Late to the party, but have you seen this post? It addresses most of the criticism against DeltaChat (and its use of PGP)
https://blog.feld.me/posts/2025/03/deltachat-is-actually-good-though/
Comment on big list of selfhosted chat apps to meet all your friends on a real "server"
Neptr@lemmy.blahaj.zone 2 weeks agoOMEMO is better than nothing. Much better than OTR or PGP (looking at you DeltaChat), and the biggest problem seems to be the metadata and old versions used in some clients. The encryption (of message contents) at the very least is decent.
OMEMO is better than Matrix’s encryption, which the later doesnt offer proper forward secrecy and breaks all the time leaving messages inaccessible.
Blaze@piefed.zip 2 weeks ago
SidewaysHighways@lemmy.world 2 weeks ago
oh that makes me excited! i was worried my bugging the fam may have been a waste, or not as useful as id hoped
Neptr@lemmy.blahaj.zone 2 weeks ago
It still isnt great. Better than DeltaChat/Matrix but decently worse than Signal’s security.
SidewaysHighways@lemmy.world 2 weeks ago
oh that takes away that excitement that was previously restored
Neptr@lemmy.blahaj.zone 2 weeks ago
Lol
Hazematman@lemmy.ca 2 weeks ago
Does matrix have forward secrery now since the switch to MLS? (I.E. the same encryption scheme Singal uses) matrix.org/blog/2025/06/dispelling-myths/
They still have a large metadata leak that to my understanding can’t be fixed until they introduce stuff like pseudo anonymous user handles and room handles.
Neptr@lemmy.blahaj.zone 2 weeks ago
Where did you read that Signal uses MLS? I could not find any claims of using MLS on Signal’s specs page or their GitHub repo. Also MLS doesn’t mean anything on its own, see Soatok’s blog on MLS.
Soatok is currently in the process of writing a blog post about another vulneribilty they found in Matrix’s encryption, and with Matrix’s history of numerous vulnerabilities, I would stay away from that shit. No matter how “good” the algorithm is in theory, it is all about implementation. Matrix also has very brittle encryption, often times many messages will become unrecoverable, which is terrible UX.
You’d be better off just selfhosting XMPP+OMEMO, with the caveat that it is also flawed and leaks plenty of metadata.
The best alternatives to Signal (but not Discord) are SimpleX and Briar. Both are significantly better than XMPP/Matrix for privacy and security.
Hazematman@lemmy.ca 2 weeks ago
You’re right, I was wrong about signal using MLS. I recall reading it somewhere but can’t find the source now.
As for my response, it was about forward secrecy which they do claim to have now. Yeah I wouldn’t rely on matrix E2EE right now, and until its been seriously audited and replaced with something security experts agree on.
For a discord replacement (with public not E2EE rooms) it seems to be the best replacement just because that’s where communities are right now. XMPP+OMEMO is not that interesting to me because I don’t know of any communities that are on there or other users to be a Discord replacement and its E2EE story is not as good as Signal to be a Signal replacement.
For a signal replacement I’m not sure SimpleX or Briar are there yet. SimpleX doesn’t have multi device support last time I checked which is annoying if you’re used to useing signal on your phone + desktop. Any Briar doesn’t work on IOS, so if you chat with anyone who has an iphone they are SOL.
Neptr@lemmy.blahaj.zone 2 weeks ago
The other problem with Matrix for me is that Element call (the protocol) is not present in most public instances and isn’t very straightforward to selfhost. The default is jitsi which is not E2EE. Pretty major IMO because if Matrix is supposed to be a Discord alternative and supposedly E2EE but VC isnt encrypted, pretty yikes.