since it’s open source
Open core with an open community edition. 100% better than fully proprietary & Microsoft.
he/him
since it’s open source
Open core with an open community edition. 100% better than fully proprietary & Microsoft.
None of the creators I follow have LiberaPay or crypto as an option either. I don’t want to pay on a proprietary platform.
V3 has chathistory
+ away status so the bouncer isn’t needed. Voice & video would be out of scope if trying to use a single tool, but the way these protocol operate is just to handshake & negotion for another protocol. My mates & I use Mumble (looking for alternative but everything kinda sucks & uses too many resources) for audio & share terminal sessions for other tasks where video is a massive liability for bandwidth & accessibility with video artifacts making text illegible.
Even still none of this requires perpetual data replication—what it leads to is Alice joining Bob’s server instead of setting up her own server & joining that way since the cost of hosting all that data + CPU/RAM prohibit her sovereignty in the space. Our society has enough of that where you can’t own your own land or other resources, reliant solely on those in power. With tech we can give that power back to folks so they can run their own stuff if they want, but we can’t have that if the cost of running everything is too high due to bloated design.
Also this was hard ta read: Is your space bar broken? ’Cause a lot of words are stuck together… ins & outs*, DMs* …apostrophes don’t make words plural.
The VoxeLibre mod is a substitute
What about the storage & network costs?
It’s once you start federating do the prices start to soar, & most things can hold local channels fine… but that’s kind of the point if you are hitching your cart to say something is decentralized as a bullet point for privacy. But if it’s mostly local channels, wouldn’t IRCv3 cut it?
There is a cost aspect of self-hosting that one has to comtemplate. I haven’t looked at SimpleX hosting, but if it’s anything like Matrix on resources, it isn’t accessible or feasible even if it is possible.
My battery life & ability self-host on low-spec hardware is pretty convenient. When I talk to my bud on their own self-hosted, low-spec instance, the TLS+OMEMO is pretty secure since we don’t have to trust some third-party server provider with data/metadata.
Matrix servers chew up an order of magnitude more CPU/RAM which limits the places you can deploy it. The eventual consistency model makes storage balloon as every message, attachment, metadata must be copied to all nodes in a conversation which is resilient, but wasteful in duplicated content in practices which has historically caused many medium & larger servers to shut down due to the explosive just of storage (similar issues with Mastodon). That same model is why it takes on the order of minutes to just join a room or come back to a client that hasn’t been opened recently. Element X & new servers have to work so damn hard to work around asynchronously than fundamental decision to attempt to hide it from the sluggish UX but behind the scenes still too expensive. & since it is expensive to run in many vectors this causes folks to then move to the biggest servers that can handle the load which means the Matrix network is in actuality a small number of massive servers (most of which managed by Matrix.org) & a small number of tiny hobbyists running nodes of <10 users is practice. With so many users on Matrix.org-controlled instances (& again with eventual consistency), almost all data gets synced to their nodes make subpoenas a breeze.
A healthier network would have many fewer massive centralized nodes, medium-sized nodes, & the resource requirements would be low enough that more folks would be encouraged more often to run their own nodes they control so they aren’t required to trust an unknown serves operator. Meaning “just making an account on any public server” isn’t a great mode of operation for privacy—especially as with Matrix joining a medium-sized server will put them under a lot of strain causing them to throw in the tower & joining the few massive servers further exacerbating the centralization issue.
Copying the UX of Slack/Telegram/Discord in a decentralized manner is a fool’s errand. Keeping the chat history for eternity is already a questionable call over using forums, but trying to distribute that out like a blockchain is so wasteful.
https://lukesmith.xyz/articles/matrix-vs-xmpp/ https://www.freie-messenger.de/en/systemvergleich/xmpp-matrix/ https://www.process-one.net/blog/matrix-and-xmpp-thoughts-on-improving-messaging-protocols-part-1/
Others are noting clients & servers matter. This isn’t a downside—it’s just that the protocol is flexible & extensible for many types of messaging beyond human2human private conversations, which explains why encryption isn’t a requirement for the clients. With that said any modern client targeting said H2H interaction will have basic forms of encryption like PGP, OTR, & OMEMO which all do the job of E2EE. OMEMO is based on the same ideas that Signal, WhatsApp, Matrix, & so on use so that part is all the same.
A unique feature for XMPP in this space tho is how low-spec & resource-unintensive the servers/clients are—you aren’t chewing up a ton of CPU or RAM, there is no eventual consistency to balloon storage (MAM is enough), clients don’t drain your battery or take literal minutes to sync with servers. Since it is low-cost, it is feasible to self-host XMPP from a residential server (at home on some old hardware for instance) or add it to a multipurpose machine where it doesn’t get in the way of other processes/storage. Some of the other service often mentioned here either you can’t self-host or are quite expensive to run (often by design) which limits the accessibility causing centralization as well as requiring trust in that server you don’t own.
Oh you could if so inclined run a Notcurses renderer for Minetest. https://l-m.dev/cs/hijacking-opengl-with-notcurses/
They already have a render for NEStopia + RetroArch lol
XMPP doesn’t need notifications per se since it already has a connection to the client. Since it works for all other OSs to hook into this & display a notification, I don’t even want to know what restrictions Apple has on iOS that prevent such basic behavior. Apple digs its own grave here. What’s worse is I want to say “go get a Android phone, dummy” to a ‘normie’ but the stock OS on any Android phone is going to be on aggregate a worse privacy situation unless you would have to be ready to teach how to unGoogle it to the extent they would tolerate.
Linux phone when?
The folks I collaborate have a policy now that if it doesn’t have a TUI or CLI version, it doesn’t exist 😂
Wild. I used sway for the first time with Nix since I could rollback a misconfiguration.
My partner has slowly been walking away from everything like that too. The hard part is she has done a lot in marketing & now wonders if it is all bullremoved/evil, but it is still needed even for the good products & services, just not in deceptive or manipulative manner.
There’s a 90% chance the other end of your conversation will be with someone on Matrix dot org or a server they host for a organization. Like email, your other end is likely still using Google or Microsoft so the metadata & anything else unencrypted is going to be synced back to the centralized server.
Let me message you without having an Android or iOS primary device then. Can’t do it.
Motal is participating in GSoC this year to get some new features too.
But this is a wider issue that developing free software for Apple products is way too expensive (time & money) to be feasible while also going against the general free software ethos. It should be no surprise the walled garden of a proprietary OS that charges you to publish to their store has a severe lack of free or otherwise ethical software (which is important for security for something as important as a messaging app full of private data).
XMPP clients are fine albeit it all, as many as they are, slightly different as is the nature of the protocol. This just means there is value in contributing to existing clients, creating new clients, or embracing progressive enhancement (which most do for example with emoji reactions just being a quoted text reply & so on) & complete feature parity is a fool’s errand if you want an exensible protocol with diversity & experimentation in the community. With the broad exception of the Conversations Compliance, there isn’t a flagship client & instead the best ideas come to the most used or most innovative clients. I use Cheogram, Profanity, Gajim, Dino, Movim at different times (& would love to create my own). The protocol is stable, healthy, & ready for proposals for improvement.
If I compare this to the more-expensive-by-all-metrics-to-run Matrix, if it ain’t Element, you gotta problem since a vast majority of users are on it & using all of its features & no other client has anything near parity but are expected to have parity instead of allowing things to sometimes be gracefully missed or shown in a less than ideal manner as acceptable. This hurts experimentation. Good luck trying anything similar to GDPR when all nodes are design & required to duplicate all messages & attachments for all users to every server anyone in it comes from.
The only real gotcha is the same gotcha as Matrix when using multiple clients with double-ratchet encryption (ala Signal) is that clients will expire keys that haven’t been seen in a while & is hard to get both devices retrusting one another. Turning it off & on again rarely works & requires fiddling on both ends sometimes. I really should just use PGP for encryption more often…
Weren’t the trackers opt-in? This doesn’t seem like a bad thing if you don’t mind giving up those user metrics for them to build something better. It is the opt-out stuff with no transparency over the kind of data collected to be worried about.