[acqq]

Especially dishonest of Riot promoters is to even introduce it at this very moment to the "normal" users, because

"Riot’s encryption is not yet fully stable and, more importantly, it is not yet enabled by default in chats (you have to enable it manually). This will be changed in the future, but makes it more likely for users to make mistakes until then."

Users "make mistakes"? By using the defaults? I consider it a mistake to promote it to the users with such defaults. A "secure" product which "doesn't encrypt by default"? And "it's not stable"? What does that mean? The encryption either works or not. "Almost working" is still "not working."

Then please don't write

"An alternative to Signal is Riot." It is not. As far as I understand it just "could once be an alternative."

But based on the responses I've received here to my questions about Riot, it's promising: according to them, I will be able to set up my own network of people (e.g. just my family) with which I'd like to communicate. Yay! (thanks to mxuribe and NoGravitas for the answers)

[vertex-four]

Right now, in practice, Matrix is "a better IRC". It provides bouncer-like functionality by default, federation across the whole network so you only have one identity vs having to register with each server on which there's a community you want to talk to, file sharing, voice/video chat, proper message formatting, and more.

Encryption currently works on Riot Web, iOS and Android, certain bugs excluded - but it's missing a lot of UX work. (Among other things, you have to manually verify each and every device the people you talk to use, there's no way for them to say "these are all my devices, if you trust me, you trust them" yet. You also lose chat history at present if you switch devices or log out.) If you're able to work around the UX, the underlying protocol is fine and has been audited, with certain tradeoffs discussed in the report.

[acqq]

Thank you. This is exactly what I wanted to read: clear explanation what works and surely not "it's not stable." What are the current encryption-related bugs, that is, what is their worst consequence?

I surely don't have a problem with the manual verification.

[vertex-four]

The current bugs are basically that occasionally, you can't decrypt a message. Supposedly this has actually been fixed (and wasn't a security issue), but I've seen it once or twice since. And as I say, you lose your chat history if you log out or bring in a new device. This is an important bug to fix, but it requires some UX work.

[Arathorn]

We are still chasing down the final unknown session ID bugs actually, although many have been fixed. The other big issue is to warn when unverified devices are added to a room. We are working on them all currently.

[Arathorn]

Just to be clear, the blog post here is not connected to the Matrix.org and Riot teams and is entirely independent of us. We've tried to be crystal clear that E2E is still in beta, as per https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-en.... We are not recommending or introducing it yet to normal users.

I think the intention of Titus' article is to comment on where things are going in future... hence the title: "Why Riot (and not Signal) is the future".