Comment on big list of selfhosted chat apps to meet all your friends on a real "server"
SidewaysHighways@lemmy.world 2 weeks agosnikket is pretty slick. omemo is worrisome though
Comment on big list of selfhosted chat apps to meet all your friends on a real "server"
SidewaysHighways@lemmy.world 2 weeks agosnikket is pretty slick. omemo is worrisome though
Neptr@lemmy.blahaj.zone 2 weeks ago
OMEMO is better than nothing. Much better than OTR or PGP (looking at you DeltaChat), and the biggest problem seems to be the metadata and old versions used in some clients. The encryption (of message contents) at the very least is decent.
OMEMO is better than Matrix’s encryption, which the later doesnt offer proper forward secrecy and breaks all the time leaving messages inaccessible.
Hazematman@lemmy.ca 2 weeks ago
Does matrix have forward secrery now since the switch to MLS? (I.E. the same encryption scheme Singal uses) matrix.org/blog/2025/06/dispelling-myths/
They still have a large metadata leak that to my understanding can’t be fixed until they introduce stuff like pseudo anonymous user handles and room handles.
Neptr@lemmy.blahaj.zone 2 weeks ago
Where did you read that Signal uses MLS? I could not find any claims of using MLS on Signal’s specs page or their GitHub repo. Also MLS doesn’t mean anything on its own, see Soatok’s blog on MLS.
Soatok is currently in the process of writing a blog post about another vulneribilty they found in Matrix’s encryption, and with Matrix’s history of numerous vulnerabilities, I would stay away from that shit. No matter how “good” the algorithm is in theory, it is all about implementation. Matrix also has very brittle encryption, often times many messages will become unrecoverable, which is terrible UX.
You’d be better off just selfhosting XMPP+OMEMO, with the caveat that it is also flawed and leaks plenty of metadata.
The best alternatives to Signal (but not Discord) are SimpleX and Briar. Both are significantly better than XMPP/Matrix for privacy and security.
Hazematman@lemmy.ca 2 weeks ago
You’re right, I was wrong about signal using MLS. I recall reading it somewhere but can’t find the source now.
As for my response, it was about forward secrecy which they do claim to have now. Yeah I wouldn’t rely on matrix E2EE right now, and until its been seriously audited and replaced with something security experts agree on.
For a discord replacement (with public not E2EE rooms) it seems to be the best replacement just because that’s where communities are right now. XMPP+OMEMO is not that interesting to me because I don’t know of any communities that are on there or other users to be a Discord replacement and its E2EE story is not as good as Signal to be a Signal replacement.
For a signal replacement I’m not sure SimpleX or Briar are there yet. SimpleX doesn’t have multi device support last time I checked which is annoying if you’re used to useing signal on your phone + desktop. Any Briar doesn’t work on IOS, so if you chat with anyone who has an iphone they are SOL.
Blaze@piefed.zip 2 weeks ago
Late to the party, but have you seen this post? It addresses most of the criticism against DeltaChat (and its use of PGP)
https://blog.feld.me/posts/2025/03/deltachat-is-actually-good-though/
SidewaysHighways@lemmy.world 2 weeks ago
oh that makes me excited! i was worried my bugging the fam may have been a waste, or not as useful as id hoped
Neptr@lemmy.blahaj.zone 2 weeks ago
It still isnt great. Better than DeltaChat/Matrix but decently worse than Signal’s security.
SidewaysHighways@lemmy.world 2 weeks ago
oh that takes away that excitement that was previously restored