Real time communication

Hello everyone

i have a question related to element

according to this link the one you share in your site

PrivacyTools

Real-Time Communication | PrivacyTools

Discover secure and private ways to communicate with others online without letting any third parties read your messages.

this link

https://securechatguide.org/decentralizedapps.html#riot

say

Country of origin: UK
Encrypted by default: No
Messages stored on server: Yes

Muppeth from Github notes

  • All files can be obtained if you know URL. No need to be part of the room. Also no files by default are encrypted.
  • All contact are stored on the server in plain text
  • Server keeps track of every time you login/logout/open client without any retention time indefinatelly since the moment you created an account (that data consists of timestamp, user agent, your ip and your token
  • Server keeps track of your activity in each room indefinatelly. Each server is aware of all room participants since the inception of the room. Even if the room was not originally created on the server (as soon as user of another server joins in, the state of the room such as member list, joins and leaves etc is synced to that server)
  • Server keeps indefinatelly even things like which line/post you have read last time.
  • Server keeps indefinatelly every IP address you have used since you created account

Riot/Matrix is a great way to meet new people, and with E2EE for individual and group chats it offers a way to go dark for private conversations. Be careful though because E2EE is not on by default, it must be enabled.

While Matrix is designed as a decentralized system where anyone can choose their own server there currently aren’t very many choices. Most people choose the default Matrix home server, so there is not a lot of decentralization going on yet. Even if you do choose a different server, conversations are synced to all the servers of all the room participants. So that means that pretty much all rooms will be synced to the Matrix home server since there is most likely to be at least one person in each room from the Matrix server.

so is there any updated related to those topics

another thing related to https://status.im/
according to https://securechatguide.org/p2papps.html#status

Status sends messages by connecting directly to the devices of other Status users directly, creating a very large mesh network. When you send a message, it gets encrypted for only the recipients, but the encrypted message gets broadcast to all devices in the entire Status mesh network. Eventually all devices receive the message, but only those that have the right private keys can decrypt it. Status claims this strategy prevents anyone monitoring the network from knowing exactly who is communicating since all devices get all messages.
This is an interesting setup, however I see some potential issues with it:

  • Scale: What kind of network traffic will this produce if Status becomes popular and there are many users? Any single device will be receiving every single message sent to all other users in the network, which could put a strain on endpoint networks or use up lots of data on mobile plans.
  • Related to the first point, every message needs to be tried to be decrypted by each device. This could use up a lot of CPU time and battery power on mobile devices.
  • Since every device receives every message, recording and saving every encrypted message will be easy, and a flaw in the cryptographic protocol could have widespread consequences.

I did not find any files saved directly into public file storage on my Android device (good). But sending files and photos isn’t even a feature in chats yet so it remains to be seen if this is true when and if those items can be sent in chats.

also what your opanion about https://securechatguide.org/centralizedapps.html#safeswiss

i know it very long one but sorry

thanks for your time and have a nice day :slight_smile:

Element (Matrix) still has a long way to go, but they are improving security and privacy with each release. Also, as decentralized service, it is expected to collect more metadata than centralized ones. But it doesn’t have to be necessarily bad. You can choose any server you want, host your own, or rent one (e.g. EMS), so you as admin can limit data collection.

The reason I think Element (Matrix) is the only worthy alternative to Signal and Wire is that it works without phone number (I don’t care about giving my number, I just want to use service without installing any app on my phone), it supports all the platforms (Linux, UBports…), it adopted by large and important organizations (French government, German armed forces…), it has many great features, etc.

I tried many alternatives (SafeSwiss also), and don’t think any of them is better than those mentioned above

The developers are all around the world, some of the main ones are in the UK. A Homeserver can be located anywhere.

They are at the moment for private rooms/conversations. Obviously if it’s a public room anyone can join and E2EE isn’t really necessary. (Those are also large rooms).

This isn’t really a privacy issue because any message you send online at some point in time passes through servers. Once you release something it is out there forever. For private conversations they’re going to be encrypted anyway.

thanks for both of you @dngray @crossroads

what about status.im

I haven’t used it (maybe I installed it once to check it, but I’m not sure). IMO, if you are looking only for mobile device messenger, there is no need to use anything but Signal (which also has desktop clients, but not as feature rich as some others)

thanks for your replay

currently i am using wire as it has multi platform support and i do not like to use any service that need cellphone as it make me reachable to everyone has my phone
which i do not like

thanks again and have a nice day