I have found someone who can (and will) set up a server for me with an installation of Matrix/Synapse/Riot. I am not tech enough to know, but I am curious so I will ask in case anyone here has the knowledge to make a judgement on this…
What would be more secure and private? Wire, or Matrix self-hosted?
(I would throw SIgnal in, but that’s a moot point because Signal wants my phone number and ain’t NEVER gettin it :D)
Welcome to the community, Stan!!
Thanks.
I also just found “Silent Phone”. It’s Android and iOS only and I want a desktop machine app ideally, but in case anyone has any knowledge of it i thought i would mention it,.
Oh, it’s by Silent Circle? I like them! You mean this, right? https://play.google.com/store/apps/details?id=com.silentcircle.silentphone&hl=en
And what’s the alternative to a messenger app having your phone number? Does Matrix/Riot ask for it as well? (I forget; haven’t used it for some time.)
Most don’t need a phone number. Have you heard of email? 
Wire is nice, no phone number. Hell even Skype didn’t need my phone number!
You already asked that 
Do you trust them absolutely? They will probably need to keep maintaining it unless you will step in at that point and they will have access to the messages (even if E2EE ones are unreadable) and they could do a mistake or be malicious or…
If you click advanced settings and erase identity server in Riot, you will not have to enter phone not email. (And if you did, you would receive error about the identity server, same if the identity server went down as it’s centralized.)
Wire also allows registration by email insteadof a phone number.
By the way, I think there have been a lot of chats in this thread and some of them aren’t related to Wire. I wonder if there are some buttons I should click to move some to other topics, possibly new ones so this would be more clear for new readers.
I guess you’re right - conversations tend to go off on tangents sometimes, you know? StanTheMan had mentioned Silent Phone - perhaps there should be a thread about that.
Good question Mikaela - and yes I definitely do. Having said that, I would still rather run it myself, but I have some serious learning to do first. I could ask them to start it, and then take over as my education allows
Side note (at risk of going in a tangent again) - Makaela you speak quite highly of XMPP on your personal page and on some of these threads. It always seemed too complicated but IF it can audio/video calls, I might take a look at it as I just found Conversations.im and they seem to explain it a bit easier. I THINK I am right in saying all I need to do is:
Sign up for XMPP account
Choose a client for each device (Aium for Mac, for example)
Sign in and chat, untick OTR logs so no logs are stored
And I THINK that would mean it’s probably even more private/secure than Matrix/Riot. Would you agree with that, or no? thanks as always.
Did you see this page?
https://xmpp.org/getting-started/
XMPP can do voice/video, but not all the clients can and it’s somewhat rare featue. I have heard that Atalk can do it, but I just received a screenshot of issue with it disabling all media features.
I am under impression that it collects less data than Matrix and has actual storage periods for things like logs instead of e.g. keeping deleted file uploads in the database forever.
Interesting thanks! Maybe I will just skip over Matrix and go to XMPP. More research to do first, mainly on features as Matrix may well take the biscuit there.
OMEMO - Oh yes, I heard that’s a much better system to use too, so I would be happy to use that.
Shoot me a PM sometime. This is something I’m strongly considering starting in the next months: Turnkey hosting Mastodon, Matrix, XMPP, Discourse, […]?
As far as I see on wire.com, Wire’s no longer free software, all the plans are paid-for.
Why it’s still listed on PrivacyTools.io?
It’s not super clear to find but here’s a link to it: https://wire.com/en/products/personal-secure-messenger/
It’s in the footer called “Wire Personal.”
Thanks for the prompt response. Indeed, there’s, just not too obvious.
I wonder, how many people tried to build and use their own Wire server, out of source?
I think it not federating doesn’t encourage many into trying that.
Discussion has been mainly going on at
And a delisting issue was raised at
https://github.com/privacytoolsIO/privacytools.io/issues/1488
Hmm it does look interesting. It looks like they haven’t open-sourced any software nor conducted any security audits though. I can’t find anything about their E2EE other than:
…all exchanges are end-to-end encrypted by the open source WebRTC protocol used for peer-to-peer multimedia and data exchanges. - https://twin.me/en/support/twinme-protect-data/
I also see in their privacy policy this interesting bit:
We will share the information we have with entities outside of Twinlife if we have a good faith belief that access, use, preservation, or disclosure of the information is necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request;
- enforce applicable Terms of Service, including investigation of potential violations;
- detect, prevent, or otherwise address fraud, security, or technical issues;
- protect against harm to the rights, property, or safety of Twinlife, our users, or the public as required or permitted by law.
And regarding point 2 their ToS states:
you are responsible for ensuring that you do not submit material that is:
- copyrighted, protected by trade secret or otherwise subject to third party proprietary rights, including privacy and publicity rights, unless you are the owner of such rights or have permission from their rightful owner;
- a falsehood or misrepresentation;
- offensive, unlawful, harmful to minors, obscene, defamatory, libelous, threatening, pornographic, harassing, hateful, racially or ethnically offensive, or that encourages conduct that would be considered a criminal offense, gives rise to civil liability, violates any law, or is otherwise objectionable;
- an advertisement or solicitation of business; or
- impersonating another person.
But it seems like they store minimal user metadata so maybe there isn’t much to disclose 
And I’m wondering how they’d enforce these terms if contents are supposed to be E2EE. Also worth noting, they do have an interesting biz model:
Twinme business model is based on licensing its ethical relationships model based on anonymous opt-in/opt-out to create and service communities around specific subjects of interest (e.g., brands) or content delivery media (e.g., music or video). Clients and their contents providers can enter into personal relationships and yet, each decides at any time how much he/she wants to expose to the other, or stop the relation.
Such a disruptive foundation for interacting online between products and consumers without intermediation, coupled with conversational commerce enabled by twinme chatbot technology, are at the roots of our business model, based on direct consumer conversations (like in a real shop), as an alternative to big data analysis of their private personal behavior.
