I'm surprised Matrix is on the front page as much as it is. I mean, it's cool tech, and I use it myself, but it really seems like it's up there every other day.
It's probably on the front page because of the Prosody post that is on the front page. Matrix is on the front page because it's really the only open protocol that has a chance of gaining non-technical users.
I run a matrix server, which has been nothing but a constant pain. My friends that use it can also use my ircv3 server or xmpp server that I run that use no resources and take up none of my time with maintenance. They do not. The only thing I've run that they like better so far is mattermost. I don't like the open core though. Matrix, xmpp and irc are backed by ldap which is impossible with mattermost.
I remember I spent about 10 minutes looking into setting up my own Matrix server. Seemed like a good day of work, and then I would still need to figure out how to support media uploads and E2E.
The real kicker is that having the data on my own server is certainly nice, but I just don't think it's less likely to be exposed while I'm holding it vs someone else. I remember when everyone had a self-hosted WordPress blog. Eventually you'd get tired of applying patches every 2 weeks and instantly get added to a bot farm. No thank you.
To be fair installing synapse is fairly easy. Media uploads and e2e should "just work". When I recently changed the VPS I was running it on I set up synapse from scratch in about 15 minutes. Of course I have set up synapse many times.
If they're people who want a web client you can look at mod_conversejs: https://modules.prosody.im/mod_conversejs - but it is not as comprehensive a web client as Element, in my opinion.
Well I was running it on a 2GB VPS, I have since November switched to a 4GB VPS, no issues since then but it's still early days. I haven't benchmarked either VPS, the 2GB I had a single dedicated CPU core, some 3.5+ghz xenon. I didn't check what my cpu allotment was on the new VPS, it was a $65 a year black friday thing. Moderation is not an issue, I only have 5 users other than myself.
I saw your comment and considered posting a facetious comment about how you would need 80TB of ram and at least twice as much disk space.... but that would add nothing to the discussion.
I am using postgresql now. That is not a silver bullet for anything though. I switched to postgresql early on (when I first started using matrix I think synapse only supported sqlite?) and I've had less disk space & memory trouble using sqlite than I have postgresql.
Of course I was using sqlite when there weren't nearly as many users as there are today or when I had federation disabled.
People are migrating en masse from WhatsApp to Signal and Telegram. I am pretty sure it's ruffling some feathers considering the vocal people defending and promoting Matrix and federation in every Signal thread and considering this informal poll: https://news.ycombinator.com/item?id=25669864
Telegram
806 points
Zom
3 points
Viber
15 points
Threema
69 points
Signal
1699 points
Discord
102 points
Matrix (added after 25 mins)
374 points
Last I read speculations were that Signal had something like 10 millions users/downloads and Matrix 25 millions users (take that with a boulder of salt).
Cool. Now get 5 friends of yours to join you in a crypted room with each using a phone and then a browser, wait two days, get back to it and manage all the insecure session notices.
Beware, they removed the warning from the android client though. It confused people.
That is only the case when you have verified your friends keys (by qr code or emoji string).
When one of your friends account is hijacked and has someone snooping on messages, you'd want to know that.
Though I see it might be confusing at first for users to understand that they have to sign their devices. Currently, you have to login with a username/password and afterwards (optionaly) get one of your other devices to sign your new device. Which the UI does clearly ask you to do though.
I'm using Element very sparsely, but keep getting annoyed by it. I did not care to touch any settings. I have a persistent tab in my browser and it keeps having the notification dot for silly reasons:
- My connection flaked out (duh, I closed the laptop lid).
- Connection for one of my contacts flaked out (?!).
- Something in the signatures changed.
I get how any of that might be a sign of compromise. But I really don't care, I don't use this for anything sensitive. And with only about 20% of notifications being about an actual message, I've developed a blindness towards it.
Edit: having written that, I've noticed it is not doing this right now. Come think of it, it might have stopped a while ago and I simply didn't notice (c.f. developed blindness).
No, no, no. I have been toying my own Matrix instance and I registered 2 users that I played with, exchanging pictures and messages. There were some glitches in the UI that insiste on flagging some sessions as insecure even though I verified every session.
Sometimes it got resolved all on its own, sometimes it stayed like that. No biggie in the end but you can find some bug reports like that on github. Most probably it's getting worked out or was but it definitely happened.
Downloaded client on Windows. Fine. Installed fine.
Hit the button to make an account, everything went fine. It sent a verification email. I clicked the link. It said "something" was wrong with my setup. I JUST installed it, with the default options.
On a hunch, I went back to the client, and was able to log in. The failure message was entirely spurious. If I hadn't been tech savvy I likely would have been scared off and not bothered, assuming it was just broken.
Did they? I was reading conflicting info. Some were saying that the EU was “excluded” from the change... (not sure how the distinction is made precisely)
Both EU users and non-EU users are required to accept new terms of service or lose access in a month, but the EU terms don't have most of the data-sharing bits that would be likely to violate the GDPR.
Probably the gold rush for decentralized, censorship-resistant platforms for the Right to jump to.
This is bad for any mainstream ambitions by the Matrix team. If it becomes the next Gab/Parler, normal people will avoid being associated with it. I know this association would absolutely sink my friends exploring the platform further while we're exploring alternatives for when Google Hangouts is decommissioned.
> I know this association would absolutely sink my friends exploring the platform further while we're exploring alternatives for when Google Hangouts is decommissioned.
Should there be such rooms (that still fall short of being removed for "abuse") you're not forced to join them. No different than you not joining Google Hangouts full of people you'd rather not talk to.
Chat systems like IRC/Element don't force you to join and speak with anyone you don't want to unlike social media sites which try to have literally everyone in the same pool.
If your standard is "people I don't like are able to use this service" you will find no service that will have 0% of said people.
You may as well say, "There's nothing wrong with Gab/Parler/Voat as long as you stay away from the political discussions". It doesn't matter. Your technical and logical distinctions are minor and irrelevant to most people compared to an overwhelmingly negative reputation.
>You may as well say, "There's nothing wrong with Gab/Parler/Voat as long as you stay away from the political discussions".
It's just a fundamentally different system than what you're comparing it to and has many well established communities that aren't what you appear to be alluding to.
>It doesn't matter. Your technical and logical distinctions are minor and irrelevant to most people compared to an overwhelmingly negative reputation.
Are there any major situations involving matrix that you can point to?
I'm not aware of any major issues and just because it's not one of the major social media platforms (arguably not even social media depending on your definition) doesn't mean it's inherently bad.
> It's just a fundamentally different system than what you're comparing it to and has many well established communities that aren't what you appear to be alluding to.
You may as well be telling me how wonderful BitTorrent is for downloading Linux ISOs and to ignore that whole The Pirate Bay thing.
>You may as well be telling me how wonderful BitTorrent is for downloading Linux ISOs and to ignore that whole The Pirate Bay thing.
The hash checks help validate that the ISO file is properly in tact and not corrupted in transit and the peer to peer nature keeps speeds high by distributing the load between multiple peers.
I don't see people avoiding using phones even though neo-nazi, criminals, redheads and people with sexual preferences radically different from theirs use them constantly.
Matrix is not a platform, it's a protocol and some implementation software developed in the open.
Has the headline “(extremist group) use / flock to WhatsApp to plan (nefarious thing)” ever dissuaded someone from installing WhatsApp? Probably, but it got popular anyway.
You mean in a few years there'll be only 3 or 4 free mail providers with e2e disabled for convenience[0] and data broker objectives (as a mean to pay for the service) and only a selected few can federate (because hey, spam or something) ?
Like Mastodon, Matrix has it built-in in its principles that a federated instance can prevent being contacted from another (this is the whitelist setting). Feel free to correct me, I am not 100% sure.
So, it’s important to get this right. In reputational effects, like this one, we don’t care about
P(I use this | I’m a bad person)
because, like you point out, this obscures cases, like breathing air, where P(I use this) is already high. Instead, we care about
P(I’m a bad person | I use this)
And we especially care if this conditional probability is perceived to be high. This is because then your potential users will worry that if they use your product, others will make the (justified!) Bayesian inference that they are bad people. Because they don’t want to be seen to be bad people, they will avoid it.
Considering the substantial and increasing government/military usage of Matrix, I don't think this is a realistic scenario, but I guess only time can tell.
Is there an update that warrants this new post?