Is matrix good to use, seen a lot of drama around it. For example hackliberty.org left it because of lacking of security and moderation, do you still recommended it?
My wife and I use it to chat privately and I host synapse inside our LAN so im not federated. Works perfectly for that, but I’ve heard a lot of people have issues with large groups.
Depends on the use case an server.
Google and facebook do not yet have public servers. You want a trudtworthy server such that noone abuses your metadata like the time of sending a message.
It’s very useful for companies like email but for real time communication. I’d prefer matrix over most other forms. In many companies and agencies matrix is getting introduced these days.
It’s not anonymuous just like signal isn’t perfectly anonymuous.
I have used XMPP for some time now and I tried Matrix for a bit, but have stuck with XMPP until now.
I found it practically very easy to set up a prosody XMPP server in a raspberry pi. In XMPP you have the core standard that is kept quite minimal and then you can extended your implementation using XMPP extension protocols (XEPs) in a highly modular fashion. This approach of building on top of a light core using well-documented extensions I like very much.
With Matrix, JSON is used instead of XML. I think that JSON is a nice format when trying to look under the hood at how the message data is structured. XML is a bit of a pain to look at in my opinion. And I think JSON might be more efficient in how it moves the data around. So, that is a big positive for me. But I Matrix appears to be more focused on being feature rich than on having a flexible modular structure. While it does have extensions, successful extensions do have a chance of being eventually integrated into the core protocol. This makes the core feel bloated to me, because I have very minimal requirements.
In terms of security, in XMPP you start with the core and then you select the type of encryption that you like (OpenPGP, OMEMO, etc). OMEMO encryption has plausible deniability built into its design, and for me, plausible deniability is a property that I consider important for messaging. The modular approach to XMPP also means that these are choices that one gets to make in an active manner, and the protocols are open protocols that come from outside of XMPP. With Matrix you get their encryption protocol as part of the core - it is a protocol that they designed and that you need to accept to use their tool with encryption. It is probably a good protocol, but I don’t think it has plausible deniability built in, and that’s a choice you did not get to make.
As for moderation, I don’t know. Do they mean moderation tools, or the actual absence of moderators and unmoderated communities? Because the latter is more a property of the people using the tool that the tool itself. You can have your own private communities.
If someone asks me, I could recommend Matrix but would rather recommend XMPP, depending on what they are looking for specifically.
Matrix is still in my “recommend” category for real time federation. With third room still being the coolest example of what that can mean so far. They build on the same libs that make Peertube work too for the video sharing aspect (not the video metadata sharing and socials that all ActivityPub).
I’m really excited to see dendrite make it to client devices for real p2p servers, maybe even as a micro service deployment. I do want to try out the Conduwuit too.
That said the metadata leakage is an issue to me and consider that a serious flaw depending on your threat model, and you want to extra steps to preserve your identity from an untrusted matrix network and/or stick to a private one you trust
It’s just a public discord server but half baked. Its attempts to add “privacy” just slow it down and increase resource needs, and so it’s worse off than discord.
Their solution? Don’t turn on encryption for public rooms.
At least simplex is actively trying to solve the large encrypted groups issue.
It’s not a private messaging platform, it’s an anti-censorship messaging platform among other things. If you’re looking for privacy, this probably isn’t the application for that. Though it is somewhat possible to make it more private, that’s not the primary use case. If you’re looking for a platform for public conversations where corporate interests of the day won’t cause your messages to be censored, then Matrix might be useful. But moderation of spam, hate content, etc., is also not going to be robust in general.
The protocole is fine I think the real problem is the synapse implementation but I could be wrong on that take I am no expert.
While Synapse isn’t great, the problem is that the Matrix protocol is over-designed for a very specific purpose (distributed rooms), that comes with a severe performance penalty but most people don’t actually need this for chat.
Its one of these cases of a neat idea on paper, but ultimately a solution looking for a problem.
That said, Matrix isn’t that bad overall, but there are better options like XMPP.
XMPP is SOOO much easier to admin.
Yeah. Would have been much better if it was an option for a group admin - choosing several servers at a time to host if they wanted redundancy. Not forcing it on everyone participating, regardless of their disk size…
Well… there has been some recent museings about something like that from the CEO of Element, but it would effectively cause a two class federation where some servers can not work independently of others (likely in reality mainly servers running on EMS infrastructure, a bit like how in Bluesky you can’t really work fully independent of their infra, and yes Bluesky was explicitly mentioned as inspiration for that idea).
Having those two options fully independent would basically mean reimplenting xmpp in json as an incompatible alternative protocol and that would make little sense IMHO.
What is the source for this? Wonder just how worried we should be…
Some comment by the Element CEO on Hackernews, sorry I don’t have a link right now.
But since it would be optional I am not sure why you worry about that. It wouldn’t change the status quo, which is already bad.
Matrix literally syncs the entire data/metadata history to all other servers where someone pops in; chat is meant to have an ephemeral aspect to it. The whole network is de facto centralized on Matrix.org or the servers they host for others which means one org has access to almost everything—like the issue with Signal.
What’s scary to me is how expensive it is to run this eventual consistency model, which should not be a protocol requirement for this style of communication. It sucks so much RAM, so much storage, so wasteful—which causes medium-sized servers to shutdown on maintenance costs alone which causes more users to leave for the Matrix.org. These are not the characteristics of a revolutionary protocol—revolutionary is users & collectives to reasonably be self-hosting this stuff for their privacy & autonomy.
Matrix literally syncs the entire data/metadata history to all other servers where someone pops in
How else would you expect a decentralized and persistent chat room to work? If that stuff wasn’t synced among the servers that were invited to participate in a room, then it wouldn’t be decentralized; one server going down would kill the room (or at least lose data).
The only way I can think of is not to use servers at all, but go fully peer-to-peer. Matrix has done some proof-of-concept work toward this, but I’m not aware of any service that does it successfully while being practical for most people, yet.
chat is meant to have an ephemeral aspect to it.
There are use cases where that makes sense, but for general use? No thanks. When I lose my account password or my phone breaks, I want to be able to sign in on another device and still have my message history.
It sucks so much RAM, so much storage,
Synapse is indeed a heavy server implementation. Several lighter ones are in development, some of which people are using already.
Persistence is for forums. Chat has horrible discovery / search UX which makes it a black hole for knowledge—which is why it should be seen as temporary (I think even Signal sets 4 week expiry as default). Folks often say things the regret 5 years down the line in chat space & that sort of info needs to just fade away than be some target of some weirdo doxxing campaign.
You know you can have archive management & multi-devices without syncing the entire history right? Some protocols think holding onto the last 20 messages in a new group & the last year of private messages is good enough (can be saved local to the device if desired). Copying the Discord/Telegram/Slack model ain’t it.
Synpase is the reference server. It’s Python & slow as balls because of it, but the others are always playing catch-up. With Element moving with it & graceful fallbacks not being a high priority, shit just doesn’t work in practice using anything but Synapse / Element since most other users are using features on that setup. Technically having alternatives is not the same as the current situation in actual practice. Even if they can try to hide the some of the perf issues behind these gland concepts like sliding sync, there are literal fundamental issues with how the protocol is architected that a server of hand-written optimized assembly could never overcome—the eventual consistercy is by design.
tbf there is not really a good solution to the ‘ephemeral aspect’ problem
the only way to truly not sync metadata to or btwn servers at all is to use a p2p model, in which you cant send anything if one of the parties is offline
simplex might be a bit better in this regard, but still relies on servers for syncing. at least it doesnt extensively replicate metadata like matrix does though
so it depends on your threat model whether this is a compromise or not
Sure there is: Don’t store everything in a database.
what alternative do you propose for saving messages when the recipient is offline?
This is not either or. You can store things only until the recipient comes online and then delete it (but Matrix specifically doesn’t do this and conceptually can’t due to its design).
sure that is how pop3 does it
but metadata is still replicated to the server, so this does not solve the metadata replication issue
even if you dont explicitly store metadata or encrypt it in some way, the server still necessarily knows stuff like timestamps of when the messages are sent for example.
sure, you can delete it later, but you also have to trust the server to actually do that, and there is no way to guarantee this in any protocol
The whole network is de facto centralized on Matrix.org
That’s not true there’s plenty of people using different homeservers
That is nowhere near the mass of the centralized community & the fact it can’t be reasonable ran my medium-sized groups on a budget shows it doesn’t scale right & is not accessible. Sure you can run your own ATProto/BlueSky node if you have $80k USD / mo to host it—it’s technically open source! This is the kinda the same thing… costs too damn much so folks flock to the biggest instances.
I wanted to participate in some Matrix groups, so hosted Conduit. Synapse was out of the question because it is too heavy for my cheap VPS. Some of the groups were encrypted, and my messages there were consistently rendered unreadable! Whether this was a Conduit vs. Synapse or matrix.org vs. everyone else I don’t know, but the result is thw group being rendered unusable.
But my biggest problem is easily the storage, as Conduit offers no way to clean it up and my disk space is really small. The mandatory “everyone stores everything” model is so weird and seemingly unneeded for a chat… Why isn’t it optional at least??
Seriously, why is Synapse - the only fully-functional implementation - so damn heavy? Even the developers admit it doesn’t scale, introducing a different commercial version for big deployments! (wonder if this was the plan all along lol)
What else do you recommend?
Depends on your needs. Matrix can mostly replace the functionality of Discord, which makes it stand out despite its flaws.
If you just need group chat, encryption, and 1 on 1 calls, XMPP is easily self hosted and highly scalable.
SimpleX seems to be another decent option that’s decentralized.
I don’t use Matrix due to a permanent copy of all activity being kept on servers. It seems Matrix only has private group chats but not end-to-end direct messaging to add a contact and message them, you have to invite a user to a chat.
I find it to be pretty trash, and that’s just my layman’s opinion. I won’t get into my professional opinion…
Overall, it’s good, but you need to know what exactly you’re signing up for. The reality is that you can run a decentralized or centralized E2EE chat server, along with voice/video calling, without much effort. There are hiccups with the key exchange that suck, and metadata isn’t really protected. It really comes down to if it meets your particular requirements.
As an end user it feels bloated and slow, the apps are all over the place and it still doesn’t have voice rooms like discord does.
Also abandoned channels seem to be a huge issue, many of the channels I’m in are on like the 10th version or more and keep creating new ones for some reason, losing the history of the old ones.
The idea is really cool, and it mostly works, it just needs a ton of refinement.
Along with the other bits that people like and dislike about it, I have another problem with it.
In order to deploy software in a manner that is resilient, it’s necessary to deploy it in a “High Available” manner. This usually involves duplicated the service across multiple machines, and then automatically switching from one server to the next if one machine goes down. I consider this necessary for something to be a true alternative to the big proprietary software like discord/slack/etc, for smaller groups or nonprofits who want more reliability. Someone losing internet at their house should not result in the whole service going down. A datacenter going up in flames should not result in that lemmy instance going down (forgot which one this happened to, but I’m referencing a real thing).
The most common way (and arguably, one of the easiest) to do high availability is Kubernetes. Kubernetes has a sort of package manager, called helm where you can quickly spin up services in a highly available manner. Many services offer official helm charts (Unofficial ones are not going to be maintained reliably, so I don’t like them).
The helm chart for Synapse and the rest is enterprise only meaning you have to pay. Discovering this is what finally really soured me on Matrix as using it as a discord alternative.
Of course, I never really considered Matrix a discord alternative. It lacks certain features that people want, mentioned below, like voice rooms (although voice rooms are by definition, metadata leakage, meaning people who dislike matrix for the metadata leakage would dislike voice rooms lol).
Rocketchat appeals to me because of this. Kubernetes/helm, single sign on, and interestingly, it seems to be able to federate with matrix (although I don’t know if it supports e2ee with matrix). It seems that rocketchat has it’s own e2ee, though I don’t know how it works (or if it’s any good). It also seems to support matrix clients, but doesn’t seem to actually be based on matrix.
But otherwise, rocketchat seems like a much better discord alternative.
