I am really struggling to replace facebook messenger / whatsapp for a few casual conversations. My friends and I are all wanting to move away. We are not heavy users of this but need it to work. I think the requirements are:
-
floss client for android, linux, windows
-
persistent history across devices
-
reasonable security
-
don’t need to self host server
-
can send a message to offline user, they get it when they come online
-
not tied to or reliant on phone number / cell service
-
ETA: end user documentation explaining how to set up and common troubleshooting
tried:
-
matrix: the thing with having to keep track of room keys and stuff is too complicated. every time someone uses a new device it is a ton of issues and we could never quite get it ironed out
-
signal: tied to phone number, no history across devices
-
xmpp: similar to matrix the key situation is confusing, also no cross device history
-
ETA: simpleX: a lot of people here are mentioning simpleX. It didn’t come up in previous investigations so will give it a shot.
- ETA 2: It doesn’t seem to have persistent history across devices. Clarification?
I actually didn’t think this would be such a problem but it is breaking us. we don’t need a lot of sophisticated features like voice, video, moderation, 1000s of participants, spam protection etc that seem to be of concern to the projects. just simple text chat.
I have a feeling you are overthinking the Matrix key system.
- create account
- create password you store somewhere safe
- copy the key and store somewhere safe
- when signing on a new device, copy-paste the key
Basically it’s just another password, just one you probably can’t remember.
Most of the client apps support verifying a new session by scanning a QR code or by comparing emoji. The UX of these could be better (I can never find the emoji option on Element, but it’s there…). So if you have your phone signed in, just verify the sessions with that. And it’s not like most people sign in on new devices all the time.
I’d give Matrix a new look if I were you.
Matrix / Element is pretty streamlined nowadays, I’d give it a try again. It has all the features you mentioned above.
I agree with this. I don’t know what keeping track of rooms keys is. Never heard of that problem. Adding devices to an account (cross-signing) is pretty easy these days with a popup wizard. Or a backup key if you don’t have any online devices.
If you want persistent multi-device history it is really one of the few options.
Probably the other main options would be XMPP and Jami but I don’t have much experience with either of those.
So many to choose from… https://bkil.gitlab.io/secuchart/
When did you try Matrix? You can just choose to not encrypt your chat room. Apart from that, in 2022 the encryption hiccups got way better, in 2023 they’re barely happening.
I recommend FluffyChat as mobile client and Nheko for desktop. The Matrix experience relies heavily on the client you’re using.
Session satisfies all your points. It started life as a fork of Signal, but is not tied to any PII. Synced across devices, everything. iOS, too, even. The only thing it doesn’t have is a terminal client, but it’s easly days.
I’ve tried them all; so far Session is the only one that passes the non-tech-spouse test. We were happy sith Wire for a couple of years, but it’s been going through some severe enshittification in the post several months.
Edit fixed the fdroid repo URL
Session is crypto-bro-shit.
What?
so if you click documentation on the session website it brings you to this page https://docs.oxen.io/oxen-docs/products-built-on-oxen/session
I am seeing the words “blockchain”, “economics”, “token”, “instant transactions”… And one click to NFT crypto stuff.
I remember hearing that blockchain tech could be used for stuff other than scams but it is used for scams a lot and this app seems to be related to scam-type activity.
Can someone provide any insight?
a. not all blockchain is bad b. I have neither seen, nor heard, of blockchain or cryptocoins on the platform. If blockchain is being used under the covers, it’s not visible to users. I see no ability to do anything with NFTs or cryptocoins in any of the clients.
Session delivers messages more reliably than many platforms; E2E encrypts all messages (unencrypted is not even an option); requires no PII; has a good battery profile on mobile; reliably allows sharing, and has nice QOL features (that my non-tech family members have come to expect) like animated GIF search-and-embed; it supports message deletion and dissapearing messages; it has encrypted voice and video chat.
If there’s any blockchain in the stack, then Session is an excellent example of its usefulness.
It’s all open-source, too, so audit away.
It’s not perfect, of course. There’s no CLI client. Because there’s no PII, there’s no registry, so connecting to people is harder than many platforms, and looking people up, impossible. The desktop client is an Electron app, so it’s typically resource hungry. It doesn’t yet have sent message editing.
Well I will say that I totally didn’t predict crypto would pop up in this thread. Curious.
getsession.org > Technicals > Documentation > Overview
In exchange for maintaining reliable and trustworthy blockchain nodes, node operators periodically receive rewards in the form of $OXEN tokens.
It sounds like what it is saying is that people who host the remote servers are paid in this crypto currency for the service. Cryptocurrency is mainly useful for laundering money and scamming people. I am having a hard time understanding (a) how there is enough demand for this niche chat service that it should play a major role in their little economy, and (b) where the usefulness of this crypto (e.g. value in fiat so you can do anything with it) could possible some in. Other than scams, laundering etc.
After that comes
long blah blah blah about crypto
Oxen was originally forked from Monero, and it’s still based on the CryptoNote protocol. From these beginnings, Oxen has inherited world class privacy and security features — including ring signatures, stealth addresses, and ring confidential transactions. Just like $XMR, $OXEN is fungible, private, and untraceable.
The Oxen blockchain got started in 2018, with its first ever block being confirmed on March 5 of that year. Ever since then, the blockchain has been successfully and securely operating. On October 15 2019, we made the transition to Pulse — making Oxen one of the first ever Proof of Stake CryptoNote projects. The entire history of the Oxen blockchain can be easily viewed via this block explorer. As for the future, you can stay up to date on the project by checking out our Oxen Labs Updates.
The Oxen blockchain also boasts Blink — truly private, instant transactions. Blink allows you to make transactions with all the confidence Monero enthusiasts love, but with a 1 second transaction time. Blink gives $OXEN the potential to be used as a true means of value exchange — not just storage — in a way no other coin can match.
It’s so… weird… to have all this as the introductory docs. Not a troubleshooting guide or dependency info but all this crazy scam BS.
I see that you are saying this crypto stuff doesn’t intrude on the app. Like you are not getting popups trying to scam you; OK. And you think the app is really good. Can the server/app could be de coupled from all this other stuff? Could it be run independently of this fake economy? That’s what I don’t understand about this “not crypto” blockchain stuff. If it’s not crypto, why is the documentation all about crypto instead of normal user or dev manual?
I appreciate the time to answer the question. But I have to be honest this feels icky. Don’t you get the feeling something sleazy is going on? At any rate when these people get caught or cash out won’t everything vanish?
It’s taken me forever to reply because (a) I feel guilty about short replies to long messages, (b) I had to think about this a bit, and © I almost exclusively access Lemmy on my phone and I hate typing long messages on my phone. Not an excuse, just an explanation. There are no good Lemmy desktop clients, but I’ve finally logged in to my instance’s web interface to respond to this. 3 months later.
So, yeah. I honestly didn’t pay much attention to whatever backstory the software authors were selling; I was looking for a feature set, and Session had it. I got some of my circle using it, and we eventually stopped because message delivery reliability was iffy, and there were enough of some UI issues with (e.g.) attaching photos that everyone drifted back to what we were using before. I’m sure Session will improve, but just for the record, I haven’t been using it because of technical reasons.
I don’t have an issue with cryptocurrency per se. There are issues with current implementations, but the fact that it’s used for laundering money or scamming people is also an argument that can be made for fiat money, but you don’t see people saying we shouldn’t use dollars because a vast amount of them are used to enable the military industrial complex that is killing people around the world. I haven’t read that Bitcoin is being used to fund any of the attempted genocides currently underway – but fiat money has. People have been scamming people using regular money for far longer than cryptocurrency has existed. A lot of people have lost a lot of money trying to get rich in various cryptocurrencies; do you think more people have lost more money in cryptocurrency than people have lost trying to dabble in the stock market? Have more fortunes been ruined by cryptocurrencies than were ruined by the collapse of the “legitimate” currency of Germany during the Weimar Republic? And what, exactly, is a “fake economy?” If people are willing to exchange goods and services for A Thing – whatever that Thing is – it’s a real economy by definition. The argument that because the currency isn’t endorsed or backed by a government means it’s not real seems debatable, at best.
While I think a debate about the relative merits and evils of cryptocurrency is a good thing to have, since the OP topic was messengers, to answer your questions: in the entire time I used Session – and though today it’s still on my phone and receiving messages, although nobody’s sending any – I would not know that the developers behind Session had some grander vision involving cryptocurrency unless it had been brought to my attention here. That they want to improve privacy by using an anonymous method of payment for services – one not based on the collection and sale of metadata, or on a traceable currency (which all electronic fiat transactions are) seems reasonable. I imagine that, eventually, they’ll build something like Lightning into the app, so users can transfer cryptocurrency to other users, or to the operators of their servers. If it ever gets to the point where you must pay to use the service using crypto, then maybe I’d be concerned. It’d be no worse than buying tokens at a video game arcade – a practice that was around for more than a decade without an indignant uprising.
I think it feels sleezy to you because the devs are also interested in integrating cryptocurrency into the Session ecosystem, and you believe cryptocurrency=bad. I think it doesn’t feel icky to me because I’ve been working as a software developer since long before Bitcoin was introduced; and I understand how blockchains work, and know what “proof-of-work” means and what it implies; and I’ve watched the evolution of the internet and the growth of the web, and lived through the eternal September; and I saw how email turned from a communication tool for people in higher ed into a way for scammers (and legitimate businesses) to deliver spam. And I believe that a very many people will try to take advantage of other people and take their money, and they’ll use any possible tool to do so. But I believe that scamming is not fundamental to the nature of cryptocurrencies in the same way that killing people is in the fundamental nature of a gun, any more than buying heroin is fundamental to the nature of a dollar bill.
It’s taken me forever to reply because (a) I feel guilty about short replies to long messages, (b) I had to think about this a bit, and © I almost exclusively access Lemmy on my phone and I hate typing long messages on my phone. Not an excuse, just an explanation. There are no good Lemmy desktop clients, but I’ve finally logged in to my instance’s web interface to respond to this. 3 months later.
well I appreciate the time and tbh and in no hurry for any of this. I’m glad it was on an account I actively monitor. I also don’t have a perfect system set up to keep track of lemmy stuff so probably I miss things sometimes.
The argument that because the currency isn’t endorsed or backed by a government means it’s not real seems debatable, at best.
So as to the nature of crypto vs fiat. Fiat is not only backed by The State, it is created and controlled by The State. I have never done a deep dive but superficially I find the ideas of MMT as explained by Cory Doctow compelling in the context of capitalism
MMT’s core precept is that governments first spend money into existence and then tax it out of existence (contrast this with the standard account that says that governments must tax citizens to pay for programs, which raises the question, “How did the citizens get the money to pay for their taxes unless the government first spent that money into existence, given that governments are the sole source of currency?”).
I first encountered it on some podcast he was on, it might have been this one but not totally sure tbh.
So in terms of whether it’s “real” that is one difference.
People have been scamming people using regular money for far longer than cryptocurrency has existed.
It is an interesting point, and I’m compelled to agree that lots of scams have been conducted with fiat currency. If it were possible to count it all up, way, way more value has been scammed out of people via fiat.
Just to disclose my priors: To be honest, I am not too interested in “fortunes” being scammed because I don’t think anyone comes by massive quantities of money by means which are defensible. An old saying: “if one man has a dollar he didn’t work for, it means another man worked for a dollar he didn’t get.” It is clumsy and imprecise but summarizes how I feel about wealthy individuals.
But crypto has been extensively marketed to people without fortunes. Small people like you (I assume) and me and our families and communities. These people will never get redress for their lost money and it can be devastating. It has specifically targets for example racialized communities who have been systematically excluded from systems that would allow them to accumulate fiat and property.
Unlike fiat, which is created and required by the state, crypto is more like an MLM (pyramid scheme). It is only valuable while new people are buying into it with fiat. If the money pump stops or even slow down, there is a crash. Fiat doesn’t need people to buy into it with crypto and it never will.
Back to the topic of chat apps.
I think it feels sleezy to you because the devs are also interested in integrating cryptocurrency into the Session ecosystem, and you believe cryptocurrency=bad.
Disagree. I wouldn’t use a chat app that was run by Wells Fargo or PayPal or Visa or a local credit union or any other such organization. That would be weird. My use case for a chat app is 100% in social communication and I see no reason for that to be entangled in financials unless I was directly choosing to contribute money to the development costs of the app.
However I can see different use cases where integration of financial exchange into the platform would be of benefit. Those would be for conducting relationships with a significant transactional nature. Platforms like ebay and aliexpress have chat/mail features and that makes sense. And think of facebook marketplace; also combines chat and transactions. People do business on instagram and whatsapp. It appears that the primary application of something like session would be as an adjunct or replacement for those kinds of conversations.
The question is: Is this a chat app that also has a way to send money, or a financial transaction app with a chat feature? I think it is the latter.
I will admit I don’t deeply understand the inners of blockchains. But we know they are unstable so I still find it strange to mix up other unrelated features so intimately. For example aliexpress has a chat feature, and ultimately the stability of the chat is reliant on the business continuity of the organization. But on a day to day level, the reliability of the infrastructure isn’t changing according to how much business is being conducted, how popular aliexpress is. I also wouldn’t use aliexpress chat to conduct my personal relationships. If I made a friend on aliexpress somehow, I would move that to a more appropriate platform.
You’ve correctly compared crypto to the stock market. It is very apt as they share a lot of structural elements; only the stock market is older, more entrenched. My opinion: stock market is completely indefensible; get rid of it. Same premise different conclusion. :D I wouldn’t use a chat app that was relying on some penny stock for it’s technical viability.
further reading if this wasn’t enough:
Molly White follows and explains crypto et al; her website: Web3 is Going Just Great is updated frequently. If you are a podcast weirdo like me, she appears on them from time to time, search through your app.
I’ve used matrix and simplex for different friend groups. While I prefer the former in terms of privacy, I get your point that the encryption keys and account verification is kind of a pain in the ass. Simplex is pretty …simple in comparison, but then, I haven’t had to use it on more than one device yet.
Just for the federation of it all, I’m also eyeing Databag. Now, if I can get my contacts on board as well is another matter…
I wonder if Delta Chat would work for you.
If Facebook messenger is the comparison, Deltachat is awesome. Its very bloated though if you use it for email too. Also for some reason it doesnt delete messages from the server which is really annoying
Have a look at:
https://www.messenger-matrix.de/
You could also use Matrix or XMPP without all the complicated e2ee stuff, room keys etc. It’s encrypted on transport. It won’t be super safe and have the highest level of privacy this way, but easier to use. You just have to remember not to enable room encryption. And maybe use SchildiChat instead of Element.
That is a great chart. Do you think it’s up to date? One issue I had was trying to discern very old from current materials.
Thanks, we don’t need high level security, just a reasonable modern attempt at it. Due diligence. I had a hard time understanding what kind of encryption we “should” use.
I tried SchildiChat and I liked it except for all the problems that seems inherent to matrix.
Sure, this chart is updated from time to time. (The guy who published it also has a very nice german tech blog: https://www.kuketz-blog.de/ ) But it only contains widely adopted messengers and focuses on open-source. So it doesn’t necessarily contain every good messenger out there.
I know. Matrix is quite good. I learned how to operate it, so that’s alright for me. But I know there are a few annoying things in there. And I think they did a few design decisions with the encryption that make it difficult to use. In the years I’ve been using it I’ve been annoyed many times by incompatible verification techniques or missing encryption support in some clients/libraries. It’s getting better but I can understand why you would prefer something else. I’m not an expert on messengers, I hope some of the other suggestions here work for you.
I’m not an expert on messengers
me neither! and I have not desire to become one. :D
It has been a big surprise to see how involved you have to get and how much complex understanding is required just to chat. And in my group of friends I am one of the more power user types. If I struggle to use something, then I can’t recommend it to others. So far everyone is really discouraged and I think it is reflecting quite badly on the concept of moving away from corporate/proprietary solutions. And FLOSS. It seems like just not viable for average users. :(
In this kind of situation we don’t have unlimited chances to try all different options one by one. because in requires a coordinated effort for multiple people to make accounts, set up devices, learn new software etc. People do not have time for that on demand. I think for most people, you have 1 shot at this kind of thing, if any. And if they are not FLOSS-type people they will be basing their opinions of all of FLOSS alternatives on the experience.
Patience is wearing thin. I think if the next thing we try doesn’t work, then it’ll be back to facebook/whatsapp/sms for the next 10 years. So I want to find a viable suggestion or be able to manage expectations and adapt to what is realistic.
Well, I get your frustration. But I also disagree.
There are several different things at play. first of all I think Matrix has made some non-optimal design decisions with their protocol. For example I think e2e-encryption should have been mandatory for clients to support from day one. With like 2 mandatory verification processes that are well-documented and taught to the users.
The second thing is, some clients are bloated and also expose weird stuff to the user. For example the device-keys (session-/room- whatever). That should be build on-top the encryption and handled without the user knowing anything about it.
That would leave us with 3 concepts to understand:
- How to do the emoji-verification to verify new devices and other people
- You need to do 1 backup to make sure you don’t ever lose access to your account, just write down a sequence of words or characters on paper or do a screenshot
- a screen that shows you which devices are logged into your account with a button to delete them. No further handling of cryptographic keys
And I think with a few limitations that are due to the history of Matrix’s development, they strive to become that and aren’t far away from it. I don’t think it’s too complicated. I’ve taught 15 year old kids how to do the emoji-verification and why that’s important.
And it is important… If you take end to end encryption seriously, there is no way around verifying the other end once. You can see which messengers take it seriously and which don’t. For example WhatsApp doesn’t ask you this. And it can’t ever detect if this is really the person they claim to be. The only thing it can do is assume it and make sure the person at the other end doesn’t change. And the backup is non-negotiable, too. You either do that yourself, or let your provider do it. But then they have access to your messages.
And this isn’t Matrix’s or XMPP’s fault. security and convenience are somewhat on opposing ends and you can’t have both at the same time. It’s somewhat like this, and it’s a limitation of how the world is:
You’re free to choose where you want to be on that triangle. You can have something with many features and very secure. But that won’t be easy to use. Or you want something easy, but it won’t ever be secure. Matrix tries to be everywhere, but that can’t work. You can just disable encryption on Matrix, this will do away with all of that complicated stuff immediately, at the cost of some security. But you could also use WhatsApp or iMessage to talk to your friends. My grandma could use it, but it has other downsides.
I’ve been with the FLOSS people and advocating for freedom and empowerment of the user for quite some time. It’s always a struggle. You always have to actively fight for your freedom. And if you want to stay in control of your data, you have to take matters into your own hands, to some degree. And that is some work. You have to learn concepts and gain a certain amount of literacy. The other option is to give up parts of your autonomy.
With that said, I still think Matrix could do a better job and make it easier. I think it’s usable. But I’d be happy, too, if I could recommend it to more of my friends without there being any catch. In fact, I recommended it to other people and like 3 friends use it, my dad, my spouse and like 15 other people I know from real-life. They’re not all tech-savy and it works. There have been some issues, but that was some time ago and issues have become less and less over time.
You resumed very well the triangle.
My dream is to build an app/service which is easy to use as Signal but compatble with matrix and xmmp.
I did the emoji thing and even though I went through it correctly it did not proceed reliably. A problem with the client? Network issue? Who knows. Sometimes it works after a few attempts and other times not.
Encryption keys didn’t work because my password manager ended up with several keys all associated with the same account but I didn’t know what each one was for. (And did the keys each also have another password too? I might be thinking of something else.) They were for the account or the device or the conversation or the client or the session? And my friends were having similar issues; even when I get it set up someone else is having a problem.
I guess with all these things, it gets easier once you get going and stable. You can’t do the emoji thing without having a logged in client available. If everyone is bouncing around clients it’s a mess. There is nothing stable for any of us to join onto. I have used the occasional established matrix community and I don’t have these issues in that case. A lot of the complications come from the fact that we are trying to move together.
I’ve been with the FLOSS people and advocating for freedom and empowerment of the user for quite some time. It’s always a struggle. You always have to actively fight for your freedom. And if you want to stay in control of your data, you have to take matters into your own hands, to some degree. And that is some work. You have to learn concepts and gain a certain amount of literacy. The other option is to give up parts of your autonomy.
I mean the other other option would be to take care of each other and struggle collectively. I do not really think we get freedom one by one. I believe that to be in alignment with FLOSS.
Philosophically it’s kind of regressive to say that lost autonomy is deserved by people who fail to learn to the standards you think are reasonable in the areas you think they should know about. There is way too many things in the world we can’t all know about all of them.
I did the emoji thing and even though I went through it correctly it did not proceed reliably.
Oh. That’s not how it’s supposed to be. I self-host my own (Synapse) matrix server. So I wouldn’t know if there are issues with the network or something like that with the established, big servers.
several keys all associated with the same account […] (And did the keys each also have another password too?)
Yeah, That’s too many details. It should be: you sign up for a new account, keys are generated and you are requested to back up your master key. Maybe that backup can be protected with an additional password, I don’t really know. From that point cross signing and all cryptography should kick in automatically. Everything should be handled without the user needing to worry about additional keys. And in my oppinion the additional inner workings should be hidden from the user. At that point you’re set and once you log in with a different device or add a friend, a popup should open telling you to verify the other user/device with the emojis.
If everyone is bouncing around clients it’s a mess.
That is the most annoying thing with Matrix. I’ve also had this happen. Some time ago I had clients not support emoji verification. Or I try to write a bot in python and it runs on a server with no means of displaying emojis. I think Matrix isn’t strict enough to handle the diversity of clients. In theory diversity is a good thing, but for Matrix… I’ve also had some issues with that exact thing.
[…] struggle collectively. I do not really think we get freedom one by one.
That is especially true for messengers and social media. There is the network effect. A platform has little to no benefit if it doesn’t connect people and it’s just you ;-)
Philosophically it’s kind of regressive to say that lost autonomy is deserved by people who fail to learn to the standards you think are reasonable in the areas you think they should know about. There is way too many things in the world we can’t all know about all of them.
I agree. I have compared this to the Age of Enlightenment before. There is some basis we need to agree on. Everyone has to agree they want freedom and be ready to put in some work and face the struggles. But not everyone needs to become a computer expert and have this as their primary hobby. Just being a follower should be alright, the only thing is you can’t be annoyed by change and experiencing a dry spell every now and then. I think this is consensus and also how it works with parts of the FLOSS ecosystem. There are clubs and individuals who operate the servers and handle all the difficult and tedious parts of hosting. Not everybody can, or wants to do this. As a user it is your obligation to know how to operate your computer and smartphone. But it shouldn’t be overly complex. That takes away from the spirit and makes it inaccessible for some people. And we want the opposite of that, spread the freedom amongst everyone who is willing to participate.
I really don’t know what to recommend to you. Don’t resign and let the technical difficulties keep you from getting what you want. It’s the right choice. Maybe you find something better than Matrix for your use-case. I’m kind of in another situation, so my experience doesn’t necessarily apply to your situation. Maybe have one person do the work, try out a few servers and Apps/clients and pave the way for the rest of the group. It definitely doesn’t work if it’s an uncoordinated effort and there are sub-optimal choices and traps out there. And it will scare some people off (rightfully) if they have to start over for the third time.
With our group, we have tested matrix for some months with two people, then a third and then a friend of mine invited all the other people. Most of them use matrix.org as their Homeserver. And we keep the room unencrypted for maximum compatibility. We don’t give admin rights to everyone, that would lead to confusion. One person manages the room and they put in the effort to learn how to manage the room and help people get the app installed on their phones and join the room.
I’m trying out ‘Skred’, looks promising. Not open source.