Hello fellow c/privacy members.
I’m not new to privacy related things but I had a hard time persuading my family members and friends to switch to Matrix/Element. It is a reponse to UK’s Online Security Bill and Investigative Powers Act that may soon in effect.
While it is just a preperation and planning in case those actually became law, I already face resistance from them. When I ask them would they switch, their first reaction is “Why one more app?” then follows with “That’s cumbersome.” or “I don’t want to learn a new app.” and suggest something more popular like Line, Telegram or Discord. Sometimes they would “Install WhatsApp because X is on there and he/she won’t install one more app just for you.”
What can I do to persuade them to use a new platform? Thanks in advance.
EDIT: I think I should elebroate more of what Online Security Bill and Investigative Powers Act does[1]. As far as I understand, OSB will break E2EE by require scanning data on client device, like CSAM but much more generic. IPA requires companies to submit security funcition to the government for approval before releasing, and disable such feature upon request. Apple[2], Single[3] and WhatsApp made the announancment of exiting the UK market totally or partically if two were signed into law.
[1] https://web.archive.org/web/thenextweb.com/news/uk-investigatory-powers-act-default-surveillance-devices-privacy
[2] https://web.archive.org/web/www.forbes.com/sites/emmawoollacott/2023/07/21/apple-threatens-to-pull-facetime-and-imessage-from-the-uk
[3] https://web.archive.org/web/20230809125823/https://www.bbc.co.uk/news/technology-65301510#2023-08-09T12:57:48+00:00
Just a reminder, telegram is NOT secure at all. Telegram is NOT end-to-end encryptes by default, and they are not disclosing this fact peoperly, which makes them untrustworthy and not a tool against growing online surveilance
I can’t confirm this. For me it runs smooth and without bugs. Calls with Element are sometimes better than calls with my mobile carrier.
But I don’t have the technical knowledge to understand why a backend in python is a bad thing. Maybe your experience with Matrix is biased because of this knowledge?
when did you experience this?
loading the web client also takes a lot of time (1-2 minutes) for me, but everything else is ok. even that is because of an API design problem, and they are already working to replace that bad decision
I’m planning to use Conduit[1] which is written in Rust instead of Synapse. I belive this will consume less resources but have no idea will it run smooth or not.
Afaik conduit is even more beta than denderite, personally I would not use it after seeing how buggy experience friends had with it
This paragraph is why you won’t convince friends and family to use Matrix. It’s still too technical for non-technical people.
I agree it is technical. However, considering if the laws are in effect, there might not be a secure option, let alone private. It means that all conversations might be under government’s watch. That’s why I’m looking for a self hostable option, that can make sure data is in my control.
I am open to considering alternatives, but the foundation of the plan is based on the assumption that apps commonly used for secure and private conversations, such as Signal, may become insufficiently secure and private due to potential future laws or the possibility of exiting the UK market. The preferred criteria for the chosen app are that it is open source, audited, or ideally, both.
Look, I once got everyone I know to switch to matrix (Riot, before element) and they depracated the client, made everyone redo their encryption keys, it was a huge mess. Nobody will ever listen to me ever again about a messaging app because of what new vector did with riot.
Matrix is too janky for people. Use something else. Simplex, signal, whatever.
Beyond that, the key is breaking this “one more app” mentality. Why is it so hard to have an app on your phone? These people would install the Starbucks app for a single free milkshake in a heartbeat. This expectation that everyone and everything can be done in one app is absurd, and it’s marketing by the big companies to lock people in when there’s no reason for it. your phone runs apps. What’s the big deal?
And that starts with you. make yourself available on multiple different messengers as possible. Don’t say “I use matrix”, youre being inflexible. Use everything that doesn’t collect your contacts and spy on you. Use telegram, but tell people telegram isn’t encrypted. I personally have matrix, XMPP, session, signal, simplex, telegram, and I even have a discord but I never use it. I fall back to email if I have to. Be flexible if you expect others to be, be available to communicate with in as many ways as you can privately to incentivize people to switch, give them options and let them pick.
Matrix is too janky for people. Use something else. Simplex, signal, whatever
This is the gist of it, yes. Setting up a Matrix account has several steps (e.g. backups, identity server, discovery) that are each complicated enough on their own to be deal-breakers for the vast majority of users. It’s just a non-starter for anyone who’s not a techie. It’s been around for many years but still has an absolutely terrible UX.
I wouldn’t dare to recommend it to anyone I know because I do not have the patience to walk them through it and explain it. It would cost me time, energy, and most importantly it would cost me social trust. Nobody would take me seriously anymore if I recommended something that is so user-unfriendly.
Signal is a pretty easy sell, on the other hand. It’s simple, it’s secure, and it works like any other messaging client. It’s not 800 steps to set up backups and discovery. I would prefer to use a decentralized platform, but I’m not investing into Matrix because IMHO, it has no future in the mainstream. I have a Matrix account but I don’t use it talk to anyone I know IRL, and I doubt I ever will.
Signal is only easier because it entirely ignores logging in on multiple devices. Maybe for some it is ok, but for me this is a huge dealbreaker, not an advantage.
If you dont set up key backups (an optional feature), its the same thing: with Signal, if you delete the app or lose your phone, all your messages are gone, along with your contacts that werent saved in your phone contacts and uploaded to a cloud service. If you use Matrix as you do with Signal, it works the same: you delete it, messages are gone. This is the default. But, you have the option to keep your messages.
Identity server? You dont have to use that, and I don’t either. You are not obliged to set up being discovered by outside identifiers. Like I don’t want people to find me by my phone number, as I don’t want to use my phone number, for anything, at all, and so I didn’t do that.
I see that on Signal, you always find people by their phone number, which you are required to hand in. On Matrix, you find people either by their handles (~username), or their phone number or email address if they have handed those in, voluntarily.
So with an indentity server you can make yourself discoverable by your phone number, and you must use one if you want that.
But I think there is a better solution (on the long term, at least): to forget about phone numbers altogether, when possible. Why would this be feasible? It is possible to store the handle in your phones contacts, with the standard “instant messenger” field. Contacts then are usually sharable in messaging apps, or with a QR code, and a lot of software generally understands this format, so you could use this to make your handle known.
By the way, identity servers and discovery is the same step, not 2 different one.
Perhaps this varies by server, or perhaps it’s changed since I signed up. When I signed up, I connected an identity server and then needed to go through a few extra steps to enable discovery by email address and phone number. IIRC my identity server did not support phone numbers at the time.
I greatly prefer service-specific usernames over phone numbers, and that’s a huge point in favor of Matrix. And I agree, Signal is ass-backwards when it comes to multiple devices.
I personally have matrix, XMPP, session, signal, simplex, telegram, and I even have a discord but I never use it.
I have Matrix, Session, Singal, Telegram, and Discord. Telegram is saldomly used and Discord is just subscribed to a bunch of game communities. Signal is threatened by OSB and IPA, which announced by them that they will get out of the UK market if those are in effect. Then left Matrix and Session, both not used by anyone.
I would like to be flexible but the reality is there are not much choices. Only XMPP which I don’t have, nor natively supports E2EE which varied by clients.
Look into JMP.CHAT. it’s XMPP, with a phone number that is gatewayed to PBX for voice, and can send/receive SMS.
I wish I can be this definitive but I couldn’t. Those connections are still needed, and most of the time is I need to talk to someone rather than the opposite.
Which is why I don’t like that advice. These connections are valuable, and people might want to talk to you but have other reasons why they won’t end up using the privacy focussed option only. It’s very hard to switch fully to something like Signal or Matrix, and this isn’t unique to privacy focussed chat apps either.
For me I talk to close friends and family on Signal, and that works because those are the people I have personal discussions with. For other friends that don’t really use Signal consistently, I’ve found that they still use Signal when they want to talk about something private. It’s a process, and I’m happy to put in a little bit of work while people I care about switch over.
and all the others say, “if you want to talk to me I’m on Facebook”
for them, problem solved
-
I set up a home server with a litany of bridges.
-
I show them all my chats from multiple platforms in one app.
-
They ask me for an account.
Got a how to for #1? Sounds like you hid a lot of complexity in that 1 step.
You can also try to find an instance that already does bridging. For Finnish citizens, pikaviestin.fi is a good option, but they don’t provide accounts to non-finns.
But no, I do not have a guide for setting this up. But you set up a homeserver, with a domain you can commit to, and once that is working, configure whatever bridges you like using their respective docs.
And yes, it is complex. Matrix is the most complicated thing I’ve ever self-hosted. But it wasn’t untenable, and it’s been very low maintenance.