Comment on What are your opinions on Matrix?
amanneedsamaid@sopuli.xyz 1 year ago
Its alright, but resource heavy, more complex, and leaks more metadata than XMPP.
Comment on What are your opinions on Matrix?
amanneedsamaid@sopuli.xyz 1 year ago
Its alright, but resource heavy, more complex, and leaks more metadata than XMPP.
dngray@lemmy.one 1 year ago
XMPP is not a private protocol either. In a lot of cases data is not E2EE, there is no reference clients and there’s a mess of standards that very few if any clients fully implement.
amanneedsamaid@sopuli.xyz 1 year ago
The “lot of cases” you’re referring is using XMPP without OMEMO enabled, which is a pretty moot point as anyone using XMPP for any sensitive purpose would enable this (and every client I’ve used clearly warns you your message content is unencrypted if this is disabled). Also, XMPP has better (imo) and more numerous clients than Matrix on every platform except iOS and MacOS (No better XMPP client than Element on these platforms).
I disagree that XMPP is a “mess of standards”. XMPP is one standard, extremely minimal at its core, which is highly extensible. The issue you’re talking about is that clients dont always support every XMPP feature, although they all support OMEMO.
I definitely prefer an extensible protocol to a much heavier, metadata-leaking, less-feasible to self host solution like Matrix.
dngray@lemmy.one 1 year ago
OMEMO encrypts text messages for VOIP you need DTLS-SRTP encryption or Jingle session encryption.
The point is that Matrix 1:1 calls are always encrypted and soon with MSC3401: Native Group VoIP Signalling group VOIP calls will be as well. (still in beta. Having foot guns about what might be encrypted or not in a client isn’t very private at all.
I’ve used Nheko and that’s pretty good. Last time I checked the XMPP clients that existed had a lot of rough edges.
That is definitely your opinion, Matrix has shown to be very feasible in a commercial sense as there are many providers and commercial clients using it, french government, german government etc. Matrix really can be quite lightweight enough that it will be entirely possible to run a homeserver locally in WASM which is what the Matrix P2P project is about. arewep2pyet.com has more details about that.
The point is a lot of testing and thought goes into these things.
You’re pretending XMPP doesn’t have metadata between servers, it certainly does.
amanneedsamaid@sopuli.xyz 1 year ago
You are correct about a lack of standardized VOIP encryption, I hadnt thought of that as I never make calls using XMPP.
I was talking about individuals self hosting XMPP, not organizations. And I would imagine its much more popular for organizations to host XMPP servers, as government agencies and business already have been since the early 2000s.
As for the metadata leaking, while metadata is obviously available to the admins of the servers you and you recipient are using, these chat histories are not synced in their entirely, and not to other instances. Is this not the same in Matrix, except that the metadata is more freely shared between servers?
Either way, SimpleX chat addresses most of Matrix and XMPP’s shortcomings, I hope it can one day replace them.