this post was submitted on 02 Nov 2023
99 points (96.3% liked)

Privacy

31809 readers
365 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I recently saw Alex's video about XMPP and I got curious.

I am using Element and Schildichat a bit, trying Element X and curious about the new Development here. It seems vibrant, they rewrite stuff in rust, the Apps are fancy and all.

But I tried Conversations and it seems based too, has transparent encryption, it is damn fast, usable, supports groups and files and all. Probably doesnt use the latest fancy Android SDKs but it seems solid.

I was surprised about how fast it was, as Matrix drastically varies per server. But also I found many dead communities, and in general I dont see XMPP at all, while many Projects (if not using Discord, bruh...) have a Matrix room.

How secure is OMEMO in todays standards? Or OpenPGP, compared to Matrix or Signal Encryption? I heard it also has rotating keys and all.

There are other things, like permission systems, chosen federation, privacy, bridge support and more, that are interesting. Are there advanced modern WebUIs for XMPP you like?

I saw that it uses up waaay less resources, why is that? Really, is "simply encrypted mail" somehow worse in an important way?

Similar to IRC, where I never found nice usable apps for my taste, I thought XMPP was deprecated, but that doesnt seem so?

What can you tell me about XMPP, is it modern, secure, privacy friendly?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 1 year ago (2 children)

Sorry, but nothing you mentioned has anything to do with Matrix not being an open protocol. I don't know what you mean by "truly open". It sounds like a "no true Scotsman" argument.

The spec is absolutely open, and you can see it in what I linked. There are also several servers and several clients if you don't like one written by the Matrix or Element folks. Heck, there's even a client for emacs! Now there are compatibility issues since not every server and client implements the entire protocol yet, but that's not an issue of openness. I used to run into problems all the time with XMPP way back when for similar reasons. I even recall something about Google breaking the XMPP protocol in some ways and causing problems.

I'm not even sure your claim of VC funding is true, since the faq mentions several non VC sources of funding. I couldn't find anything about VC at element.io, so maybe it's hidden there, or something has changed a matrix.org?

Still, discussion about not liking their business model is orthogonal to whether the protocol is open or not. Maybe we run the risk of them pulling a HashiCorp and changing some licensing down the road, which would be terrible. But I think it's dishonest to say it's not open.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (2 children)

Try contributing to the Matrix specs. It literally has a paywall (only contributing foundation members can do it) and basically any proposal that does not further the business goals of Element gets shot down by the overwhelming majority of Element employees or affiliates on the Matrix foundation board.

So while the protocol is open to use, it does not really fulfill the typical requirement of openess in so far that it is also open for contributions and changes.

This is totally different from the truly open standardisation process for XMPP where anyone can contribute freely and no single company dominates the process.

Edit: the VC funding is for Element / New Vector, but that company fully controls the Matrix Foundation.

[–] [email protected] 6 points 1 year ago (1 children)

no? anyone can send a spec proposal here. After discussion and implementation, it may well be accepted.

[–] [email protected] -3 points 1 year ago (2 children)

Sure, you can beg them to consider your proposal, but I hope you do realize that this isn't the same as an open standardization process, right?

[–] [email protected] 6 points 1 year ago (1 children)

sorry, goalpost moving isn't my favorite sport

[–] [email protected] 1 points 1 year ago

The original objection was about it not being and "open protocol", which is not the same as having the source code of an implementation under an open source license.

That Matrix isn't an open protocol has always been one of the core objections against it. This isn't moving goal-posts, and if you fail to understand the original objection then why are you even commenting on it?

[–] [email protected] 5 points 1 year ago (1 children)

What is an open standardization process?

[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 3 points 1 year ago (1 children)

This is xmpps open standardization process. Its good. Its also similar to matrix in that you propose and people comment on it. They both have the core elements needed to be an open standardization process. So stop gatekeeping.

[–] [email protected] 2 points 1 year ago (1 children)

No you fail to see the vital difference that the Matrix Foundation process is only open to paying members and that a single for-profit company is currently absolutly dominating the Foundation board that has the final say.

On the XSF anyone can easily become a member and get voted in a fair democratic election into the council. I know that several members are just community members with no corporate backing and they have the same if not more weight in the decision making as everyone else.

[–] [email protected] 2 points 1 year ago (1 children)

Then outline the ways they are different and source it.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I just did, and you can look up the how little oversight and accountability there really here: https://matrix.org/membership/

To look up who the guardians and core spec team is you can scroll to the bottom here: https://matrix.org/about/ (Note that basically all of them are very closely affiliated the Element the for-profit company).

Tl;dr the Matrix Foundation is a sham to hide that Element the company calls all the shots and has no interested at all in an truly open standards process.

[–] [email protected] 5 points 1 year ago (1 children)

So is the Linux kernel not open because code has to go through review and may be rejected?

Is Gnu software not open because you have to sign over copyright or may have code rejected for ideological reasons?

Guido van Rossum was BDFL of Python until recently and had pretty much final say on anything that went into the langauge. So I guess Python isn't open?

Hopefully the XMPP Standards Foundation doesn't just blindly merge in every pull request that comes their way! I'm sure there have been plenty of people that had to beg and still had their proposal rejected.

You may not agree with the decisions being made about Matrix, but that doesn't mean it's not an open protocol or an open process. In fact it's extremely transparent as another commenter linked to their proposal pull requests on GitHub.

There's plenty to criticize about Matrix. It may be overly complicated and over-engineered. If there is significant VC involvement, then the threat of enshittification is very real. Element is also quite slow in larger rooms and the search is pretty terrible at the moment.

But, it's dishonest to say it's not open. I just don't want other readers to think it's somehow closed, when it isn't. Discord is closed. Slack is closed. Matrix is not.

Also, while being open is a good thing, it's not a virtue unto itself. Visual Studio Code is an open editor but I stay away from it because I don't trust Microsoft to not fuck it up. Likewise Chromium is open but I stay away from it because I trust Google even less.

[–] [email protected] -3 points 1 year ago (1 children)

You do not seem to understand the difference between source code of an implementation and the protocol specifications themselves.

I think you need to read up on that first before we can continue this discussion.

[–] [email protected] 4 points 1 year ago (1 children)

Sorry, but that's a bit of a rude conclusion to come to considering you know nothing about me or the fact that I've been writing software for over 20 years.

Anyway, I think we've both said our piece and I'm happy to just disagree. You seem like a cool person and I'd rather not have us get upset over semantics.

Take care! :)

[–] [email protected] -1 points 1 year ago

No hard feelings and I didn't mean to be rude, but this was a rather factual observation.

What you are saying is basically because you have 20 years experience of driving a taxi you know how to operate a train service. Those are just two totally different things.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

I think some people don't give any room to breathe to projects that just want major contributors be paid, even when, as you rightfully say, XMPP had the same compatibility struggles in its infancy as Matrix implementations now have.

So far, there is a lot of FUD around newer protocol and that it lacks in openness. But if you look again, it recognizes versions and differences between them in the specification. Every MSC proposal covers the context of change and recommendations to implement, while keeping backwards-compatibility with older software in mind. If you make a proposal, it will be reviewed. If you need someone else besides Spec Core Team members to move it forward, flag to you - fork. But I rather prefer this model in upstream than beating around the bush and electing someone who might have lost an idea of why they are still in the project.