[khed]

I am excited for the phone but I don't get having matrix as the messaging app. I don't see the value in matrix. Encryption is not on by default, which is unacceptable in a modern messaging app. It leaks metadata like a seive. None of my friends or co-workers on it. It isn't decentralized enough.

They should just use briar. It hides metadata, it's encrypted, it's peer to peer. It's biggest downsides are no file transfer, no iOS client, no offline messaging.

Or better yet someone should develop an app based on one of the newer concepts like vuvuzela/alpenhorn or loopix.

[Arathorn]

Encryption is only not on by default because it is still in (late) beta. Obviously by the time the Librem5 ships this will be on by default.

You’re right that metadata isn’t protected serverside: so use servers you trust. In future the plan is to move to a hybrid p2p approach to fix this, but usability and features are more important given you can pick the servers to trust. https://matrix.org/~matthew/2016-12-22%20Matrix%20Balancing%... has more details on the tradeoff.

I’d be shocked if your friends and coworkers aren’t accessible via Matrix, given bridges through to Gitter, IRC, Slack etc. And if you want them to be native Matrix users, just invite them :)

In terms of “not decentralised enough”... the only bits which aren’t decentralised are the node which hosts your account, and (currently) the mapping DB of email/msisdn to matrix IDs. The latter is being fixed by the community currently; the former is harder but due to be worked on next year (hopefully solved by the time the Librem5 ships).

In terms of briar: it’s a great project, and perhaps it will surpass Matrix in time. But right now the battery and bandwidth requirements of running a full p2p stack on the client - as well as all the missing features you list, are a showstopper. It’s also not really set up as an open protocol/specification; just a library and app.

So, Matrix is probably the best bet for now. And we’re counting on evolving at the current rate or faster over the next year in the lead up to the Librem5 shipping.

[tacoman]

I'm a Matrix patreon supporter because I see it as one of the most important OSS projects currently and I have my entire extended family using it via a self-hosted server.

Push notifications via GCM or APN all also centralized, correct?

What do you see as taking the place of GCM or APN on the Librem 5 phone? I currently use Riot on a device with neither (5 minute polling) and the experience as an instant messaging application isn't as good as an Android/iOS device.

[khed]

Thanks for the PDF :)

If matrix moved toward pond style metadata protection I would make the effort to move my social graph on to it and probably support it financially.

As is, I don't see the value proposition of matrix. I am genuinely curious what it is. An update to xmpp? Is it that it is going to be encrypted AND federated? Many popular apps now support default encryption so that isn't much of a selling point. Conversations is federated and is not getting traction the way signal has. Being federated has benefits but they are sort of theoretical and aren't high on most people's list of concerns. Further the value proposition of federated systems is attenuated by it's downsides (slow evolution).

Meanwhile people get killed based on metadata. Seems like a more urgent problem to tackle.

[Arathorn]

An easy way to describe Matrix is as a decentralised database of realtime conversations, which are signed and replicated over the participating servers. The main novelty over XMPP MUCs is that conversations are replicated equally over the servers so there's no single point of control - it's really more a decentralised than federated model. And yes, it has (beta) E2E crypto too - albeit trying to take the best aspects of Signal (the double ratchet) whilst also making it usable for sharing conversation history when desired between devices, and actually clearly tracking which devices are participating in the conversation. The "slow evolution" criticism of federation/decentralisation is empirically fairly bogus, as long as you structure the layers of the protocol so they can all evolve independently without cross-cutting concerns.

You're right that people get killed based on metadata, which is why it's in our sights in the longer term. But our focus is first on features that make the system actually compete effectively with its centralised counterparts (encrypted decentralised Slack or WhatsApp style use cases), otherwise in practice nobody's seriously going to use it. And secondarily on protecting metadata, especially given there's stuff like Ricochet & Briar that you can use today if you're doing something where you really need the metadata protection today.

[woolvalley]

Why not port signal?

[confounded]

Because OWS explicitly don't want third party clients. It's a controversial decision, but IMO they have good reasons for it. This said, if there's a client that works on Debian, it should work on the Librem (perhaps with some UX work). Currently on desktop, Signal is an Electron app.