[unicornporn]

Matrix/Riot.im is federated and has E2EE. It also has brigdes for IRC, Telegram etc. Here's a native client for macOS: https://neilalexander.eu/seaglass

Web client: https://riot.im/experimental/

[im3w1l]

Matrix is also experimental. About a year ago it kept losing my key meaning I couldn't decrypt old messages. I still use matrix, but I don't have any illusions that it's more secure than tox.

[Arathorn]

We're not aware of any bugs where Matrix clients lose your e2e keys (other than one where changing your password may cause clients to log out and remove keys for safety). If you saw it keep losing keys, i'm going to guess you configured your browser to delete local storage when you close the tab... in which case, unless you export the keys, we have nowhere else to store them.

That said, we've also just implemented the optional ability to encrypt and backup your keys on the server, but obviously comes with other tradeoffs.

In terms of security, the core crypto has been audited, as per https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-en...

[im3w1l]

It hasn't happened in a year (I still use it) so whatever the issue was I don't see it anymore :)

[crtasm]

I tested riot.im in a private Firefox window recently, obvious with hindsight but it didn't occur to me I should export keys and I didn't spot anything in the interface to make me aware or prompt me to action.

Great to hear you've added the option for server stored keys now.

[Arathorn]

yeah, it's a tricky one because by the time you've closed the window, it's too late to export keys.

The new online key backup stuff landed a few weeks ago on the develop branch, and will be making it onto the main release over the coming weeks :)

[jake_the_third]

> I don't have any illusions that it's more secure than tox.

That conclusion doesn't follow. How does the client loosing your key cause you to consider matrix itself as less secure?

[ndnxhs]

Matrix has also had a proper security evaluation