You must log in or # to comment.
I just want a self-hostable open-source alternative to the shitty closed-source IM systems I’m forced to use
I’m sticking with Matrix for now, hopefully some of the issues I’ve had will get ironed out
I agree with all this. The thing which caused me to uninstall was suddenly being pushed lots of abusive message with disturbing contents.
When I complained about it, Matrix told me that my public complaints were hurting the ecosystem and I should be quiet.
i want 90s era icq and 2000s era msn back :(
But they both closed source protocols locked down to specific corp
What would you propose, then?
How about jabber/XMPP
The protocol is bloated to hell so third-party clients stand no chance, and the foundation spends more time bikeshedding or pissing away money than they do developing. It’s a doomed project.
So what’s left? Jabber?
Depends what your goal is. Revolt seems pretty cool, but I don’t think it has any kind of encryption. It is based in Europe, though, so it gets GDPR protection, and it’s open source, so it could be forked to fit other needs and uses.
No, Revolt checks neither of my boxes unfortunately.
Slrpnk hosts an XMPP/Jabber for our users, mods and admins to communicate. Its worked pretty darn well for the past couple years, with very low resource needs.
The clients are pretty slick now too, such as Cheogram or Monocles for mobile, and movim is an excellent web app with support for group calls.
I’d certainly recommend it over Matrix/element.
What’s the protection in the clients assuming compromised infrastructure, like e.g. in https://notes.valdikss.org.ru/jabber.ru-mitm/ ?
Significant improvements to certificate pinning and validation have been added to all major XMPP clients as a result of this incident, but it should also be clear that hosting a server on infrastructure under control by an antagonist government (see also Signal) is a very bad idea and hard to mitigate against.
Signal doesn’t suffer anything worse than DoS if a hostile party controls the central service. That’s its point and role. It’s based on the assumption that such hostile parties as governments don’t like DoS’ing central services, they prefer to be invisible.
For other points and roles other solutions exist. One can’t make an application covering them all, that never happens.
Briar again (I’ve finally read on it and installed it, and I love how it works and also the authors’ plans on the future possibilities based on the same protocols, but not for IM, say, there’s an article discussing possibility of RPC over those, which, for example, can give us something like the Web ; I mean, those plans are ambitious and if I want them to succeed so much, I should look for ways to defeat my executive dysfunction and distractions and learn Java). Except it would be cool if it allowed to toss data over untrusted parties, say, now if two Briar users in the same group are not in each other’s range, but there’s a third Briar user not in that group between them, their group won’t synchronize (provided they don’t have Internet connectivity). If one could allow allocating some space for such piggybacked data, or create some mesh routing functionality, then it would become a bit cooler.
You are very naive if you think that is all the US government can do in regards to Signal, but suit yourself 🤷
OK, so what else in your opinion can it do?
End to end encryption between clients (also for groups) seems to partly address the issue of a bad server. As for self-hosting, any rented or cloud sevices are very vulnerable to an evil maid. So either in-house hosting or locked cages with tamper-proof hardware remain an option.
I’m afraid that’s quite outside my field of expertise. I can only report how my experience on XMPP has been as a user, though perhaps @poVoq@slrpnk.net, who hosts it, may be able to weigh in on that. Edit: ah, I see you already have 😄
Though from my untrained eye, it seems that Jabber.ru was compromised due to not enabling a particular feature on their server
“Channel binding” is a feature in XMPP which can detect a MiTM even if the interceptor present a valid certificate. Both the client and the server must support SCRAM PLUS authentication mechanisms for this to work. Unfortunately this was not active on jabber.ru at the time of the attack.
And it seems that hosting it externally on paid hosting service (hetzner and linode) left them particularly vulnerable to this attack, and tgat it could’ve been mitigated by self hosting the XMPP locally, as well as activating that feature.
Back to IRC we go…
It is entirely insecure.
xmpp isn’t.
(Ok I get xmpp alone is but every modern client supports the same two encryption methods so judge for yourself)
Not when the entirety of your conversations are jargon and in-jokes!
/s
For me Matrix is fine, I can use IRC, Whatsapp and Discord with it. But Element is not my cup of tea, especially with Firefox as it doesn’t play any videos other users are sharing. The same videos work fine with Cinny.
I can use IRC
The fact that many Discord and IRC channels (servers?) block Matrix connections has drastically reduced its usefulness for me. When I was running my own Matrix server, I could have gotten around it by using a puppet, but Synapse is such a hog I had to shut it down, and most of the IRC rooms I want to use don’t allow Matrix proxies.
The IRC (Biboumi) and Discord bridges (slidge.im) for XMPP work still fine and running your own server is super lightweight.
I am still mad that are no mobile clients that supports multiple accounts. So I am ending up installing for each account a different client.
Edit: added mobile.
Element Desktop has profiles. But sadly there are no profiles on the mobile app.
NeoChat on KDE allows me to choose which account to login to when I start it.
Does it let you be logged in as both ?
