A communications tool must have censorship resistance (decentralization), anonymous signup without requiring a phone, and have an official way to obtain binaries signed by the community instead of by corpos that can be forced to insert backdoors.
Signal fails on every single one of these criteria and that is why we must stop recommending it to our friends and family who have a very limited tolerance for technology changes.
Choose decentralization.
Use matrix, or make something better.
Fully vibe with the thrust. But omfg matrix is not a user experience that I can recommend to almost anyone accept hardcore open source nerds.
I literally can not keep up with what client even works month to month. Absolute disaster of incompatibility.
@nullagent I really don't understand comments like this.
All my non technical friends and family use Matrix.
I just tell them to install the official app, have them follow the new user wizard, find me, and send me a message.
Works every time for any skill level.
I think the biggest mistake is Element and Element X being distributed at the same time without feature parity warnings, but for basic messaging they work just fine. You just lose the ability to use threads w/ Element X.
Nitpicking but: A TUI client as good as weechat, and an embedded microkernel client like the one being developed for the Precursor probably are most interesting to me on the matrix side.
Ultimately I want a device that is basically just a kernel, e-paper screen, wifi, and chat.
Matrix on precursor or Meshtastic currently look like my only hopes.
@lrvick @delta sure, wanting special purpose clients is fair.
I don't actually know if anyone is working on Delta clients in these directions, but it's good to have the interest on the record here :)
I'd expect they wouldn't be super hard to make, but someone would still need to do the actual work, of course 🤷
@lrvick following up re TUI delta clients:
Have you had a look at https://github.com/ArcaneChat/arcanechat-tui/ ?
@roaminchemicals Matrix has IMO much more modern/competitive clients, easier federation, mobile battery usage, better key verification UX, better interoperability with other services, and much more work on protocol investment for things like scale and metadata protection.
XMPP is just a very bulky protocol by comparison IMO, reflective of its 90s origins.
But also, matrix is compatible with XMPP, as it is with most protocols, via bridges.
I would sooner use XMPP than Signal though!
@lrvick I would love to use matrix everywhere, but last time I tried, I got the dreaded "unable to decrypt message" and could not read messages from my friend anymore. That's intolerable UX :(. I've been waiting too long for matrix to get good.
Signal is centralized, but has better security and apps you actually want to use.
@vitSkalicky You would rather have a central party have control of the network and binaries to thus have total access to your messages and metadata in plain text, so long as it never has bugs?
I maybe get "unable to decrypt message" about once a month these days, as a power user, and then I just refresh and when their client is online to re-sync keys again later, it works again.
Decentralized protocols take the most time to mature and update but they are worth it, always.
@lrvick Signal is using reproducible builds, so you can verify that the binaries match the source code. And I rather have my messages properly encrypted on a centralized server than using a decentralized network that leaks my messages to hackers because of a bug.
As I said, I'm big fan of decentralized protocols (email, XMPP, Matrix) but they need to work. Matrix does not :(.
@vitSkalicky Signal disabled those reproducible builds for a year so they could work on mobilecoin secretly, and no one noticed. They also mandate you get signed binaries from google play or the app store. They can easily ship you a binary different from the reproducible one.
Also I send end to end encrypted messages to my firends and family directly and via group chats every day. It has been my exclusive personal messaging system in my circles for years.
What does not work exactly for you?
@vitSkalicky By the way the right way to do reproducible builds on mobile is to do a build and submit signed hashes to f-droid, then let the f-droid team build from source and get he same binary and sign it. Then you can verify both signatures match for the same hash confirming independent third parties built the binary.
Moxie refused to do this, claiming he won't get as good of usage tracking from open platforms as Googles surveillance capitalism driven system does.
@lrvick Let me check those reproducible builds... I don't get why they would need to disable them for mobile coin...
Element X is getting better now, but it is still a bit clumsy. I was chatting with my friend when suddenly none of us could decrypt each other's messages. If it was a chat between my mom and and granpa, they would have no idea what to do and they would go back to WhatsApp :( unacceptable.
Also Element Desktop is warning about some problem with libsecret every time I start it :(
@vitSkalicky Signal silently stopped pushing code to their public repos for a year and was effectively closed source so they could secretly add mobilecoin support.
Naturally moxie was a paid adviser on the MobileCoin board and it was a pre-mine coin so he made bank by abusing his power over a non-profit chat app to add support for a cryptocoin he was invested in.
Shady shit like that, and their refusal to support community builds or servers are major red flags.
@vitSkalicky I am the one that went viral for publicly calling out moxie for this blatant corruption, and the only response we got from the signal foundation was Moxie stepping down, and being replaced by the founder of WhatsApp.
Centralized power has been abused as long as humans have been a thing. We are all greedy bastards, and it is why no one should have control over something as fundamental as the ability for humans to privately communicate with other humans.
@vitSkalicky Signal is thus a centralized chat app that requires you agree to the Google or Apple terms of service to use it via official channels, and it has a history of blatant financial corruption and going closed source without warning.
These facts make Signal a complete non starter, and thus Matrix is kind of the only option that exists making it easier to look past bugs and UX shortcomings.
And thus we are left with matrix, and working through any bugs along the path to it maturing.
@lrvick You can use Signal's self-updating APK from their website on a de-googled custom ROM.
The UX bugs and shortcomings of Matrix are so severe in my experience that you cannot look past them. Matrix is not something I would install on my grandpa's phone and expected it to work.
Also, you are ignoring XMPP. Why don't you use that?
@vitSkalicky sideloading an apk requires disabling signature verification which no one should do.
The non google/apple option that is signed and reasonably safe is f-droid where you push your signature, and they build it and push a second signature.
This is the practical solution for end users that do not have the time or experience to reproduce every release by hand.
Moxie made it a policy to never allow this, for fear it would hurt google/apple usage tracking stats, by his own admission.
@lrvick wtf are you talking about? All app installs on Android are TOFU (trust on first use). And how do you install F-Droid? By sideloading it!
Most of your claims are half-trues of completely wrong, so I'm ending the discussion here. If you want to discuss further, support your claims by evidence first.
@vitSkalicky f-droid has had a mature system for automated reproducible builds and multi-party signing from source for maybe 10 years now, while Signal just hosts an unsigned apk and cheekily says it is possible for users to manually reproduce and sideload every release, knowing almost no one will ever do this.
@tuskun I was a big fan of XMPP, but it is worlds behind matrix in terms of UX, feature parity with proprietary alternatives, mobile battery efficiencies, and end to end encryption support.
Also the open source community sets up their shops in either Matrix or Discord these days, and Discord is a closed source arm of surveillance capitalism that is a clear choice trying to ward off any interest by people that care about security or privacy at all.
Matrix is the only viable popular option.
Lance R. Vick
nullagent
Heiko
Roamin' Chemicals
cryptogopher
Vít Skalický 
Tuskun
User