• 4 Posts
  • 966 Comments
Joined 4 years ago
cake
Cake day: June 28th, 2020

help-circle
  • Matrix servers chew up an order of magnitude more CPU/RAM which limits the places you can deploy it. The eventual consistency model makes storage balloon as every message, attachment, metadata must be copied to all nodes in a conversation which is resilient, but wasteful in duplicated content in practices which has historically caused many medium & larger servers to shut down due to the explosive just of storage (similar issues with Mastodon). That same model is why it takes on the order of minutes to just join a room or come back to a client that hasn’t been opened recently. Element X & new servers have to work so damn hard to work around asynchronously than fundamental decision to attempt to hide it from the sluggish UX but behind the scenes still too expensive. & since it is expensive to run in many vectors this causes folks to then move to the biggest servers that can handle the load which means the Matrix network is in actuality a small number of massive servers (most of which managed by Matrix.org) & a small number of tiny hobbyists running nodes of <10 users is practice. With so many users on Matrix.org-controlled instances (& again with eventual consistency), almost all data gets synced to their nodes make subpoenas a breeze.

    A healthier network would have many fewer massive centralized nodes, medium-sized nodes, & the resource requirements would be low enough that more folks would be encouraged more often to run their own nodes they control so they aren’t required to trust an unknown serves operator. Meaning “just making an account on any public server” isn’t a great mode of operation for privacy—especially as with Matrix joining a medium-sized server will put them under a lot of strain causing them to throw in the tower & joining the few massive servers further exacerbating the centralization issue.

    Copying the UX of Slack/Telegram/Discord in a decentralized manner is a fool’s errand. Keeping the chat history for eternity is already a questionable call over using forums, but trying to distribute that out like a blockchain is so wasteful.

    https://lukesmith.xyz/articles/matrix-vs-xmpp/ https://www.freie-messenger.de/en/systemvergleich/xmpp-matrix/ https://www.process-one.net/blog/matrix-and-xmpp-thoughts-on-improving-messaging-protocols-part-1/


  • Others are noting clients & servers matter. This isn’t a downside—it’s just that the protocol is flexible & extensible for many types of messaging beyond human2human private conversations, which explains why encryption isn’t a requirement for the clients. With that said any modern client targeting said H2H interaction will have basic forms of encryption like PGP, OTR, & OMEMO which all do the job of E2EE. OMEMO is based on the same ideas that Signal, WhatsApp, Matrix, & so on use so that part is all the same.

    A unique feature for XMPP in this space tho is how low-spec & resource-unintensive the servers/clients are—you aren’t chewing up a ton of CPU or RAM, there is no eventual consistency to balloon storage (MAM is enough), clients don’t drain your battery or take literal minutes to sync with servers. Since it is low-cost, it is feasible to self-host XMPP from a residential server (at home on some old hardware for instance) or add it to a multipurpose machine where it doesn’t get in the way of other processes/storage. Some of the other service often mentioned here either you can’t self-host or are quite expensive to run (often by design) which limits the accessibility causing centralization as well as requiring trust in that server you don’t own.



  • XMPP doesn’t need notifications per se since it already has a connection to the client. Since it works for all other OSs to hook into this & display a notification, I don’t even want to know what restrictions Apple has on iOS that prevent such basic behavior. Apple digs its own grave here. What’s worse is I want to say “go get a Android phone, dummy” to a ‘normie’ but the stock OS on any Android phone is going to be on aggregate a worse privacy situation unless you would have to be ready to teach how to unGoogle it to the extent they would tolerate.

    Linux phone when?







  • Motal is participating in GSoC this year to get some new features too.

    But this is a wider issue that developing free software for Apple products is way too expensive (time & money) to be feasible while also going against the general free software ethos. It should be no surprise the walled garden of a proprietary OS that charges you to publish to their store has a severe lack of free or otherwise ethical software (which is important for security for something as important as a messaging app full of private data).


  • XMPP clients are fine albeit it all, as many as they are, slightly different as is the nature of the protocol. This just means there is value in contributing to existing clients, creating new clients, or embracing progressive enhancement (which most do for example with emoji reactions just being a quoted text reply & so on) & complete feature parity is a fool’s errand if you want an exensible protocol with diversity & experimentation in the community. With the broad exception of the Conversations Compliance, there isn’t a flagship client & instead the best ideas come to the most used or most innovative clients. I use Cheogram, Profanity, Gajim, Dino, Movim at different times (& would love to create my own). The protocol is stable, healthy, & ready for proposals for improvement.

    If I compare this to the more-expensive-by-all-metrics-to-run Matrix, if it ain’t Element, you gotta problem since a vast majority of users are on it & using all of its features & no other client has anything near parity but are expected to have parity instead of allowing things to sometimes be gracefully missed or shown in a less than ideal manner as acceptable. This hurts experimentation. Good luck trying anything similar to GDPR when all nodes are design & required to duplicate all messages & attachments for all users to every server anyone in it comes from.

    The only real gotcha is the same gotcha as Matrix when using multiple clients with double-ratchet encryption (ala Signal) is that clients will expire keys that haven’t been seen in a while & is hard to get both devices retrusting one another. Turning it off & on again rarely works & requires fiddling on both ends sometimes. I really should just use PGP for encryption more often…







  • Baby. Bathwater.

    Not all of the cryptocurrency behave as a Ponzi scheme even if many do. It also happens to be the most convenient way to transfer money between myself & the foreign friends I have—especially with Monero & Zcash hiding the transaction like cash would. I mostly use cash daily but if I have to do it digitally, I would rather it not be logged thru the government, some US-based tech firm, & all their third-party advertizing affiliates as is the case with credit cards and other mobile apps.




  • I got locked out my seldom-used PayPal account a few years ago. They decided to arbitrarily remove Google Voice as an SMS 2FA option (I want to say TOTP wasn’t supported when I signed up). I went to find out who to contact about authentication issues, but support, chicken-&-egg-style, requires authentication—even for auth issues—with no support@ email. I used the worst-case-scenario support option of Twitter but that support team banned me for messaging them about auth. Since I couldn’t get back into my account + the sheer incompetence of the support system, I never used & refused to use PayPal ever since. I am happy that my country prefers cash transactions & I can’t believe in the past I used a major bank credit card + major corp digital payment option for almost all purchases. Long live cash (& Monero/Zcash).