hello im trying to find good foss alternatives to apps like discord, facebook, and others that are foss and federated are there any possable apps out there that are like that?

  • rglullisA
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    You are indeed misunderstanding some of the points about it:

    You have to register for a home server, which essentially means trusting the individual(s) running that home server not to abuse that privilege.

    Communication that happens exclusively via Matrix are always end-to-end encrypted. No one will have access to it. The only point where e2ee is “broken” is when/if you are using any of the bridges to any of the protocols where the messages are in clear text. If you are worried about having your messages read by a third-party, then you wouldn’t be using the insecure protocol in the first place, right?

    Not only that, but your data is then replicated on other servers where the other participants in your conversations are registered.

    Not true. Data that goes to the other servers is always encrypted and only the intended recipients can read it. No trust required.

    The (seemingly) most popular, Element, appears to collect a crap-ton of personal information - including user content!

    Technically speaking, every client “collects user content”, no? The question is what the application does with it. The code is open source and I’m yet to hear anyone claiming bad practices or security flaws in the client.

    • mreiner@beehaw.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Thanks for replying!

      There are lots of services using E2EE, so I’m really not sure this is a unique benefit of Matrix and would not convince me to use Matrix by itself. It is a fair point in favor of Matrix, though!

      I already use enough platforms as it is given what the individuals with whom I speak are already using. I’ve convinced some to standardize on platforms using E2EE, but the overwhelming majority of people who are not technology enthusiasts cannot be bothered to mess with something more complicated than what comes with their phone or the services that they’re already using (and fair enough, this isn’t a knock on them).

      For that reason, the bridges Matrix offers are the only feature I’ve heard of so far that might make me switch. Unifying the services I already have to use due to what is used by my friends, family, and colleagues would be killer, but if they don’t at least leverage the E2EE supported by those services’ native apps, it negates pretty much all benefits for me. Yes, using stuff that isn’t encrypted in the first place isn’t ideal, but the answer to that for me is not “well, it’s already visible to some people so trusting the admins for this other third party service isn’t a big deal”. Additionally, integrating with services that do natively support E2EE in a way that breaks that E2EE is a huge step backward. I don’t blame Matrix for this, but it also doesn’t win any points for it in my mind.

      Thank you for dispelling my misconception about the data replication!

      To gain widespread adoption, any protocol will have to have friction-free sign up and usage, which is a tough nut to crack given how sharded chat already is and has always been. Email, which Matrix strives to emulate, was an established standard that predated most users’ access to the internet by a decade and a half or more. Conversely, chat has basically always been fragmented and siloed.

      Unification would be a killer feature that would even have a chance of convincing non tech enthusiasts to switch, which could then lead them to start switching more of their communications over to native Matrix traffic as more of their friends also switch (relying less on the bridges over time). Given doing what I’ve described above requires compromises on security, though, I can’t see a path to wide adoption for this protocol (which really makes me sad). Since I don’t see a path for it pulling in non tech enthusiasts, and the bridges can break other platforms’ existing security, I don’t see myself adopting another platform for chat.

      Please let me know if I’m still getting anything wrong!

      • rglullisA
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Apologies in advance for my coming rant. I don’t mean it as a personal attack, but I’ve been this type of discussion so many times that it gets a bit repetitive and I think most people don’t get all the different forces at play here, so perhaps if I write something a bit nastier than the usual self it won’t fall flat into deaf ears.

        /beginrant

        Your whole response can be summarized at best as “network effects are hard. Let’s go shopping” and at worst as “Let me use other people’s apathy and laziness to couch my own and keep the status quo”.

        Instead of excusing yourself on “why should I be using Matrix if others don’t do it”, let’s play a little elimination game and ask yourself why you should be using any of the other alternatives:

        • WhatsApp? No, it has e2ee but Facebook still has access to your meta-data (usage patterns, call history, list of contacts, even location tracing) and it can derive all the data mining they need. E.g, they can have a good guess at potential health issues just by recording that you call/texted the number of a medical office.

        • iMessage? Closed to Apple’s ecosystem, vendor lock-in.

        • Discord? Closed source, proprietary protocol, vendor lock-in.

        • Signal? Slightly better, but centralized and with questionable funding ties.

        • Telegram? Closed source (on server side), questionable cryptography, ties with Russian oligarch.

        Also notice how none of these alternatives “comes with their phone”, so the point about “non-technical people not interested in switching” is moot. They had to learn how to use WhatsApp and Discord once, they can learn how to use Matrix as well.

        if they don’t at least leverage the E2EE supported by those services’ native apps, it negates pretty much all benefits for me.

        You can run your own Matrix homeserver, along with whatever bridges you decide to set up. You don’t have to trust anyone, it’s just an option given to you.

        any protocol will have to have friction-free sign up and usage.

        First, there is no such thing as “friction-free”. There is always some friction. One of the things that turned me off WhatsApp (and Signal) is the fact that it requires a phone number. The fact that (most) people happened to have overcome some initial obstacle doesn’t mean it was never there.

        Second, it seems that no matter what FOSS developers do, there is always yet-another obstacle put by users who simply do not want to be bothered with change, even when what is asked of them is well within their range of actionable work.

        Since I don’t see a path for it pulling in non tech enthusiasts (…) I don’t see myself adopting another platform for chat.

        How about you take the first step and try for yourself to see what are the real challenges for “non-tech” people? I’m out of WhatsApp and got my parents (both getting closer to their 70s) to use Element. UX annoyances do exist, but nothing that stops them from using properly. Why can’t you, e.g, get your circle of friends in one Discord server and try it out collectively to see how it goes? It’s not that hard.

        Matrix is well past the “only suitable for early-adopters” phase. What it needs now is for individuals and companies to just get their heads out of the sand and put just a little bit of effort into it.

        /endrant

        • mreiner@beehaw.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          My turn for a wall of text, sorry!

          I do appreciate your preface, and I can certainly empathize with your frustration. Like you, I think that secure, private communications is generally a good thing and I am happy that there are awesome FOSS devs and groups devoting their time and skill to try and bring stuff like that to life. It is inspiring and I really do appreciate it. I, too, have had many a similar conversation :)

          That said, I cannot disagree with your “it’s not that hard” statement. At best it’s well meaning but wrong, and at worst it is dismissive and counterproductive. Every change of any kind has a cost, as you pointed out (correctly): there is always some friction. When it comes to something that most non-tech enthusiast users view as pretty insignificant as messaging platform’s privacy policies, any entrant is going to need to have a lot going for it to overcome the existing market inertia of the current players.

          Honestly speaking, most people settled on their chat platforms of choice out of convenience a long time ago. Their friends used WhatsApp, so they hopped on. Meta bought them, but did that drive anyone away? Not really. They changed their privacy policy in ways that raised all sorts of alarm bells, but did it really change anything with their general user base? The fact that they still have somewhere between 2 and 3 billion people on the platform would seem to suggest it didn’t have much, if any, effect either.

          And it is important to highlight that that sort of inertia - a single platform being used by somewhere between a quarter and a third of every human being on this planet - is what needs to be overcome. Even Signal, arguably the current most mainstream FOSS app designed for private (though not anonymous) communication, which has been operating for around half a decade and has millions of dollars behind its development, has only managed to capture a measly 50 million or so users.

          Then there’s the reality that these standards keep changing which leads to new apps and protocols coming out. Again, I don’t view this as a bad thing as a techie, but it could lead a reasonable user to ask: “why bother switching to this platform when I just switched to that other platform a year or two ago?”.

          I don’t think the argument you are trying to make is that the overwhelming majority of people should be onboard with chasing after a new, more secure/private/anonymous/whatever platform every few years, but that’s what it honestly amounts to at this point. No platform has everything, and even if something were written today that does have the everything of today, there’s nothing to stop someone else from developing something new to entice people away yet again especially when you factor in profit motive to do stuff like that (case in point could be Meta’s entering, and planned expansion within, the fediverse).

          None of the above should be seen as arguments to accept the status quo or that people shouldn’t be looking to move to something better. I wrote the above only to illustrate that moving platforms, especially for non-technical users, really is hard. It’s frustrating for me because I, like you, would love to see users move to privacy-respecting and secure platforms. The reality, though, is that most people genuinely just don’t care; nothing can make that more clear to me than WhatsApp. That is why having bridges (that wouldn’t break native security and privacy features and wouldn’t potentially get your account banned) would have been a gigantic feature that maybe could have enticed the average user. Unfortunately, that is not what the Matrix bridges do so I am left without a strong reason for even me, as a technical individual, to move off my current platforms.

          Matrix doesn’t provide better encryption than Signal (or even WhatsApp, ignoring the privacy side), it still requires trust someone just like Signal (your own paid, or someone else’s, server vs Signal’s servers), and even if I do adopt it I don’t know that I would feel comfortable trying to convince the few members of my social groups to move as well given they are entrenched in their platforms and don’t value the few additional benefits Matrix would seem to bring over something like Signal (which most of them didn’t switch to, either).

          I would love something like Matrix to “win” if it is as good as you say it is, but if its biggest (maybe only) selling point is privacy and security then I really don’t think most users will move. Given Signal’s security and seeming lack of a profit motive to sell my metadata, I am also ok (though not necessarily screaming with joy) with what they offer as well.

          If you feel I missed or got anything wrong, I am open to hearing it! I feel we agree on way, way more than we do not.

          • rglullisA
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            My main point is that all your arguments can feel perfectly reasonable, but they don’t seem especially virtuous. Yes, change has a cost and is not easy. But the alternative is simply letting these huge corporations in control. We can do better than that. We can simply start out by refusing to join the larger networks. We can be part of the intolerant minority that ends up setting the course.

            if its biggest (maybe only) selling point is privacy and security then I really don’t think most users will move.

            No, that is not the main selling point. The selling point is control. Signal may be “private” and “secure”, but requires you to trust their implementation and keeps them in control of crucial infrastructure. Matrix (or other open protocols like XMPP) give people full freedom to control how their communications works: it can be a professional hosting company, or it can an enthusiast running in their basement, or it could even be a public service offered by a local government, or it can be an university running their own servers for all students and faculty.

            I would love something like Matrix to “win” if it is as good as you say it is,

            It will win, at least in the same sense as Linux has “won” the operating system wars. Even if we don’t get everyone running Element on their phones, we already have a directive in the EU that will force all major messengers to be able to interoperate, which will lead at least to the larger players to create some set of common functionality that will be supported by the basic phones, and there is a good chance that this will end up being powered by Matrix. There is also the fact that large sectors of the German and French Governments are investing and deploying a lot of their communication systems based on Matrix. Lastly, we can not ignore the fact that even if it’s not super famous, there are already an estimated number of 60 million active accounts on Matrix.

            • mreiner@beehaw.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Sorry for not replying in some time.

              You may be happy to know that you convinced me to at least give Matrix a try. So, you won? lol

              I stood it up on one of my public servers via Docker with Traefik, and I am able to connect with a client. I cannot, however, for the life of me figure out how to get the federation side of things working in Traefik, so if you know anything about that I would sincerely appreciate the help. At least with it running and accepting client connections, I can have chats with the people I allow to set up an account on my server. It also gives me a chance to play with the bridges.

              I still REALLY don’t like all the data Element (and Element X) collect on iOS, and I refuse to use it. FluffyChat sems ok, though…

              • rglullisA
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Hey, if I manage to bring you to Matrix and you come out happier for it, then I’d say that we all won. :)

                Re: federation. I’ve setup my matrix server with nginx as proxy so I won’t be able to just point you to my configuration, but I can tell you that https://federationtester.matrix.org is of great help to show you what is missing.

                I do need to look into how to setup matrix with traefik through, so if you want some help me you can send me a DM with your domain and we can work through the issues.