Hello fellow c/privacy members.

I’m not new to privacy related things but I had a hard time persuading my family members and friends to switch to Matrix/Element. It is a reponse to UK’s Online Security Bill and Investigative Powers Act that may soon in effect.

While it is just a preperation and planning in case those actually became law, I already face resistance from them. When I ask them would they switch, their first reaction is “Why one more app?” then follows with “That’s cumbersome.” or “I don’t want to learn a new app.” and suggest something more popular like Line, Telegram or Discord. Sometimes they would “Install WhatsApp because X is on there and he/she won’t install one more app just for you.”

What can I do to persuade them to use a new platform? Thanks in advance.

EDIT: I think I should elebroate more of what Online Security Bill and Investigative Powers Act does[1]. As far as I understand, OSB will break E2EE by require scanning data on client device, like CSAM but much more generic. IPA requires companies to submit security funcition to the government for approval before releasing, and disable such feature upon request. Apple[2], Single[3] and WhatsApp made the announancment of exiting the UK market totally or partically if two were signed into law.

[1] https://web.archive.org/web/thenextweb.com/news/uk-investigatory-powers-act-default-surveillance-devices-privacy
[2] https://web.archive.org/web/www.forbes.com/sites/emmawoollacott/2023/07/21/apple-threatens-to-pull-facetime-and-imessage-from-the-uk
[3] https://web.archive.org/web/20230809125823/https://www.bbc.co.uk/news/technology-65301510#2023-08-09T12:57:48+00:00

  • newhinton@kbin.social
    link
    fedilink
    arrow-up
    51
    arrow-down
    3
    ·
    1 year ago

    Just a reminder, telegram is NOT secure at all. Telegram is NOT end-to-end encryptes by default, and they are not disclosing this fact peoperly, which makes them untrustworthy and not a tool against growing online surveilance

    • TheFool@infosec.pub
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Sure you have to enable E2EE but they never say they use E2EE by default, they’re not advertising at all anyway. Saying it is “not secure at all” is a bit of a reach. They have proven they don’t share data with governments and again, you can use E2EE if you want

    • glasgitarrewelt@feddit.de
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      I can’t confirm this. For me it runs smooth and without bugs. Calls with Element are sometimes better than calls with my mobile carrier.

      But I don’t have the technical knowledge to understand why a backend in python is a bad thing. Maybe your experience with Matrix is biased because of this knowledge?

      • kaya@eviltoast.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Afaik conduit is even more beta than denderite, personally I would not use it after seeing how buggy experience friends had with it

        • umami_wasabi@lemmy.mlOP
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I haven’t tried yet. Dendrite follows the micro services architecture which I don’t need and increases management work. That’s why I choose Conduit.

      • Hexadecimalkink@lemmy.ml
        link
        fedilink
        arrow-up
        5
        arrow-down
        6
        ·
        1 year ago

        This paragraph is why you won’t convince friends and family to use Matrix. It’s still too technical for non-technical people.

        • umami_wasabi@lemmy.mlOP
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          I agree it is technical. However, considering if the laws are in effect, there might not be a secure option, let alone private. It means that all conversations might be under government’s watch. That’s why I’m looking for a self hostable option, that can make sure data is in my control.

          I am open to considering alternatives, but the foundation of the plan is based on the assumption that apps commonly used for secure and private conversations, such as Signal, may become insufficiently secure and private due to potential future laws or the possibility of exiting the UK market. The preferred criteria for the chosen app are that it is open source, audited, or ideally, both.

          • ReversalHatchery@beehaw.org
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            if it is an option to use different apps for daily chit chat and private matters, you may also take a look at Briar.
            I say it this way because you both need* to be online connected** to receive the message. It is also a bit more than a messaging app, its useful for organizing group events.

            * there is a workaround. they have a software that you can run on a regular computer that will hold the incoming messages until your phone becomes accessible, and the outgoing ones until the recipient becomes available.

            ** the app can use the internet (always through Tor), the local network (like a wifi network) and bluetooth to connect to your contacts

            • umami_wasabi@lemmy.mlOP
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              It would be nice to use just one app as they are the users. Not me.

              And having a computer online the whole time because one might not present is quite a deal breaker.

              • ReversalHatchery@beehaw.org
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Yes, but I was telling you this option because you are concerned about laws that will outlaw encryption. If they come into effect, it could easily happen that only solutions like this will remain.

        • ReversalHatchery@beehaw.org
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          1 year ago

          friends and family dont even have to think about servers. they pick the client they like, log in to their account, and thats it.

          conduit is server software, an alternative to the official python-based homeserver that is called synapse

  • mister_monster@monero.town
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Look, I once got everyone I know to switch to matrix (Riot, before element) and they depracated the client, made everyone redo their encryption keys, it was a huge mess. Nobody will ever listen to me ever again about a messaging app because of what new vector did with riot.

    Matrix is too janky for people. Use something else. Simplex, signal, whatever.

    Beyond that, the key is breaking this “one more app” mentality. Why is it so hard to have an app on your phone? These people would install the Starbucks app for a single free milkshake in a heartbeat. This expectation that everyone and everything can be done in one app is absurd, and it’s marketing by the big companies to lock people in when there’s no reason for it. your phone runs apps. What’s the big deal?

    And that starts with you. make yourself available on multiple different messengers as possible. Don’t say “I use matrix”, youre being inflexible. Use everything that doesn’t collect your contacts and spy on you. Use telegram, but tell people telegram isn’t encrypted. I personally have matrix, XMPP, session, signal, simplex, telegram, and I even have a discord but I never use it. I fall back to email if I have to. Be flexible if you expect others to be, be available to communicate with in as many ways as you can privately to incentivize people to switch, give them options and let them pick.

    • GenderNeutralBro@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      Matrix is too janky for people. Use something else. Simplex, signal, whatever

      This is the gist of it, yes. Setting up a Matrix account has several steps (e.g. backups, identity server, discovery) that are each complicated enough on their own to be deal-breakers for the vast majority of users. It’s just a non-starter for anyone who’s not a techie. It’s been around for many years but still has an absolutely terrible UX.

      I wouldn’t dare to recommend it to anyone I know because I do not have the patience to walk them through it and explain it. It would cost me time, energy, and most importantly it would cost me social trust. Nobody would take me seriously anymore if I recommended something that is so user-unfriendly.

      Signal is a pretty easy sell, on the other hand. It’s simple, it’s secure, and it works like any other messaging client. It’s not 800 steps to set up backups and discovery. I would prefer to use a decentralized platform, but I’m not investing into Matrix because IMHO, it has no future in the mainstream. I have a Matrix account but I don’t use it talk to anyone I know IRL, and I doubt I ever will.

      • ReversalHatchery@beehaw.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        1 year ago

        Signal is only easier because it entirely ignores logging in on multiple devices. Maybe for some it is ok, but for me this is a huge dealbreaker, not an advantage.
        If you dont set up key backups (an optional feature), its the same thing: with Signal, if you delete the app or lose your phone, all your messages are gone, along with your contacts that werent saved in your phone contacts and uploaded to a cloud service. If you use Matrix as you do with Signal, it works the same: you delete it, messages are gone. This is the default. But, you have the option to keep your messages.

        Identity server? You dont have to use that, and I don’t either. You are not obliged to set up being discovered by outside identifiers. Like I don’t want people to find me by my phone number, as I don’t want to use my phone number, for anything, at all, and so I didn’t do that.
        I see that on Signal, you always find people by their phone number, which you are required to hand in. On Matrix, you find people either by their handles (~username), or their phone number or email address if they have handed those in, voluntarily.
        So with an indentity server you can make yourself discoverable by your phone number, and you must use one if you want that.
        But I think there is a better solution (on the long term, at least): to forget about phone numbers altogether, when possible. Why would this be feasible? It is possible to store the handle in your phones contacts, with the standard “instant messenger” field. Contacts then are usually sharable in messaging apps, or with a QR code, and a lot of software generally understands this format, so you could use this to make your handle known.
        By the way, identity servers and discovery is the same step, not 2 different one.

        • GenderNeutralBro@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Perhaps this varies by server, or perhaps it’s changed since I signed up. When I signed up, I connected an identity server and then needed to go through a few extra steps to enable discovery by email address and phone number. IIRC my identity server did not support phone numbers at the time.

          I greatly prefer service-specific usernames over phone numbers, and that’s a huge point in favor of Matrix. And I agree, Signal is ass-backwards when it comes to multiple devices.

          • ReversalHatchery@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Ok, now seeing what you mean, yes it may be thought of as 2 steps, because you really need to choose a server (or accept the default recommendation of your HS) and then add your info there, but mentally I just think of it as 1, because to me it feels like a single unit.

          • ReversalHatchery@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Ok, now seeing what you mean, yes it may be thought of as 2 steps, because you really need to choose a server (or accept the default recommendation of your HS) and then add your info there, but mentally I just think of it as 1, because to me it feels like a single unit.

    • umami_wasabi@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      I personally have matrix, XMPP, session, signal, simplex, telegram, and I even have a discord but I never use it.

      I have Matrix, Session, Singal, Telegram, and Discord. Telegram is saldomly used and Discord is just subscribed to a bunch of game communities. Signal is threatened by OSB and IPA, which announced by them that they will get out of the UK market if those are in effect. Then left Matrix and Session, both not used by anyone.

      I would like to be flexible but the reality is there are not much choices. Only XMPP which I don’t have, nor natively supports E2EE which varied by clients.

      • MasterBlaster@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Look into JMP.CHAT. it’s XMPP, with a phone number that is gatewayed to PBX for voice, and can send/receive SMS.

      • asdfasdfasdf@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        From what I understand, many large tech companies will leave UK if those laws are passed. I highly doubt it will happen, and if it does, I bet it will take about five seconds for the government to realize how vastly they fucked up.

    • umami_wasabi@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Sad but true. However, my whole family are not there. They are the primary contacts of mine, with some friends in the mix.

  • BitSound@lemmy.world
    link
    fedilink
    arrow-up
    14
    ·
    1 year ago

    You could buy them a drink to install it. That’s how I got my family onto Signal. I also got my GF onto Element, but she’s also obligated to put up with my shit

  • MentalEdge@sopuli.xyz
    link
    fedilink
    arrow-up
    14
    ·
    1 year ago
    1. I set up a home server with a litany of bridges.

    2. I show them all my chats from multiple platforms in one app.

    3. They ask me for an account.

    • umami_wasabi@lemmy.mlOP
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      I wish I can be this definitive but I couldn’t. Those connections are still needed, and most of the time is I need to talk to someone rather than the opposite.

      • Otter@lemmy.ca
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        Which is why I don’t like that advice. These connections are valuable, and people might want to talk to you but have other reasons why they won’t end up using the privacy focussed option only. It’s very hard to switch fully to something like Signal or Matrix, and this isn’t unique to privacy focussed chat apps either.

        For me I talk to close friends and family on Signal, and that works because those are the people I have personal discussions with. For other friends that don’t really use Signal consistently, I’ve found that they still use Signal when they want to talk about something private. It’s a process, and I’m happy to put in a little bit of work while people I care about switch over.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    18
    arrow-down
    5
    ·
    1 year ago

    Sorry to break it to you, but Matrix is (for all practical purposes) run by a UK based company. If you are concerned about UK legislation, they are one of the worst to switch to as they will likely have little choice but to comply.

    Better use XMPP, which is fully independent of any single company running everything behind the curtains.

      • poVoq@slrpnk.net
        link
        fedilink
        arrow-up
        14
        arrow-down
        4
        ·
        edit-2
        1 year ago

        Which is 100% controlled by the Matrix Foundation (and not an international standard like XMPP), which in turn is near 100% controlled by a single UK based company (Element/New Vector). Which makes the distinction between the company and the protocol absolutely moot. I wish it was otherwise.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          That’s not really true though. If the Matrix foundation, element or any other party does something scketchy just fork it

          • poVoq@slrpnk.net
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            1 year ago

            Have you ever looked at the Synapse codebase? It’s almost as bad as Chromium and we all know how impossible that is to “just fork”.

            • 👁️👄👁️@lemm.ee
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 year ago

              That comparison doesn’t make sense. They are actively developing Dendrite alongside Synapse. They goal of Synapse is to be the stable version that just works and deploys the new features. Not necessarily being slim and efficient. That’s where Dendrite comes in and is very close to being feature parity. Many major servers already are running Dendrite and you wouldn’t even notice.

              So if Google was actively developing a competitor to Chromium that is much more slimmed down and efficient, then your comparison would make sense.

        • 👁️👄👁️@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          You don’t need to speculate what they’re doing. It’s entirely open source, and you can validate every line of code they’re putting in. Is there any actual parts of the matrix protocol or app you’re specifically warning against, or are you causing general FUD?

          Again, we don’t need to speculate, the entire platform is open source from server to client, so if there’s an issue with legislation then you can see it reflected in the code.

          • poVoq@slrpnk.net
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            edit-2
            1 year ago

            I am not speculating about anything. Are you personally ready to develop & maintain a fork of a Matrix homeserver or client? There is of course Conduit and Fluffychat etc. but they chronically lack behind in features and have all sorts of incompatibilities.

            If Element is forced to implement the privacy invasive features required by this proposed UK legislation you will have little choice but to follow along as the entire ecosystem is over-engineered and designed to give Element a competitive edge over other competitors trying to use the same protocol. Like with Chromium it doesn’t matter much that it is open-source.

            • 👁️👄👁️@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              You list multiple alternative server software and then claim it’s unachievable at the same time lol. You are proving yourself wrong. Also there are a ton of other good Matrix apps out there besides Element.

              You are speculating because you are speculating something could potentially go wrong because they’re in the UK, therefore the entire FOSS ecosystem and company they built just be untrustworthy.

            • ReversalHatchery@beehaw.org
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              as the entire ecosystem is over-engineered and designed to give Element a competitive edge over other competitors trying to use the same protocol

              honestly I don’t think at all that it is over engineered. I see that alt implementations can’t keep up with the new features (or at least that was what I remember from a year or 2 ago, but now that I looked into it, conduit development gained some momentum), but that is not because it would be over engineered, but because the devs of the alt implementations all do this in their free time.

              • poVoq@slrpnk.net
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Conduit got a nice update today, which makes it only about 2 years behind Synapse or so ;)

                It is true that they are mostly hobby projects and that is part of the reason why they are lagging behind, but a regular chat server is actually not that hard to write. There are multiple hobbyist written XMPP servers (and multiple enterprise written ones as well) that are up to specs and work well. Granted, they had a bit more time doing so, and Conduit might eventually catch up as well… but similar to Google and Chromium, it is not in the business interest of Element to have anyone come up with a fully viable alternative to their reference implementation.

          • poVoq@slrpnk.net
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            And then? Either you never update it, which likely means you will gradually stop being able to communicate with other people on the Matrix network, or you do, which means you will get those privacy invasive changes on your own server as well. And as I extensively explained elsewhere in this thread, forking is not a realistic option.

        • umami_wasabi@lemmy.mlOP
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I guess I can just remove such code if they ever implement it as the home server is open sourced (Synapse). Plus other implementation exists (Conduit). Still, I will have a look on XMPP and see if it meets my needs. As others points out, I shouldn’t persuade but adapt thus I need bridges to connect other services, which Matrix isn’t lack of.

  • ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    I’m in the process of trying to convince my company to switch to Matrix. I’ve setup a test server and the execs are tepidly giving it a whirl.

    The problem is, we use Teams, Microsoft has its proverbial foot in our door, people are used to Teams and don’t really want to switch, and the company doesn’t care enough about privacy and data sovereignty to overcome the inertia and the learning curve.

    They listen politely to my arguments and they agree that it would be better if Microsoft didn’t get all our data, but ultimately they really don’t care at all.

  • southsamurai@sh.itjust.works
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    1 year ago

    You don’t persuade them. They’ve already made their decision. Now you have to make yours. Their reasons for not wanting to switch are just as valid as yours for wanting to.

    So, you either switch and accept that some of the people in your life don’t actually care enough to come with you, or you’re the one that has to adapt to multiple apps to communicate with others. That’s really what it boils down to. Most people don’t care about the matter, and there’s a segment of people in most of our lives that don’t care about us if there’s any inconvenience involved.

    Some of them made alternate suggestions, which means they’re willing to go through some inconvenience for you, just not the specific inconvenience of having an app that only you and they will be using.

    Despite now having storage space for multiple messaging apps, people resist the idea of having more than whatever arbitrary number they’ve decided doesn’t work. In some cases, that number may be one. And the truth is that remembering who is connected via what app/service is a pain in the ass if there’s enough people in your life. Some people can’t handle that memory issue and are just going to refuse outright out of necessity.

    So, stop trying to change their minds and seek compromise. If they’re willing to switch to telegram, you can at least have some degree of encryption, so go with that for anyone that’s expressed willingness. Let that core group become the reason for anyone else to join in.

    Unless you just want to play hardball and refuse to communicate with anyone on anything but your choice. There will be some that cave and join in. But you’d be amazed how many people and which people don’t really want to talk to you enough to do so. But you’ll have a small group of people that are now using it with you. You’ll have to help them get set up, and be prepared for the inevitable tech support you’re volunteering to provide, as well as the need to guide them through the learning curve of it.

  • Agility0971@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    1 year ago

    “Installing APP does not require you to switch to it nor asking friends and family to use it. What it does is allowing them to reach out to you in a private way. By installing it you respect and support their choice of avoiding BAD_APP.”

    On the sidenote: Just recommend Signal. It uses phone number as identifier, easy to grow by using phone book, has good track record when glowies have a warrant and most importantly it’s stable. It has flaws (no sms, not saving chat history) but there are no other alternatives available yet that beat signal for normies.

    • umami_wasabi@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      They are using Signal. I want to switch to Matrix/Element because the new laws might make Signal (and other viable chat apps) unavailable in the UK anymore.

  • AnxiousDuck@feddit.it
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Bro I can’t even convince them to join me on Signal… It even syncs contacts w/ mobile number so it’s just a matter of downloading a stupid app and you’re set… I think one day I’ll be brave enough and just disappear from whatsapp.

    • calm.like.a.bomb@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I did this a few years ago. I set my status message to “Starting on [date] I’ll be available only on Signal/sms.” and that was it. A few frieds/family members moved, most of them not, but I don’t miss it a bit.

    • N-E-N@lemmy.ca
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      I basically forced everyone to message me on Signal & Telegram cause fuck Meta (people my age in Canada desperately wants to talk on Instagram for some reason)

    • umami_wasabi@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Don’t remind me of Signal. I spent lots of effort to convince them to switch, and ultimately defeated, not the app but me, because of a protest that people move toward a more secure communication system i.e. Signal, not more private.

  • kworpy@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    If they don’t want to then don’t continue trying to persuade them. Chances are they don’t care about privacy anyway, and even if they do, everyone has their own personal preferences.

  • shortwavesurfer@monero.town
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Not a lot really. Also, until element gets easier key management for encryption i wouldnt suggest it. I understand public/private keys and session verification and still can never restore matrix from backups without it saying “waiting for message” and it never decrypting even though all the keys imported fine. Its a PITA

    • palitu@lemmy.perthchat.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yeah, what’s with that?

      It is always a pain in the ass trying to explain that, but it never seems to get fixed

      • shortwavesurfer@monero.town
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        The biggest issue with matrix is that while the protocol is open and servers and clients can be built around it, the element client and synapse server are developed so quickly that nobody else can dream of keeping up. That is its own kind of vendor lock-in.

        • ReversalHatchery@beehaw.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Yes, but think about how slow development would be if they weren’t so fast. And even this way they are still very slow.

          Even if less and less, there are still dealbreaker years-old encryption issues, like that if someone joins an encrypted room, they won’t get the keys for the old messages even if history visibility is on the most permissive setting.
          Actually this is for security reasons, and as I understand encryption would be worthless the other way, as a server admin could add an account to the room which would get all the keys otherwise. A workaround to this (it was standardised recently) is that if you invite them from an element client (their client also needs support for this I think, as they have to use it at least for the initial join), your client will send them all the keys it knows, but I’m not sure if it will make only your past messages visible or all of those that you can see (at the point of invitation, so maybe it’s best to scroll back to the beginning of what you see for it to work best). They are also working on a real solution (they refer to it as the end of the linked proposal), I have seen work on that even this year, but they are working on so much things at the same time that it feels to me they’re getting nowhere.

          I often feel that even though alt impls can’t keep up, the organization is still starved for human resources. They need to do a whole lot of things at the same time, and of course that’s not possible, because everyone can work on only so few things at a time.
          They were often even bashed for serious mistakes and overlookings resulting from this (like the hackea writup), but it seems entirely plausible to me that in the past because of this lack of resources they just weren’t able to do things properly, and they have problems with admitting that with words even to themselves.