Memes @lemmy.ml tsugu @slrpnk.net 8mo ago

Chat Apps

I use the apps my friends use but it gets tiring to keep up with so many.

319

You're viewing a single thread.

319 comments

Matrix and bridges
- Only if you tell your contacts about it, and explain to them what a bridge does
  
  Why?
  
  Take Signal to Matrix for example. They use different encryption protocols, which means a message sent from one end has to be decrypted, and then re-encrypted with the protocol of the recipient before they can actually receive it.
  
  So basically, your encryption is not very e2e anymore, and the fact that someone can set this up, effectively giving encryption keys to a third party without their contacts being able to do anything about it is pretty fucked.
  
  Oh, and different TOS between different services also come into play.
  
  So if you do this, at least tell your contacts about it, so they can make an informed decision about whether or not that's okay for them.
  
  Just self host the bridges. I mean if you trust your phone more than your server, this won't help.
  
  Do whatever you want, but again, make sure your contacts can make an informed decision about it.
  
  I bet none of my contacts made an informed decision about which chat app they are using. I don't think that this really bothers one of them. Most of them do not know, what the difference between Insta-pms and Whatsapp even is, as far as security and privacy are concerned. And from my point of view I don't know it detailed enough too. Making an informed decision about a closed source software and as a non technical person is not as easy as you may think. At least from my point of view.
  
  You're hitting the nail directly on the head.
  
  Not knowing what's going on being a bad thing is precisely my whole point
  
  Meh. For many people, software research is an impossibly high barrier for entry because of years of FANG brain rot.
  
  If I own the bridge, nobody but me is accessing the message.
  
  Yup, this is what I do.
  
  They use different encryption protocols
  
  It's worse: they use different content format.
  
  So basically, your encryption is not very e2e anymore, and the fact that someone can set this up, effectively giving encryption keys to a third party without their contacts being able to do anything about it is pretty fucked.
  
  Run bridge yourself. Fun fact: you can run your server without federation to only use bridges, so on your phone you would need only two instances of matrix client. Or one if you run with federation.
- XMPP & Gateways

319 comments