Is matrix good to use, seen a lot of drama around it. For example hackliberty.org left it because of lacking of security and moderation, do you still recommended it?
Is matrix good to use, seen a lot of drama around it. For example hackliberty.org left it because of lacking of security and moderation, do you still recommended it?
Matrix literally syncs the entire data/metadata history to all other servers where someone pops in; chat is meant to have an ephemeral aspect to it. The whole network is de facto centralized on Matrix.org or the servers they host for others which means one org has access to almost everything—like the issue with Signal.
What’s scary to me is how expensive it is to run this eventual consistency model, which should not be a protocol requirement for this style of communication. It sucks so much RAM, so much storage, so wasteful—which causes medium-sized servers to shutdown on maintenance costs alone which causes more users to leave for the Matrix.org. These are not the characteristics of a revolutionary protocol—revolutionary is users & collectives to reasonably be self-hosting this stuff for their privacy & autonomy.
That’s not true there’s plenty of people using different homeservers
That is nowhere near the mass of the centralized community & the fact it can’t be reasonable ran my medium-sized groups on a budget shows it doesn’t scale right & is not accessible. Sure you can run your own ATProto/BlueSky node if you have $80k USD / mo to host it—it’s technically open source! This is the kinda the same thing… costs too damn much so folks flock to the biggest instances.
tbf there is not really a good solution to the ‘ephemeral aspect’ problem
the only way to truly not sync metadata to or btwn servers at all is to use a p2p model, in which you cant send anything if one of the parties is offline
simplex might be a bit better in this regard, but still relies on servers for syncing. at least it doesnt extensively replicate metadata like matrix does though
so it depends on your threat model whether this is a compromise or not
Sure there is: Don’t store everything in a database.
what alternative do you propose for saving messages when the recipient is offline?
This is not either or. You can store things only until the recipient comes online and then delete it (but Matrix specifically doesn’t do this and conceptually can’t due to its design).
sure that is how pop3 does it
but metadata is still replicated to the server, so this does not solve the metadata replication issue
even if you dont explicitly store metadata or encrypt it in some way, the server still necessarily knows stuff like timestamps of when the messages are sent for example.
sure, you can delete it later, but you also have to trust the server to actually do that, and there is no way to guarantee this in any protocol
How else would you expect a decentralized and persistent chat room to work? If that stuff wasn’t synced among the servers that were invited to participate in a room, then it wouldn’t be decentralized; one server going down would kill the room (or at least lose data).
The only way I can think of is not to use servers at all, but go fully peer-to-peer. Matrix has done some proof-of-concept work toward this, but I’m not aware of any service that does it successfully while being practical for most people, yet.
There are use cases where that makes sense, but for general use? No thanks. When I lose my account password or my phone breaks, I want to be able to sign in on another device and still have my message history.
Synapse is indeed a heavy server implementation. Several lighter ones are in development, some of which people are using already.
Persistence is for forums. Chat has horrible discovery / search UX which makes it a black hole for knowledge—which is why it should be seen as temporary (I think even Signal sets 4 week expiry as default). Folks often say things the regret 5 years down the line in chat space & that sort of info needs to just fade away than be some target of some weirdo doxxing campaign.
You know you can have archive management & multi-devices without syncing the entire history right? Some protocols think holding onto the last 20 messages in a new group & the last year of private messages is good enough (can be saved local to the device if desired). Copying the Discord/Telegram/Slack model ain’t it.
Synpase is the reference server. It’s Python & slow as balls because of it, but the others are always playing catch-up. With Element moving with it & graceful fallbacks not being a high priority, shit just doesn’t work in practice using anything but Synapse / Element since most other users are using features on that setup. Technically having alternatives is not the same as the current situation in actual practice. Even if they can try to hide the some of the perf issues behind these gland concepts like sliding sync, there are literal fundamental issues with how the protocol is architected that a server of hand-written optimized assembly could never overcome—the eventual consistercy is by design.
Retroshare is almost ready for prime time after remaining in development for over 20 years. Each “friend” runs it’s own service for the decentralized network of “friends” and hands off message fragments from immediate “friends” for swapping files, store-and-forward messages, chats, etc., to other more distant network participants.
The swindle is that your friends know you by your IP address. If Big Government, Big Media, or Big Crime knocks over one of them, they’ve got you, too. But — not to worry — you can actually — so I’m told — run an RS instance behind a TOR hidden service.
I much prefer the article from 22 Mar 2019 about “TOR Onion Services” preserved at the Wayback Machine instead of the current article.