this post was submitted on 09 Aug 2023
90 points (95.0% liked)

Privacy

32130 readers
503 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hello fellow c/privacy members.

I'm not new to privacy related things but I had a hard time persuading my family members and friends to switch to Matrix/Element. It is a reponse to UK's Online Security Bill and Investigative Powers Act that may soon in effect.

While it is just a preperation and planning in case those actually became law, I already face resistance from them. When I ask them would they switch, their first reaction is "Why one more app?" then follows with "That's cumbersome." or "I don't want to learn a new app." and suggest something more popular like Line, Telegram or Discord. Sometimes they would "Install WhatsApp because X is on there and he/she won't install one more app just for you."

What can I do to persuade them to use a new platform? Thanks in advance.

EDIT: I think I should elebroate more of what Online Security Bill and Investigative Powers Act does[1]. As far as I understand, OSB will break E2EE by require scanning data on client device, like CSAM but much more generic. IPA requires companies to submit security funcition to the government for approval before releasing, and disable such feature upon request. Apple[2], Single[3] and WhatsApp made the announancment of exiting the UK market totally or partically if two were signed into law.

[1] https://web.archive.org/web/thenextweb.com/news/uk-investigatory-powers-act-default-surveillance-devices-privacy
[2] https://web.archive.org/web/www.forbes.com/sites/emmawoollacott/2023/07/21/apple-threatens-to-pull-facetime-and-imessage-from-the-uk
[3] https://web.archive.org/web/20230809125823/https://www.bbc.co.uk/news/technology-65301510#2023-08-09T12:57:48+00:00

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 48 points 1 year ago (2 children)

Just a reminder, telegram is NOT secure at all. Telegram is NOT end-to-end encryptes by default, and they are not disclosing this fact peoperly, which makes them untrustworthy and not a tool against growing online surveilance

load more comments (2 replies)
[–] [email protected] 24 points 1 year ago* (last edited 1 year ago) (5 children)

Look, I once got everyone I know to switch to matrix (Riot, before element) and they depracated the client, made everyone redo their encryption keys, it was a huge mess. Nobody will ever listen to me ever again about a messaging app because of what new vector did with riot.

Matrix is too janky for people. Use something else. Simplex, signal, whatever.

Beyond that, the key is breaking this "one more app" mentality. Why is it so hard to have an app on your phone? These people would install the Starbucks app for a single free milkshake in a heartbeat. This expectation that everyone and everything can be done in one app is absurd, and it's marketing by the big companies to lock people in when there's no reason for it. your phone runs apps. What's the big deal?

And that starts with you. make yourself available on multiple different messengers as possible. Don't say "I use matrix", youre being inflexible. Use everything that doesn't collect your contacts and spy on you. Use telegram, but tell people telegram isn't encrypted. I personally have matrix, XMPP, session, signal, simplex, telegram, and I even have a discord but I never use it. I fall back to email if I have to. Be flexible if you expect others to be, be available to communicate with in as many ways as you can privately to incentivize people to switch, give them options and let them pick.

[–] [email protected] 10 points 1 year ago (1 children)

Matrix is too janky for people. Use something else. Simplex, signal, whatever

This is the gist of it, yes. Setting up a Matrix account has several steps (e.g. backups, identity server, discovery) that are each complicated enough on their own to be deal-breakers for the vast majority of users. It's just a non-starter for anyone who's not a techie. It's been around for many years but still has an absolutely terrible UX.

I wouldn't dare to recommend it to anyone I know because I do not have the patience to walk them through it and explain it. It would cost me time, energy, and most importantly it would cost me social trust. Nobody would take me seriously anymore if I recommended something that is so user-unfriendly.

Signal is a pretty easy sell, on the other hand. It's simple, it's secure, and it works like any other messaging client. It's not 800 steps to set up backups and discovery. I would prefer to use a decentralized platform, but I'm not investing into Matrix because IMHO, it has no future in the mainstream. I have a Matrix account but I don't use it talk to anyone I know IRL, and I doubt I ever will.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (3 children)

Signal is only easier because it entirely ignores logging in on multiple devices. Maybe for some it is ok, but for me this is a huge dealbreaker, not an advantage.
If you dont set up key backups (an optional feature), its the same thing: with Signal, if you delete the app or lose your phone, all your messages are gone, along with your contacts that werent saved in your phone contacts and uploaded to a cloud service. If you use Matrix as you do with Signal, it works the same: you delete it, messages are gone. This is the default. But, you have the option to keep your messages.

Identity server? You dont have to use that, and I don't either. You are not obliged to set up being discovered by outside identifiers. Like I don't want people to find me by my phone number, as I don't want to use my phone number, for anything, at all, and so I didn't do that.
I see that on Signal, you always find people by their phone number, which you are required to hand in. On Matrix, you find people either by their handles (~username), or their phone number or email address if they have handed those in, voluntarily.
So with an indentity server you can make yourself discoverable by your phone number, and you must use one if you want that.
But I think there is a better solution (on the long term, at least): to forget about phone numbers altogether, when possible. Why would this be feasible? It is possible to store the handle in your phones contacts, with the standard "instant messenger" field. Contacts then are usually sharable in messaging apps, or with a QR code, and a lot of software generally understands this format, so you could use this to make your handle known.
By the way, identity servers and discovery is the same step, not 2 different one.

load more comments (3 replies)
load more comments (4 replies)
[–] [email protected] 14 points 1 year ago (1 children)

Easier to get new friends and family who are already there

load more comments (1 replies)
[–] [email protected] 14 points 1 year ago (3 children)

You could buy them a drink to install it. That's how I got my family onto Signal. I also got my GF onto Element, but she's also obligated to put up with my shit

[–] [email protected] 3 points 1 year ago

Goals🤩

As some would phrase it

[–] [email protected] 2 points 1 year ago

I wish it can be that simple.

load more comments (1 replies)
[–] [email protected] 14 points 1 year ago (2 children)
  1. I set up a home server with a litany of bridges.

  2. I show them all my chats from multiple platforms in one app.

  3. They ask me for an account.

[–] [email protected] 7 points 1 year ago (2 children)

Got a how to for #1? Sounds like you hid a lot of complexity in that 1 step.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

You can also try to find an instance that already does bridging. For Finnish citizens, pikaviestin.fi is a good option, but they don't provide accounts to non-finns.

But no, I do not have a guide for setting this up. But you set up a homeserver, with a domain you can commit to, and once that is working, configure whatever bridges you like using their respective docs.

And yes, it is complex. Matrix is the most complicated thing I've ever self-hosted. But it wasn't untenable, and it's been very low maintenance.

[–] [email protected] 2 points 1 year ago
[–] [email protected] 13 points 1 year ago (1 children)

Sorry to break it to you, but Matrix is (for all practical purposes) run by a UK based company. If you are concerned about UK legislation, they are one of the worst to switch to as they will likely have little choice but to comply.

Better use XMPP, which is fully independent of any single company running everything behind the curtains.

[–] possiblylinux127 13 points 1 year ago (1 children)
[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (13 children)

Which is 100% controlled by the Matrix Foundation (and not an international standard like XMPP), which in turn is near 100% controlled by a single UK based company (Element/New Vector). Which makes the distinction between the company and the protocol absolutely moot. I wish it was otherwise.

[–] possiblylinux127 5 points 1 year ago (2 children)

That's not really true though. If the Matrix foundation, element or any other party does something scketchy just fork it

load more comments (2 replies)
[–] [email protected] 4 points 1 year ago (4 children)

You don't need to speculate what they're doing. It's entirely open source, and you can validate every line of code they're putting in. Is there any actual parts of the matrix protocol or app you're specifically warning against, or are you causing general FUD?

Again, we don't need to speculate, the entire platform is open source from server to client, so if there's an issue with legislation then you can see it reflected in the code.

load more comments (4 replies)
load more comments (11 replies)
[–] [email protected] 10 points 1 year ago

I'm in the process of trying to convince my company to switch to Matrix. I've setup a test server and the execs are tepidly giving it a whirl.

The problem is, we use Teams, Microsoft has its proverbial foot in our door, people are used to Teams and don't really want to switch, and the company doesn't care enough about privacy and data sovereignty to overcome the inertia and the learning curve.

They listen politely to my arguments and they agree that it would be better if Microsoft didn't get all our data, but ultimately they really don't care at all.

[–] [email protected] 9 points 1 year ago

You don't persuade them. They've already made their decision. Now you have to make yours. Their reasons for not wanting to switch are just as valid as yours for wanting to.

So, you either switch and accept that some of the people in your life don't actually care enough to come with you, or you're the one that has to adapt to multiple apps to communicate with others. That's really what it boils down to. Most people don't care about the matter, and there's a segment of people in most of our lives that don't care about us if there's any inconvenience involved.

Some of them made alternate suggestions, which means they're willing to go through some inconvenience for you, just not the specific inconvenience of having an app that only you and they will be using.

Despite now having storage space for multiple messaging apps, people resist the idea of having more than whatever arbitrary number they've decided doesn't work. In some cases, that number may be one. And the truth is that remembering who is connected via what app/service is a pain in the ass if there's enough people in your life. Some people can't handle that memory issue and are just going to refuse outright out of necessity.

So, stop trying to change their minds and seek compromise. If they're willing to switch to telegram, you can at least have some degree of encryption, so go with that for anyone that's expressed willingness. Let that core group become the reason for anyone else to join in.

Unless you just want to play hardball and refuse to communicate with anyone on anything but your choice. There will be some that cave and join in. But you'd be amazed how many people and which people don't really want to talk to you enough to do so. But you'll have a small group of people that are now using it with you. You'll have to help them get set up, and be prepared for the inevitable tech support you're volunteering to provide, as well as the need to guide them through the learning curve of it.

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago) (2 children)

"Installing APP does not require you to switch to it nor asking friends and family to use it. What it does is allowing them to reach out to you in a private way. By installing it you respect and support their choice of avoiding BAD_APP."

On the sidenote: Just recommend Signal. It uses phone number as identifier, easy to grow by using phone book, has good track record when glowies have a warrant and most importantly it's stable. It has flaws (no sms, not saving chat history) but there are no other alternatives available yet that beat signal for normies.

load more comments (2 replies)
[–] [email protected] 6 points 1 year ago (3 children)

Bro I can't even convince them to join me on Signal... It even syncs contacts w/ mobile number so it's just a matter of downloading a stupid app and you're set... I think one day I'll be brave enough and just disappear from whatsapp.

[–] [email protected] 4 points 1 year ago

I basically forced everyone to message me on Signal & Telegram cause fuck Meta (people my age in Canada desperately wants to talk on Instagram for some reason)

[–] [email protected] 4 points 1 year ago

I did this a few years ago. I set my status message to "Starting on [date] I'll be available only on Signal/sms." and that was it. A few frieds/family members moved, most of them not, but I don't miss it a bit.

[–] [email protected] 2 points 1 year ago

Don't remind me of Signal. I spent lots of effort to convince them to switch, and ultimately defeated, not the app but me, because of a protest that people move toward a more secure communication system i.e. Signal, not more private.

[–] [email protected] 4 points 1 year ago

If they don't want to then don't continue trying to persuade them. Chances are they don't care about privacy anyway, and even if they do, everyone has their own personal preferences.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

[This comment has been deleted by an automated system]

[–] [email protected] 3 points 1 year ago (4 children)

Not a lot really. Also, until element gets easier key management for encryption i wouldnt suggest it. I understand public/private keys and session verification and still can never restore matrix from backups without it saying "waiting for message" and it never decrypting even though all the keys imported fine. Its a PITA

load more comments (4 replies)
[–] possiblylinux127 3 points 1 year ago (1 children)

I've actually looked at matter most as an alternative

load more comments (1 replies)
[–] [email protected] 3 points 1 year ago

i tried and i failed. not because my friends didn't want to switch, but because the software is hillariously bad. problems with the encryption left and right, smaller instances having downtimes multiple times a week (what's the use of a federated service if anyone only uses the same one server?), buggy clients - after a few months we shut it down and moved to threema for groupchats.

load more comments
view more: next ›