What I’m looking for ultimately is a universal chat type app like Beeper that can handle Signal and SMS, however, reading this about it gives me pause. It would be nice if I could get all my peeps on matrix, but since it was so hard to get them on to Signal, I think the best I can hope for is something than can handle matrix, signal, and sms. Which brings me back to the title, how exactly do Matrix bridges work and are they secure?
EDIT: SMS is insecure by its very nature, yes?
A bridge receives messages from one service, extracts the necessary content (text, images, video, etc.) and submits it to your Matrix server. It also works the other way around, of course, sending your Matrix messages to other services. The bridge bots can usually exchange messages through encrypted chat rooms but the exact workings of encryption differ per bridge.
For encrypted messenger services, Matrix bridges do decrypt messages inside the bridge. They can be re-encrypted with Matrix’s encryption, but somewhere along the chain they need to be decrypted, or the bridges literally cannot work.
If you run your own bridges, like many technically minded people do, this isn’t much of a problem; you remain in control of your messages. Your messages are stored on your server, and they can be as secure as you can make them.
If you rely on an external party to run your bridges (a.k.a. “the normal use case”), you need to trust that party with all of your messages. I would probably trust an company like Element.io because they’re based in the UK which is subject to a GDPR-like law and they don’t make money off of message analysis or ads. Beeper probably isn’t that bad either but I haven’t looked into them.
You’ll have to decide how bad you feel about your messages being decrypted. For unencrypted apps (Discord, Slack, Telegram in 99.999% of cases, Skype, Teams, GChat, SMS) I don’t think it matters that much. You are adding an extra party in the middle of your communications, but they’re not leeching off you like Google would be. They could get hacked, of course, but so could the super special alternative app you may find.
SMS is one of the least secure methods of message exchange. It’s sent unencrypted, often inspected and logged at every ISP the message travels through, and can be redirected on a whim by someone on the other side of the planet through SS7 hacks. SMS is attached to a phone number and ISPs usually have some kind of ID check for phone numbers, and it’s guaranteed to work on any phone out there. Those are the only advantages of SMS. Only use them for things like 2FA if you have no other reasonable alternative!
Back in the day, when mobile messaging was in its infancy, we used to have various chat services (AIM/MSN/AOL) and chat clients that spoke all protocols. These fat clients have gone out of fashion because everyone flocked to mobile messengers. These days Pidgin still exists and has support for all kinds of protocols (even more than Matrix!) but it’s lacking encryption support for many of them. If you run Linux (UBTouch/Phosh/Plasma Mobile/etc.) on your phone then there’s no technical reason why you couldn’t just run Pidgin, but it would probably be quite disappointing if you’re used to modern chat apps.
I don’t know of any mobile app that works in the same style, speaking a tonne of different protocols instead of relying on a server that manages it all. The problem is usually that many of these chat systems don’t have any idea about multi device chat, chat groups, or other they have been implemented in their own weird way (Discord “servers” are one example of an extra layer most external apps struggle with, though Matrix has spaces which do the job quite well). That means message history isn’t always available, or read receipts and notifications are wonky, or messages may get decrypted on one device but not any others, and so on, and so forth. Matrix bridges act as a middle man for these services, being the “single device” that does all the talking, while using Matrix to make modern features available to your phone and desktop.
But, there is hope! Next year, the EU Digital Markets Act goes into effect for many large companies, which mandates that they have to offer their messengers (and app stores!) to outsiders if they have more than a certain amount of users inside the EU. That means Apple, Signal, WhatsApp, and a whole bunch of other services will have to interoperate by law. That means that smaller devs should be able to make apps that talk to all platforms without having to reverse engineer the API (and have their apps break with every update). The IETF is even working on a standard to make this possible without sacrificing encryption (MIMI) which will hopefully be taken up quickly, though there’s no guarantee that that specific protocol will be used.
I fucking love it every time I hear about some random thing that the EU decides is unacceptable and forces corporations to be much more consumer friendly as a result
Removed by mod
That’s fair, Signal is probably not small enough to be considered a gatekeeper. I doubt Signal is going to be the only messenger that doesn’t take advantage of this, though.
You don’t have to talk to people who use WhatsApp if you don’t want to, you can always ignore their messages or block them.