Comment by lolinder
1 year ago
> It's the only messaging app where messages are stored on the cloud.
Besides Slack and Discord and Teams and whatever the heck Google has these days and iMessage and...
I think you mean it's the only messaging app that purports to have a focus on security where messages are stored in the cloud, which is true, but also sus. There's a reason why none of the others are doing it that way, and Telegram isn't really claiming to have solved a technical hurdle that the E2E apps didn't, it's just claiming that you can trust them more than you can trust the major messaging apps.
Maybe you can and maybe you can't, the point is that you can't know that they're actually a safer choice than any of the other cloud providers.
Matrix also keeps your message on the server. Except you can run your own server. And the messages are end to end encrypted. And you can keep a proper backup of the keys.
Granted it can be clunky at times, but the properties are there and decentralised end to end encrypted messaging is quite and incredible thing. (Yes, Matrix nerds, it's not messaging per se it's really state replication, I know :))
As you alluded to, Matrix has really horrible UX. Telegram is meant to be easy for the many to use: finding content in chats or even globally across public channels for example is intuitive and snappy because their server does the heavy lifting. That's a huge sell for many, myself included.
Well, ux aside, he disproves that you can't have synced messages with e2ee
My Matrix messages are, I presume, not encrypted, because every device I have prompts me to sign this device's keys with the keys of another device (which doesn't exist) and the option to reset the encryption keys and lose access to old messages doesn't work either (it just crashes Element).
You can enable it on a per chat basis.
3 replies →
Doesn’t Matrix replicate all chat metadata to any linked federated servers?
>it's just claiming that you can trust them more than you can trust the major messaging apps.
All the cool kids in the block eliminated the need to trust the provider decades ago. PGP: 33 years ago, OTR 20 years ago, Signal 14 years ago.
You have to trust the provider with signal; they are fiercely anti-third party clients, control the network and have released version of the code that are not tracked by sources- in extreme cases we’re aware of years old code being in there (mobile coin for example).
Signal evangelicalism needs to halt, you mean the Whisper protocol.
I don't completely agree. I am perfectly fine with there being multiple options for various use cases. Signal has its place. So does Telegram for that matter. Even Whatsapp..
That said, what I would love to see ( and likely won't at this point ) is the world where pidgin could exist again, because everyone is using some form of sensible standards that could be used.. right now it is mostly proprietary secret mess of things.
And don't get me started on convincing anyone in group to moving from one ecosystem to another. Fuck, I just want email for chat that is not owned by one org.. Is it really so much to ask ( it is rhetorical, I know the hurdles are there and only some deal with human nature )?
1 reply →
You have to trust the platform with the metadata, but the actual E2E encryption of the messages is something you can personally verify if you cared to.
1 reply →
No serious project wants to collaborate with a bunch of hobbyist projects who may or may not keep their code up-to-date. Years ago, the Matrix ecosystem was a prime example of even basic features like end-to-end encryption being in many cases missing.
Having a single client gives you insane boost to security agility over decentralized alternatives.
Feel free to strive towards functional decentralized ecosystem that feels as good to use, then switching will be a no-brainer.