server software, it requires some setup and general LInux knowledge. I haven't personally noted a lot of performance issues, but I concur that choosing Python (they even started with version 2) was a bad design choice. Good for prototyping but definitely not suitable for large-scale production usage. Hopefully Dendrite will reach feature parity soon. Moreover, they're doing some serious work on the p2p end and a working client exists already (https://p2p.riot.im).

I don't think Element has a bad UI, but there's definitely some room for improvement. Am not a fan of their use of HTML/CSS/JavaScript, I would have preferred a Rust GTK/Qt client but I understand that at this point in the project stage it's important to support the widest variety of platforms to serve the largest possible userbase. Performance and optimisation can always come later.

div1337 wrote on March 15, 2021 at 10:41 PM

Use Session?