Managed hosting for IM/VoIP services

I was thinking about IM/VoIP clients for linux based phones and OSes (e.g. Pinephone, Librem, Ubports on Droid phones, etc), and as I know, only XMPP and Matrix might have native clients (I know there are some Wire, Skype… apps on OpenStore). The problem is, the only mobile Matrix client that currently supports E2EE is Riot. And I’m not sure if it will be available for those systems anytime soon. FluffyChat might have e2ee implemented in near future. So I was thinking about buying Matrix hosting package, most likely from

In terms of security, it should be more secure than in case of self-hosting (i know nothing about that), most likely as secure as any other service (they had one data breach, so should more careful now)

But when it comes to privacy, if I use un-encrypted chats/rooms, all the data is available to service owners and possible intruders. I know they still can access all unencrypred data and chats, but how likely is they are going to do that? Also, there is still that issue with unlimited data storage, but If I could manage (request) it to be deleted from server e.g. after 30days, it would be fine.

Similar would be with XMPP (hosting from would probably be my option). It doesn’t have all the features, but clients are good, and it is even cheaper. Again, I don’t know what is status of OMEMO in mobile linux clients, so unencrypred messaging is possible scenario. And server data deletion after some time.

I would use this setup for my friends and family chats, and no confidential info would be shared (without e2ee)

My question to PTIO community is - Does this make any sense to you? :slight_smile:

1 Like

Alright, look i’m sick af right-now so tell me what exactly you want in few easy words :joy: because i want help but i’m really not understand what you mean in post

I would like your opinion on managed hosting for IM services, e.g. or . Do you think it’s wise to use them for un-encrypted chats, even if server would be set to delete all messages older than e.g. 30 days. In XMPP case it is even possible not to store data at server at all, right?

First of all i’m so sorry i’m just sick (so much) so yeah — If i got you right you mean you want host xampp server ? or even like it that you can use by xampp apps right ? if so then answer is so easy yes make make it unencrypted and there is some clients actually using OMEMO (i forgot other addon name xD) so yeah i mean most xampp servers are unencrypted ( and other are) and owner encourage their users to use encryption addon

hope you get what i mean and sorry again

Yes, I want to host/rent XMPP or Matrix server for small number of users, but also to use client apps without encryption (OMEMO, etc). But would purge data from server regularly (in case of Matrix) or not keep it at all (in case of XMPP)

if i were you i would select xampp (oh wait its xmpp, lol) because clients on most of platforms and they support encryption — i mean riot does support it but its still in beta and once you active it there is no way to get back and xmpp clients is more UI friendly than riot (i’m aware there is other clients for matrix but most known one is riot so i will talk about matrix as riot)

But I don’t want to use encryption, since no data will be stored on server (at least not for long). And it would be also easier for my family to use it. Do you think this is a smart way to do IM today?

look CIA, FBI can demand data at anytime also OMEMO encryption really easy thats why i said xmpp (riot sucks when it come to E2EE)

EDIT: if im right, signal can be selfhosted so just host it’s server and leave everything else on signal system

They can’t access it if server is in Germany :slight_smile:

The problem wih e2ee is if I use e.g. Ubuntu Touch or Plasma Mobile, there might be no Signal app or XMPP with OMEMO, or Riot… Plus, as I mentioned, it might be easier for my family members to use these apps without encryption (e.g. in Gajim you need to install plugin , then you need to verify different devices, etc.)

well. idk u can use unencrypted then send private data encrypted using pgp or aes encryption

As far as I am aware of, Matrix doesn’t support removing messages and if you invited someone outside of your paid hosting homeserver, that homeserver would get access to all messages.

Similar affects XMPP, if you discuss with someone on another server, you cannot know whether that server is keeping MAM/logs, unless you are inviting users to your MUC server in which case you have control over it.

Either way you would need to trust all involved server admins to not read the messages or MITM their own servers and ensure security of their services, and you need to decide that anything you transmit without E2EE isn’t that sensitive that you couldn’t take the risk of it getting leaked in which case I guess you would need to trust the people you chat with also.

I think I am in a bit similar situation, I have accounts on multiple public Matrix servers and am running Matterbridge to relay a <chat channel> between PirateIRC, freenode, Matrix and XMPP.

I have close friends in all of those apps and I cannot use XMPP, because one VIP is using iPhone which has horrible experience with it and I cannot use Signal, because another VIP is using Android-without-GApps and thus is missing push notifications. I keep thinking about also creating another <channel> with just the VIPs between XMPP and Matrix, but I am not sure I can answer the question if I cannot post to the main friends channel, can I post it to my partners without E2EE?

I cannot use Matrix as it’s too heavy for mine and a lot of other peoples phones and IRC more or less took my soul ~ten years ago.

It’s probably a small victory that I have avoided a Telegram relay on my personal instance, while I do have people for whom that is the only app to contact them and it’s tempting.

I am also ill, I guess the game event Matrix users may heard of me going to infected me and apparently “assembly plague” is a tradition, sorry if my rambling became incomprehensible. And I thought I was ill a week ago, but apparently not or now it’s worse…

In case you are already in a Matrix room that is similar in membership than one on hosted server, you may wish to check how many homeservers it has in by manipulating which would show you room directory information(?) for (Firefox shows it more pleasantly, below is copy-pasted from raw) e,g.

{"room_id": "!", "servers": ["", "", "", "", ""]}`

It has five servers, “”, “”, “”, “” and “” which administrators you would need to trust with whatever your content was in an unencrypted room (and that is assuming you have verified everyone or are trusting the admin to not add extra devices to your contacts to MITM. This is a bit bad example as the room is public (while not many people have cared about it enough to join) and I know all of them.

Good night

Thank you for replies

I saw this blog post on other thread
And they say XMPP groups are only stored on one server (one where it is created). Either way, it is not so important in my case, since all users will be using the same server.

I know Matrix still doesn’t have an option to delete data across federation, but it is also something they are working on. At the moment they are far from “privacy first” service, but many of cons we have are on their road-map, and I believe in their intentions to create great product.

I didn’t know there are issues on iOS, as I know there are several XMPP clients for iPhone and though that at least one works well :slight_smile:

For really important/private communication I use Wire (exploding messages) and will probably continue. But it’s notifications issue is starting to drive few of my contacts mad :smiley:

I use PC for most of the time, and try to reduce(smart)phone usage as much as possible. But again, I need to have my main communication services available there. So that’s the reason why my own XMPP or Matrix server (now managed hosting, in future maybe self-hosted) seems like the best option. The thing is, all my contacts use WhatsApp, Viber, Threema, FB Messenger… for their communication with other people, and will continue. So they probably won’t be using this XMPP/Matrix account for anything else but chatting with me, i.e. no other servers will be involved, and that’s why I think E2EE is not necessary in this case.

May I ask which one?
Isn’t any of these from the list good enough for iOS?