undefined

points

[-]

You can try to self-host. Neither Synapse nor Dendrite is in a good state for running a server. I tried Dendrite for a while and it was always playing catchup to Synapse, despite being the supposed successor, and is now not even under development? I can't even tell what's going on over there.

Anyway, my main experience of Matrix is "failed to decrypt message". It's... not great. I wish it were better.

by Bender6 hours ago|

prev|

[-]

unlike IRC

There are a few IRC clients that support OTR. irssi-otr is one [1] weechat-otr is another [2]. Pidgin though I have not used it in a very long time. Hexchat using an always work in progress plugin. There may be others.

OTR could use some updates to include modern ciphers similar to the recent work of OpenSSH but probably good enough for most people.

E2EE aside having chat split up into gazillions of self hosted instances makes it much harder for chat to be hoovered up all in one place. It takes more effort to target each person and that becomes a government scalability issue. Example effort: [3]

[1] - https://github.com/cryptodotis/irssi-otr

[2] - https://github.com/mmb/weechat-otr

[3] - https://archive.ph/4wi5t

by progval5 hours ago|

parent|

[-]

Links 1 and 2 have not had updates in 10 and 8 years respectively, they probably don't even compile anymore. They implement OTRv3 which was published in about 2005 and uses 1536-bits primes. As far as I know, neither the protocol nor the implementations were audited (and especially not audited recently). This is not good encryption at all.

Additionally, OTRv3 does not allow multiple clients per account, which makes it unusable for anyone who wants to chat from two devices.

by Bender4 hours ago|

parent|

[-]

I use link [1] all the time. It comes pre-compiled for many Linux distributions but not installed by default. And yeah like I said it needs cipher updates like was recently performed in OpenSSH. HN has a handful of cryptographic nerds that could update OTR in their sleep if they so desired maybe even rewrite in Rust but being cryptographic nerds they probably have no need. If the same is true with cryptographers as is with car mechanics and plumbers they probably only use plain text as mechanics have broken down cars in their yards and some plumbers have old leaky pipes due to burn out.

by drnick15 hours ago|

prev|

[-]

> Practically speaking, that means that people and organisations running a Matrix server with open registration must verify the ages of users in countries which require it.

Practically speaking, I would just ignore this requirement. The UK government has no jurisdiction on this side of the pond.

by digiown3 hours ago|

parent|

[-]

Oops your plane had some issue on its way to a different European country and now has to make an emergency landing at Heathrow.

https://en.wikipedia.org/wiki/Ryanair_Flight_4978

by drnick12 hours ago|

parent|

[-]

That's assuming UK authorities can even identify who is operating the Matrix instance. At the very least this assumes that a warrant is served to the registrar and/or the owner of the server/VPS in the correct jurisdiction, and that obfuscation measures were not taken by the operator. All of this will probably go nowhere.

by ThrowawayTestr4 hours ago|

parent|

prev|

[-]

That's fine if you never intend to visit the UK

by wolvoleo5 hours ago|

prev|

[-]

IRC is also most commonly used for open servers where anyone can join whenever they want to without as much as needing to register for an 'account'! You just pick a nickname out of thin air and off you go.

In that kind of environment, end to end encryption really doesn't add value.

by cuillevel35 hours ago|

parent|

[-]

The IRC admins can read all your messages, be it to a channel or to another user.

Even without registering my nick, I would expect a modern protocol to keep my pm communication private by default.

by direwolf205 hours ago|

parent|

[-]

How will you verify who you're talking to?