Hello fellow c/privacy members.
I’m not new to privacy related things but I had a hard time persuading my family members and friends to switch to Matrix/Element. It is a reponse to UK’s Online Security Bill and Investigative Powers Act that may soon in effect.
While it is just a preperation and planning in case those actually became law, I already face resistance from them. When I ask them would they switch, their first reaction is “Why one more app?” then follows with “That’s cumbersome.” or “I don’t want to learn a new app.” and suggest something more popular like Line, Telegram or Discord. Sometimes they would “Install WhatsApp because X is on there and he/she won’t install one more app just for you.”
What can I do to persuade them to use a new platform? Thanks in advance.
EDIT: I think I should elebroate more of what Online Security Bill and Investigative Powers Act does[1]. As far as I understand, OSB will break E2EE by require scanning data on client device, like CSAM but much more generic. IPA requires companies to submit security funcition to the government for approval before releasing, and disable such feature upon request. Apple[2], Single[3] and WhatsApp made the announancment of exiting the UK market totally or partically if two were signed into law.
[1] https://web.archive.org/web/thenextweb.com/news/uk-investigatory-powers-act-default-surveillance-devices-privacy
[2] https://web.archive.org/web/www.forbes.com/sites/emmawoollacott/2023/07/21/apple-threatens-to-pull-facetime-and-imessage-from-the-uk
[3] https://web.archive.org/web/20230809125823/https://www.bbc.co.uk/news/technology-65301510#2023-08-09T12:57:48+00:00
Just a reminder, telegram is NOT secure at all. Telegram is NOT end-to-end encryptes by default, and they are not disclosing this fact peoperly, which makes them untrustworthy and not a tool against growing online surveilance
Sure you have to enable E2EE but they never say they use E2EE by default, they’re not advertising at all anyway. Saying it is “not secure at all” is a bit of a reach. They have proven they don’t share data with governments and again, you can use E2EE if you want
Honestly, WhatsApp is more trustworthy than Telegram.
deleted by creator
I can’t confirm this. For me it runs smooth and without bugs. Calls with Element are sometimes better than calls with my mobile carrier.
But I don’t have the technical knowledge to understand why a backend in python is a bad thing. Maybe your experience with Matrix is biased because of this knowledge?
deleted by creator
This huge difference in experience isn’t a great sign. But I hope it gets better over time.
when did you experience this?
loading the web client also takes a lot of time (1-2 minutes) for me, but everything else is ok. even that is because of an API design problem, and they are already working to replace that bad decision
deleted by creator
I believe it was this year that they made some great improvements in performance, so you might get a different experience if you try it again.
Well, it looks we might have convinced someone that it’s not that bad :)
deleted by creator
I’m planning to use Conduit[1] which is written in Rust instead of Synapse. I belive this will consume less resources but have no idea will it run smooth or not.
Afaik conduit is even more beta than denderite, personally I would not use it after seeing how buggy experience friends had with it
I haven’t tried yet. Dendrite follows the micro services architecture which I don’t need and increases management work. That’s why I choose Conduit.
This paragraph is why you won’t convince friends and family to use Matrix. It’s still too technical for non-technical people.
I agree it is technical. However, considering if the laws are in effect, there might not be a secure option, let alone private. It means that all conversations might be under government’s watch. That’s why I’m looking for a self hostable option, that can make sure data is in my control.
I am open to considering alternatives, but the foundation of the plan is based on the assumption that apps commonly used for secure and private conversations, such as Signal, may become insufficiently secure and private due to potential future laws or the possibility of exiting the UK market. The preferred criteria for the chosen app are that it is open source, audited, or ideally, both.
if it is an option to use different apps for daily chit chat and private matters, you may also take a look at Briar.
I say it this way because you both need* to beonlineconnected** to receive the message. It is also a bit more than a messaging app, its useful for organizing group events.* there is a workaround. they have a software that you can run on a regular computer that will hold the incoming messages until your phone becomes accessible, and the outgoing ones until the recipient becomes available.
** the app can use the internet (always through Tor), the local network (like a wifi network) and bluetooth to connect to your contacts
It would be nice to use just one app as they are the users. Not me.
And having a computer online the whole time because one might not present is quite a deal breaker.
Yes, but I was telling you this option because you are concerned about laws that will outlaw encryption. If they come into effect, it could easily happen that only solutions like this will remain.
friends and family dont even have to think about servers. they pick the client they like, log in to their account, and thats it.
conduit is server software, an alternative to the official python-based homeserver that is called synapse
Look, I once got everyone I know to switch to matrix (Riot, before element) and they depracated the client, made everyone redo their encryption keys, it was a huge mess. Nobody will ever listen to me ever again about a messaging app because of what new vector did with riot.
Matrix is too janky for people. Use something else. Simplex, signal, whatever.
Beyond that, the key is breaking this “one more app” mentality. Why is it so hard to have an app on your phone? These people would install the Starbucks app for a single free milkshake in a heartbeat. This expectation that everyone and everything can be done in one app is absurd, and it’s marketing by the big companies to lock people in when there’s no reason for it. your phone runs apps. What’s the big deal?
And that starts with you. make yourself available on multiple different messengers as possible. Don’t say “I use matrix”, youre being inflexible. Use everything that doesn’t collect your contacts and spy on you. Use telegram, but tell people telegram isn’t encrypted. I personally have matrix, XMPP, session, signal, simplex, telegram, and I even have a discord but I never use it. I fall back to email if I have to. Be flexible if you expect others to be, be available to communicate with in as many ways as you can privately to incentivize people to switch, give them options and let them pick.
Matrix is too janky for people. Use something else. Simplex, signal, whatever
This is the gist of it, yes. Setting up a Matrix account has several steps (e.g. backups, identity server, discovery) that are each complicated enough on their own to be deal-breakers for the vast majority of users. It’s just a non-starter for anyone who’s not a techie. It’s been around for many years but still has an absolutely terrible UX.
I wouldn’t dare to recommend it to anyone I know because I do not have the patience to walk them through it and explain it. It would cost me time, energy, and most importantly it would cost me social trust. Nobody would take me seriously anymore if I recommended something that is so user-unfriendly.
Signal is a pretty easy sell, on the other hand. It’s simple, it’s secure, and it works like any other messaging client. It’s not 800 steps to set up backups and discovery. I would prefer to use a decentralized platform, but I’m not investing into Matrix because IMHO, it has no future in the mainstream. I have a Matrix account but I don’t use it talk to anyone I know IRL, and I doubt I ever will.
Signal is only easier because it entirely ignores logging in on multiple devices. Maybe for some it is ok, but for me this is a huge dealbreaker, not an advantage.
If you dont set up key backups (an optional feature), its the same thing: with Signal, if you delete the app or lose your phone, all your messages are gone, along with your contacts that werent saved in your phone contacts and uploaded to a cloud service. If you use Matrix as you do with Signal, it works the same: you delete it, messages are gone. This is the default. But, you have the option to keep your messages.Identity server? You dont have to use that, and I don’t either. You are not obliged to set up being discovered by outside identifiers. Like I don’t want people to find me by my phone number, as I don’t want to use my phone number, for anything, at all, and so I didn’t do that.
I see that on Signal, you always find people by their phone number, which you are required to hand in. On Matrix, you find people either by their handles (~username), or their phone number or email address if they have handed those in, voluntarily.
So with an indentity server you can make yourself discoverable by your phone number, and you must use one if you want that.
But I think there is a better solution (on the long term, at least): to forget about phone numbers altogether, when possible. Why would this be feasible? It is possible to store the handle in your phones contacts, with the standard “instant messenger” field. Contacts then are usually sharable in messaging apps, or with a QR code, and a lot of software generally understands this format, so you could use this to make your handle known.
By the way, identity servers and discovery is the same step, not 2 different one.Perhaps this varies by server, or perhaps it’s changed since I signed up. When I signed up, I connected an identity server and then needed to go through a few extra steps to enable discovery by email address and phone number. IIRC my identity server did not support phone numbers at the time.
I greatly prefer service-specific usernames over phone numbers, and that’s a huge point in favor of Matrix. And I agree, Signal is ass-backwards when it comes to multiple devices.
Ok, now seeing what you mean, yes it may be thought of as 2 steps, because you really need to choose a server (or accept the default recommendation of your HS) and then add your info there, but mentally I just think of it as 1, because to me it feels like a single unit.
Ok, now seeing what you mean, yes it may be thought of as 2 steps, because you really need to choose a server (or accept the default recommendation of your HS) and then add your info there, but mentally I just think of it as 1, because to me it feels like a single unit.
I personally have matrix, XMPP, session, signal, simplex, telegram, and I even have a discord but I never use it.
I have Matrix, Session, Singal, Telegram, and Discord. Telegram is saldomly used and Discord is just subscribed to a bunch of game communities. Signal is threatened by OSB and IPA, which announced by them that they will get out of the UK market if those are in effect. Then left Matrix and Session, both not used by anyone.
I would like to be flexible but the reality is there are not much choices. Only XMPP which I don’t have, nor natively supports E2EE which varied by clients.
Look into JMP.CHAT. it’s XMPP, with a phone number that is gatewayed to PBX for voice, and can send/receive SMS.
deleted by creator
From what I understand, many large tech companies will leave UK if those laws are passed. I highly doubt it will happen, and if it does, I bet it will take about five seconds for the government to realize how vastly they fucked up.
Easier to get new friends and family who are already there
Sad but true. However, my whole family are not there. They are the primary contacts of mine, with some friends in the mix.
You could buy them a drink to install it. That’s how I got my family onto Signal. I also got my GF onto Element, but she’s also obligated to put up with my shit
Goals🤩
As some would phrase it
I wish it can be that simple.
deleted by creator
-
I set up a home server with a litany of bridges.
-
I show them all my chats from multiple platforms in one app.
-
They ask me for an account.
Got a how to for #1? Sounds like you hid a lot of complexity in that 1 step.
You can also try to find an instance that already does bridging. For Finnish citizens, pikaviestin.fi is a good option, but they don’t provide accounts to non-finns.
But no, I do not have a guide for setting this up. But you set up a homeserver, with a domain you can commit to, and once that is working, configure whatever bridges you like using their respective docs.
And yes, it is complex. Matrix is the most complicated thing I’ve ever self-hosted. But it wasn’t untenable, and it’s been very low maintenance.
Nice move
-
deleted by creator
I wish I can be this definitive but I couldn’t. Those connections are still needed, and most of the time is I need to talk to someone rather than the opposite.
Which is why I don’t like that advice. These connections are valuable, and people might want to talk to you but have other reasons why they won’t end up using the privacy focussed option only. It’s very hard to switch fully to something like Signal or Matrix, and this isn’t unique to privacy focussed chat apps either.
For me I talk to close friends and family on Signal, and that works because those are the people I have personal discussions with. For other friends that don’t really use Signal consistently, I’ve found that they still use Signal when they want to talk about something private. It’s a process, and I’m happy to put in a little bit of work while people I care about switch over.
deleted by creator
and all the others say, “if you want to talk to me I’m on Facebook”
for them, problem solveddeleted by creator
This itself is a kind of ignorance.
Sorry to break it to you, but Matrix is (for all practical purposes) run by a UK based company. If you are concerned about UK legislation, they are one of the worst to switch to as they will likely have little choice but to comply.
Better use XMPP, which is fully independent of any single company running everything behind the curtains.
Matrix is a protocol
Which is 100% controlled by the Matrix Foundation (and not an international standard like XMPP), which in turn is near 100% controlled by a single UK based company (Element/New Vector). Which makes the distinction between the company and the protocol absolutely moot. I wish it was otherwise.
That’s not really true though. If the Matrix foundation, element or any other party does something scketchy just fork it
Have you ever looked at the Synapse codebase? It’s almost as bad as Chromium and we all know how impossible that is to “just fork”.
That comparison doesn’t make sense. They are actively developing Dendrite alongside Synapse. They goal of Synapse is to be the stable version that just works and deploys the new features. Not necessarily being slim and efficient. That’s where Dendrite comes in and is very close to being feature parity. Many major servers already are running Dendrite and you wouldn’t even notice.
So if Google was actively developing a competitor to Chromium that is much more slimmed down and efficient, then your comparison would make sense.
You don’t need to speculate what they’re doing. It’s entirely open source, and you can validate every line of code they’re putting in. Is there any actual parts of the matrix protocol or app you’re specifically warning against, or are you causing general FUD?
Again, we don’t need to speculate, the entire platform is open source from server to client, so if there’s an issue with legislation then you can see it reflected in the code.
I am not speculating about anything. Are you personally ready to develop & maintain a fork of a Matrix homeserver or client? There is of course Conduit and Fluffychat etc. but they chronically lack behind in features and have all sorts of incompatibilities.
If Element is forced to implement the privacy invasive features required by this proposed UK legislation you will have little choice but to follow along as the entire ecosystem is over-engineered and designed to give Element a competitive edge over other competitors trying to use the same protocol. Like with Chromium it doesn’t matter much that it is open-source.
You list multiple alternative server software and then claim it’s unachievable at the same time lol. You are proving yourself wrong. Also there are a ton of other good Matrix apps out there besides Element.
You are speculating because you are speculating something could potentially go wrong because they’re in the UK, therefore the entire FOSS ecosystem and company they built just be untrustworthy.
as the entire ecosystem is over-engineered and designed to give Element a competitive edge over other competitors trying to use the same protocol
honestly I don’t think at all that it is over engineered. I see that alt implementations can’t keep up with the new features (or at least that was what I remember from a year or 2 ago, but now that I looked into it, conduit development gained some momentum), but that is not because it would be over engineered, but because the devs of the alt implementations all do this in their free time.
Conduit got a nice update today, which makes it only about 2 years behind Synapse or so ;)
It is true that they are mostly hobby projects and that is part of the reason why they are lagging behind, but a regular chat server is actually not that hard to write. There are multiple hobbyist written XMPP servers (and multiple enterprise written ones as well) that are up to specs and work well. Granted, they had a bit more time doing so, and Conduit might eventually catch up as well… but similar to Google and Chromium, it is not in the business interest of Element to have anyone come up with a fully viable alternative to their reference implementation.
deleted by creator
And then? Either you never update it, which likely means you will gradually stop being able to communicate with other people on the Matrix network, or you do, which means you will get those privacy invasive changes on your own server as well. And as I extensively explained elsewhere in this thread, forking is not a realistic option.
I guess I can just remove such code if they ever implement it as the home server is open sourced (Synapse). Plus other implementation exists (Conduit). Still, I will have a look on XMPP and see if it meets my needs. As others points out, I shouldn’t persuade but adapt thus I need bridges to connect other services, which Matrix isn’t lack of.
XMPP has very nice bridges as well: https://joinjabber.org/tutorials/gateways/slidge/
I preferred xmpp because it’s easier to host and consumes MUCH less RAM than a Matrix server. idk how both of them scale, but I only have myself and a few friends and family on my XMPP server and works fine.
Lemme know when there’s an actual usable client for XMPP. What software do you even use to connect to XMPP?
I use Gajim, family uses Conversations.
Conversations looks like it was made for Android kit Kat lol. Are you expecting that to be the messaging app killer as a serious recommendation to people
I’m in the process of trying to convince my company to switch to Matrix. I’ve setup a test server and the execs are tepidly giving it a whirl.
The problem is, we use Teams, Microsoft has its proverbial foot in our door, people are used to Teams and don’t really want to switch, and the company doesn’t care enough about privacy and data sovereignty to overcome the inertia and the learning curve.
They listen politely to my arguments and they agree that it would be better if Microsoft didn’t get all our data, but ultimately they really don’t care at all.
You don’t persuade them. They’ve already made their decision. Now you have to make yours. Their reasons for not wanting to switch are just as valid as yours for wanting to.
So, you either switch and accept that some of the people in your life don’t actually care enough to come with you, or you’re the one that has to adapt to multiple apps to communicate with others. That’s really what it boils down to. Most people don’t care about the matter, and there’s a segment of people in most of our lives that don’t care about us if there’s any inconvenience involved.
Some of them made alternate suggestions, which means they’re willing to go through some inconvenience for you, just not the specific inconvenience of having an app that only you and they will be using.
Despite now having storage space for multiple messaging apps, people resist the idea of having more than whatever arbitrary number they’ve decided doesn’t work. In some cases, that number may be one. And the truth is that remembering who is connected via what app/service is a pain in the ass if there’s enough people in your life. Some people can’t handle that memory issue and are just going to refuse outright out of necessity.
So, stop trying to change their minds and seek compromise. If they’re willing to switch to telegram, you can at least have some degree of encryption, so go with that for anyone that’s expressed willingness. Let that core group become the reason for anyone else to join in.
Unless you just want to play hardball and refuse to communicate with anyone on anything but your choice. There will be some that cave and join in. But you’d be amazed how many people and which people don’t really want to talk to you enough to do so. But you’ll have a small group of people that are now using it with you. You’ll have to help them get set up, and be prepared for the inevitable tech support you’re volunteering to provide, as well as the need to guide them through the learning curve of it.
“Installing
APP
does not require you to switch to it nor asking friends and family to use it. What it does is allowing them to reach out to you in a private way. By installing it you respect and support their choice of avoidingBAD_APP
.”On the sidenote: Just recommend Signal. It uses phone number as identifier, easy to grow by using phone book, has good track record when glowies have a warrant and most importantly it’s stable. It has flaws (no sms, not saving chat history) but there are no other alternatives available yet that beat signal for normies.
They are using Signal. I want to switch to Matrix/Element because the new laws might make Signal (and other viable chat apps) unavailable in the UK anymore.
Seems like you’re fucked anyway then. This has to be solved politically.
Bro I can’t even convince them to join me on Signal… It even syncs contacts w/ mobile number so it’s just a matter of downloading a stupid app and you’re set… I think one day I’ll be brave enough and just disappear from whatsapp.
I did this a few years ago. I set my status message to “Starting on [date] I’ll be available only on Signal/sms.” and that was it. A few frieds/family members moved, most of them not, but I don’t miss it a bit.
I basically forced everyone to message me on Signal & Telegram cause fuck Meta (people my age in Canada desperately wants to talk on Instagram for some reason)
Don’t remind me of Signal. I spent lots of effort to convince them to switch, and ultimately defeated, not the app but me, because of a protest that people move toward a more secure communication system i.e. Signal, not more private.
If they don’t want to then don’t continue trying to persuade them. Chances are they don’t care about privacy anyway, and even if they do, everyone has their own personal preferences.
[This comment has been deleted by an automated system]
Not a lot really. Also, until element gets easier key management for encryption i wouldnt suggest it. I understand public/private keys and session verification and still can never restore matrix from backups without it saying “waiting for message” and it never decrypting even though all the keys imported fine. Its a PITA
Yeah, what’s with that?
It is always a pain in the ass trying to explain that, but it never seems to get fixed
The biggest issue with matrix is that while the protocol is open and servers and clients can be built around it, the element client and synapse server are developed so quickly that nobody else can dream of keeping up. That is its own kind of vendor lock-in.
Yes, but think about how slow development would be if they weren’t so fast. And even this way they are still very slow.
Even if less and less, there are still dealbreaker years-old encryption issues, like that if someone joins an encrypted room, they won’t get the keys for the old messages even if history visibility is on the most permissive setting.
Actually this is for security reasons, and as I understand encryption would be worthless the other way, as a server admin could add an account to the room which would get all the keys otherwise. A workaround to this (it was standardised recently) is that if you invite them from an element client (their client also needs support for this I think, as they have to use it at least for the initial join), your client will send them all the keys it knows, but I’m not sure if it will make only your past messages visible or all of those that you can see (at the point of invitation, so maybe it’s best to scroll back to the beginning of what you see for it to work best). They are also working on a real solution (they refer to it as the end of the linked proposal), I have seen work on that even this year, but they are working on so much things at the same time that it feels to me they’re getting nowhere.I often feel that even though alt impls can’t keep up, the organization is still starved for human resources. They need to do a whole lot of things at the same time, and of course that’s not possible, because everyone can work on only so few things at a time.
They were often even bashed for serious mistakes and overlookings resulting from this (like the hackea writup), but it seems entirely plausible to me that in the past because of this lack of resources they just weren’t able to do things properly, and they have problems with admitting that with words even to themselves.Wow. Thanks for such a fantastic explanation.