this post was submitted on 07 Sep 2024
117 points (92.1% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54577 readers
54 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
what are other options?
Matrix. It can be self hosted, federated, and has encrypted chat rooms.
Anti Commercial-AI license
But terrible handling of metadata. Which is the case for all chat apps AFAIK. Like, even with OMEMO, who talks with whom, and when, can be exposed. Which sometimes is enough to get legal issues (e.g. Ola Bini's case)
Speaking about XMPP, compared to centralized services, at least the "who talks to whom" and metadata concerns in general are partially mitigated by not having all the metadata converge towards a single host, being able to selfhost, and being able to host behind tor/i2p/...
I want to like Matrix but it has some serious usability issues (at least Element does, its flagship client).
I haven't used Revolt but looks a lot more polished.
Matrix is great and works great.
Element is a semi abandoned client that happened to come from some of the makers of matrix.
Use literally anything else. Fluffychat works for me. Element is okay for debugging sometimes so I keep it handy.
But the commenters point stands. In matrix, you can send whatever you like, as illegal or morally corrupt as you wish because its nobody‘s fucking business AND e2ee.
If someone on my server sends csam, I would never know unless someone reported it to me. Because thats how privacy works.
The new Element X is really great, but only available for iOS and Android. Unfortunately no desktop or web version.
It is pretty good but pretty reduced in functionality imo. Thats why I generally suggest fluffychat. Its nowhere perfect either but it works better on a daily basis for me.
it wasn't abandoned, they are developing an overhaul with a more efficient sync API that required them to rethink how it works internally
I know. I said semi abandoned because element x is their focus, which is the reason they are not adding features to element and are hesitant to put in fixes for things that would require massive changes.
This is still not ideal because the flagship app isnt advancing in a good speed. Thats why I dont recommend it.
How it works (to simplify) is them giving up on matrix clients ever becoming performant and well behaving on handheld devices (because of the absurd complexity of the protocol), and, instead of doing something about that, just decided to shift the client logic onto the server and castrating the clients (esp. for offline features). It's also good short-term business because it makes hosting Matrix even more cumbersome and expensive, giving a compelling reason for the type of midscale/corporate deployments previously on the fence about their self-hosting costs (due to poor design and scalability) to just pay Element for that (while probably contemplating an alternative future).
Element is a complete disaster.
Like, completely unmaintained and broken.
Isn't matrix like an absolute non for privacy?
Why? You can connect over a VPN or TOR, can sign up with an email, and it can most likely be hosted on a as a hidden service on I2P or TOR.
How is telegram better?
Anti Commercial-AI license
I've never said Telegram is better. I'm just saying Matrix is also bad.
XMPP is the future.
I wasn't aware of that. I've even seen vendors using it.
I know it's E2EE and open source but there is a lot of Metadata.
What other limitations does it have?
Matrix has the tendency to require all participants's servers to replicate all of the room state (who joined when, who said what when, whose avatar changed to what when, ...) practically forever, and is sucking a ton of bandwidth and CPU for the privilege. It's pretty bad, unfixable, and, if you ask me, over hyped.
I tried a Piracy group in Matrix and there was less than 100 users...and the only active poster was a bot (or honeypot) advertising explicit CSAM related telegram groups for purchase.. just looking at the words made a pit in my stomach
That's the double edged sword with no moderation abilities
there are moderation abilities, but instead of all-seeing global moderators it must be done by the little poor room owner, and the mods they have granted permission.
if the existing owner/mods don't do that, and disgusting content starts appearing in the room, that means they probably aren't active anymore, and that it's time to make a new room with the still active members before something even more damaging happens, like an uncontrollable high volume spammer, at which point you won't be able to tell the others that you have made a new room.
Hmm, sounds like the P2P version has been paused for the forseeable future:
https://arewep2pyet.com
https://matrix.org/blog/2020/06/02/introducing-p2p-matrix
https://matrix.org/blog/2023/09/matrix-2-0
I don't know of any encrypted P2P chat 🤔
There is anonymous IRC over I2P which isn't the same but might be good enough?
Maybe there's even matrix over I2P.
Anti Commercial-AI license
There is Tox which is P2P and encrypted and basically does this, but it's not that popular.
Basically with P2P things get complicated still having fixed rooms that you can find in a list or send offline messages, presumably using other nodes as temporary relays.
I imagine it comes with the problem most P2P chats come with: both sender and receiver have to be online at the same time, otherwise the message cannot be delivered.
Although, if people were serious about anonymity, they'd be using such a service (or similar).
Anti Commercial-AI license
Yeah. I mean theoretically you could use all the other nodes, similar to Tor or I2P to relay and temporarily store chat messages and room states. I mean that is basically those networks except maybe you route a package multiple ways and mark them for late delivery. And you measure the speed and latency of nodes so better connected nodes get more workload and act as temporary floating servers. All via DHT.
Then theoretically there should be no performance difference between server based and P2P chats. But it's even more complicated. I don't even need a chat like that, really not at all. But I think it should exist already.
It's maybe difficult to maintain privacy. The destination needs to be known and has to somehow notify other nodes that it's waiting for messages. I don't know if that can lead to traffic profiling to along the path (if enough nodes are owned) to deanonimise.
The sender can probably sealed like signal does though.
Anti Commercial-AI license
Matrix works over i2P and Tor, just proxy the service.
P2P chat could include retroshare but it's not really a solution due to a variety of ux issues.
SimpleX chat.
XMPP; an open protocol that can be as basic as IRC or extended to support everything Telegram does and more. Decentralised (since it's a protocol), and E2EE through OMEMO or by encrypting with PGP client side is something your provider can't even have control over.
Other options for what exactly? Telegram practically has the same privacy and encryption guarantees as late 90's forums and bulletin boards. If you want to learn nothing from that, keep using a centralized nonstandard service deprived of end-to-end encryption!
For easy piracy like telegram? None
there are many solutions, but they should stay hard to find
Signal is probably the best option because it's as easy to setup as Telegram and others.
Signal is unfortunately as vulnerable to this as Telegram is, as it is a fully centralized service so once the CEO is grabbed is Game Over. Something like jabber / XMPP would be better.
Signal is E2EE encrypted (similar to Telegram's secret chats but probably better) so it's less vulnerable. If people know about it they can ask Signal to ban you, but they can't just passively spy on everything.
That said, XMPP is better still IMO.
(Edit: centralization isn't as big a problem as you might think with Signal. The wealthy own the whole world now. You can't set up somewhere outside their jurisdiction, you can only stay ahead of them as they force people to stop hosting you. Sending a takedown to Signal is the same as sending it to your hosting provider, do not fool yourself. )
You can host (tens? of) thousands of XMPP sessions on a RPi at the back of your router or in a field hooked to a PV panel and sim card, and none of "the wealthy" knowing or caring about it, though. The difference with signal is that everyone can do that, and everyone doing it expands the network and makes it more resilient for the benefits of all.
@nintendiator @someonesmall Matrix
My understanding is that Matrix is worse than XMPP in basically every way.