I don't think that can be the full rationale behind whatever got it removed, if that were the case, they'd absolutely have removed Signal quite some time ago.
Not necessarily, I run a non-federated synapse (matrix protocol) server for intranet type use. It's in an environment where it has no connection to the wider internet at all.
The default matrix.org servers are federated.
In terms of what the default Element install presents to the user upon launch in its GUI, I think it does offer the 'official' matrix.org servers as a place to create an account and sign in, start browsing 'rooms'.
Your users still benefit from less centralization. The main matrix.org instance might ban them for whatever reason, but their access to your internal server is not touched. It's different if all of you used Signal or Discord and their account got banned e.g. for using an alternative client.
Signal Server has not seen updates for over 9 months. Moxie openly states that is not part of Signal's core values to support federation in the network.
IOW, even though they say they don't want to control your conversation, they do want you in their hands.
Why does any source code exist then? What is the point of GitHub with codebases that are 7+ years old? Would mass adoption of the outdated server force updates or god forbid a fork of the code base?
Please excuse me for being direct, I do not accept your defeatist attitude on this one. You won’t have stickers, such a shame, but you would have the ability to create your own signal service
If Signal was the only alternative to have an internal messaging tool, sure, it would make sense to invest time and money on it to keep it up.
But it doesn't. There are options. If I had to choose, I would rather invest this time and money to collaborate on the existing protocols that do have the goal of being fully open. Matrix and XMPP can do the things that I want and there are plenty of people working on them to overcome the present issues and challenges for mass adoption.
Why should I swim upstream by myself if there is no special reward for this kind of effort?
My grandma does not use any kind of phone, so it is going to be hard to get her to Element or Signal or anything.
However, my mother does use Element to talk with me and it wasn't that hard to help her download an app, tell her where to put the username and what is the name of the matrix server and quickly she was on her way to start a call and setup a room with the rest of the family where I share the pictures of her grandkids.
My users may not be nerds, but they are not stupid. They can learn.
Moxie is not friendly towards such third party clients that connect to the main network. Also, I only used it as an example. There might be other reasons for a ban. The point is that you don't depend on them.
And for the love of God, people should stop calling Signal secure as long as it is tied to a phone number. You cannot get a SIM card in my country without not having it tied to your ID card number, address, and so forth. You are not anonymous on Signal.
They can tell that you got a phone number and use signal. Apart from when you first and last used signal (timestamp), as in sent messages, that's about all the info signal has on you, and can provide. That sounds pretty good. Even if it is tied to a physical identity. The fact that your content is sufficiently encrypted and cannot be tied to your identity, even by signal, means what you say is anonymized.
> people should stop calling Signal secure as long as it is tied to a phone number.
Like nearly everything, "secure" is a spectrum and not binary. On that spectrum, Signal is overwhelmingly more secure than most messenger apps people actually use.
You are right, although as long as it is tied to me, it is not secure according to my definition, but sure, it is more secure than most instant messaging apps. I do not think it is a good thing to have my phone number, or even my e-mail tied to it when you can easily do it in another way. With e-mails the problem is that most have a thing against throwaway e-mails, and non-throwaway ones are difficult to sign up for using a VPN, let alone Tor, for example. It is still pretty much tied to you. There are so many ways to do it without using either of those. I suppose they may use those things as an anti-spam mechanism or something, but see below for an instant messaging app that does not require these and where DDoS attacks or spamming is not much of a concern. For the record, in Ricochet you got random IDs in the form of "ricochet:xxxxxxxxxxxxxxx". You share your Ricochet ID to be able to get a connection request.
To me, Ricochet is the most secure instant messaging app for desktop. It would be even better were it to use Onion v3, and if it were available on Android, but then again, I do not really consider my phone secure by default with all the Google crapware. I disabled the default Google keyboard and downloaded one that does not require Internet connection and that is not related to Google in any way. It is so silly that I cannot even delete any apps that came with my phone. So they say its storage capacity is 32 GB. Half of that is spent on crap that came with the phone, splendid. In any case, I am going off-topic here so... :)
haven't followed matrix implementation for a while. Last time I checked their e2ee was still not quite ready to deserve that name[1]. is it a solved problem now and is crypto used in matrix now truly e2ee so that it can be comparaed to Signal. Maybe I've missed the research papers suggesting otherwise but it seems comparing Signal w. Matrix is apples and oranges (even when just talking about e2ee and ignoring the centralized/federated aspects of the 2 technologies)
what is the actual state of matrix e2ee today? (or is that question silly because it depends what the individual matrix clients chooses to implement).
I'm extremely excited about having a federated e2ee messenger, however as a "Lawful-Intercept" realist, I don't have a lot of hope that it will not get forced to comply with current EU regulation proposals, that prevents Matrix from fulfilling its promise as fully e2ee. (e.g. the future that we're heading to in the EU is the same as 5/9-eye countries: there will be a "legal" way of encryption and another one that is illegal, all depending if access can be given to 3rd parties / LE...)
So that article talks about third party clients - third party e2ee support has gone from "basically none" to "a few clients". It's complaints for the official client is that e2ee is opt in (not anymore), fingerprints are shown base64 rather than base10 (a: who cares, b: there's an emoji encoded display now for shorter user recognisible fingerprints) and that it warns about being in beta (it isn't anymore).
> e.g. the future that we're heading to in the EU is the same as 5/9-eye countries: there will be a "legal" way of encryption and another one that is illegal, all depending if access can be given to 3rd parties / LE...
Why do you say there will be, as if the future is predetermined? Perhaps we should re-evaluate that and help prevent it from happening instead of complacently stating something as if it is a foregone conclusion?
Your words matter here. The way you are using them is helping materialize the future you do not want.
Signal can at least in principle censor user content, because they control both server and clients. (And they do, for example you can "delete" your messages that are stored on other clients.)
With Matrix you have the choice to use whatever server or client you like, which makes it difficult to censor.
> Signal can at least in principle censor user content, because they control both server and clients.
But given E2E and the Sealed Sender[0] functionality, they could only suppress messages based on the recipient's user ID, not based upon message content or the sender's ID. This all or nothing approach is a rather ineffective method of censoring – it basically just amounts to banning a user account. I wouldn't even call it censoring in the first place as that term, at least to me, refers to a more selective and refined approach.
> (And they do, for example you can "delete" your messages that are stored on other clients.)
This has nothing to do with censoring and nothing to do with Signal controlling "both server and clients". The Signal developers simply extended the protocol to include "delete" requests for previously sent messages. The client app still needs to implement the actual deletion, though. You could easily compile the Signal app yourself with that functionality removed and then nothing would get deleted from your message history anymore.
I mean, sure, 99% of users are not going to do this. But this is no different in the case of Matrix, where most people just download the default apps like Element from the app store.
So I don't even understand what your statement
> they control […] clients
is supposed to mean. Yes, they write the source code. So? Someone has to produce and maintain the source code and whoever does it will obviously be in a position of power. Producers are always going to decide what they produce. Consumers don't get a say in this – unless they become producers themselves (and in case of open-source software) adapt the product to their needs. Again, this is nothing new and is the case with Matrix, too.
