You don't need to talk friends if you don't have friends.
*internal cries
this post was submitted on 31 Mar 2021
29 points (93.9% liked)
Privacy
39651 readers
91 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
spending time alone can be pretty fun.
You have to trust the instance admin you are joining; the same goes for Lemmy/Mastodon/XMPP. The instance owner can see your IP address, your devices, email etc. They can act on your behalf - so basically they have a fair amount of control over your account. But they cannot see any encrypted content. These issues are a bit hard to solve in case of something like Matrix often at performance costs; same goes for the metadata issue.
If you want to self host you can run a de-federated instance for only personal use or you can run it as a onion hidden service - this way the metadata issue is solved. But note that Synapse is pretty resource intensive.
This is not true, knowing that you can verify yourself before talking to others and they can't just willinilly act on your behalf because they're not coming from the same device.
Matrix has the problem that room state (containing a lot of Metadata) gets replicated and stored indefinitely on every homeserver any user connects with or connects to. This is a feature(tm) for enabling distributed chat rooms, but comes at a serious privacy cost.
As most of the matrix network centers around the UK based official servers, you can be pretty sure your metadata will end up on those servers one way or the other and the privacy protection in the UK is very weak. Furthermore, most Matrix homeservers by default use the centralized identity service also hosted in the UK on the official servers.
then my only choice is to just host my own servers. most of the time I talk to people 1-on-1 so it works for me.
Only if you self-host and the other person is also using an account on your server (or another trusted server).
Edit: also note that Synapse has pretty hefty system requirements and the database quickly grows using many gigabytes of data.
I'll have to make sure IRLs talk to me within or with their own servers. for online users I shouldn't worry that much. is there a good matrix client for multiple accounts? I'm kind of leading a double life.
Mirage supports multiple accounts. It's still in alpha but worth keeping an eye on. Most features work (including E2EE), but a couple are missing (emoji reactions aren't shown/usable, and if someone edits a message it is instead shown as a new message).
Fractal currently does not support E2EE or multiple accounts, but E2EE is coming in their new branch (Fractal-next) and multiple accounts are on their to-do.
because element is the most complete with features. only needs to implement TOR and Multiple accounts. and then I'm sold. for privacy and simplicity, I'll just use xmpp
This²
I am not aware of one. But why not XMPP? Is is easier to self-host, works nicely over Tor and most clients have multi-account support. It also produces much less metadata and usually does not store it longer than necessary.
you have a point there... maybe I should just use XMPP+Mumble server for voIP. I'll avoid matrix as for now as long as it has many privacy holes. and I already know how to use XMPP over tor which is convenient.
how is XMPP's end-to-end encryption though, I heard alot of varying opinions on that.
For me e2ee on XMPP with OMEMO works fine, never had problems with it. But I guess your best experience will be if both sides use the Conversations client on Android.
What would be a good way to host your own XMPP server for messaging and video? I tried setting up ejabbert but didn't get it to work for video... setting up a synapse server on the other hand was easier.
Any other options? Or good ejabbert guides for that matter?
You set up both synapse and jitsi-meet? Because Matrix does not natively support video at all and simply uses the XMPP based Jitsi-meet for it. Also did you setup your own identity service for Synapse? Because without both, you didn't really self-host matrix :p
In general though, getting video to work with STUN/TURN is a bit more involved. But this is a general issue and also happens if you self-host video support with Matrix.
But you might have better luck with https://snikket.org/ which tries to include everything and is based on Prosody.
How is XMPP compared with SIP+SIMPLE in that?
Could you explain a bit better what you mean? SIMPLE might be somewhat comparable purely as a protocol, but for all practical purposes is isn't comparable to XMPP as there are no good clients and no federated network.
There is federated network and good client. Linphone is an example. Jitsi (not Jitsi Meet) is other.
You can send messages to any SIP account using SIMPLE.
Weeeelll, technically. But there is no where near the same ecosystem as for XMPP. Also I don't think there is e2ee for SIMPLE.
There is, it is called LIME.
Every business here use SIP-Phones (calls only though), mostly with propietary implementations but is something very extended at business and institutions level.
Yes I am aware that there are a lot of SIP phones, but are you seriously comparing that to XMPP? That is like saying WhatsApp is the same as snail-mail :p
Jejejejejeje.
BTW, LIME is specific from Linphone though.
https://wiki.linphone.org/xwiki/wiki/public/view/Lib/Features/LIME/
I make the comparison because they don't add modifications to the protocol itself. These closed networks use to be compatible with any SIP public infraestructure in comparison what people do with XMPP which even being connected, there could be a lot of incompatible things.
I consider SIP and SIMPLE simplicity a feature in comparison with other protocols.
BTW, SIP can be used P2P as well as SIMPLE. If I remember use to be mostly that with STUN help and a SIP Proxy Server for registering users and notifications.
XMPP does calls as well: https://blog.wirelessmoves.com/2020/05/xmpp-voice-and-video-calls-with-conversations-a-dream-come-true.html
You could also combine an XMPP server you manage with something like Asterisk to then allow your XMPP clients to do SIP calls through that, though that is a bit involved.
The XMPP calls are set in Jingle XEPs. AFAIK, there are big stability issues even with the XEPs for STUN/TURN discovery.
Your experience may vary, but on my personal XMPP server with it's own STUN/TURN server using conversations.im - calls pretty much Just Work (edit: I've only tried a call with a siskin client outside of conversations and that worked too).
is there a good matrix client for multiple accounts?
Take a look at this link: https://matrix.org/clients-matrix/
It has a comparison of clients features at the bottom. Some of them allow multiple accounts. Not all clients support E2EE tho.
So why not Jami? (https://jami.net/)
It's P2P so no servers and it's a GNU project.
I tried this a few times, but for me it never worked reliably. Are you using it as a day-to-day kind of thing? Family and friends?
yeah, I think It's best on a zombie apocalypse, or a mass surveillance one. since messages can only be sent when both peers are online
I never tried it, but heard from well-known people that it has the highest opsec.
comes down to your own personal needs and how you maintain opsec. matrix is a great option for privacy if you host your own server. joining an instance might be less reliable for stringent security needs and concerns about specific attack vectors. the encrypted chat they have is good regardless, and its a better option than signal or many other chat/messaging protocols. matrix servers do a lot, its a decentralized protocol.
be real about your security needs and outline them. what are attack vectors you are concerned about? what are you trying to keep safe? what threat actors are you concerned about? answering these types of questions will help you outline your needs and choose/use technology which meets those needs
I'm more concerned about the future of mass surveillance so I'm more worried about companies and goverments more than small hacker groups. I don't want anyone to leak my identity so I make sure no one can trace my location and guess my real identity. basic stuff like doing all online stuff through tor, buying services with monero. and having only a small number of people who knows me. though I'm not a criminal, I'm just someone who wants a private life.
the only question I have is whether or not matrix is safe on It's own, I'll probably buy a vps and host my own if that wasn't the case.
use xmpp?
Yeah. Why the downvotes.
Matrix does not keep metadata completely private.
I don't get why you are concerned about your IP address, every service you use will be able to see your IP so if you want to hide it use TOR.
I use everything through TOR, I haven't found a way to use it with matrix so I asked
Matrix clients does support connecting to Tor. For example Quaternion,Mirage has this;Element doesn't have a UI for it (it is on the roadmap) but you can use it on a browser or on desktop use the cli flag --proxy-server and on Android use Orbot in VPN mode. It also depends on the homeserver whether they allow connecting through Tor or have a policy against that. Multiple accounts too are on the roadmap for Element: on browser you have to use containers or separate profiles; on desktop use the --profile flag.
can you send me a link to the source for Element+TOR ? or can you make an example of how to use --proxy-server ?
See here. This is the issue tracking the UI for proxy too. The flag comes from Chromium; you can't use a http+password proxy though since Chromium doesn't support that too.
thank you 2000x, this is just the valuable information that I needed.
noobda 😂🤣😂🤣🤣
course its not