Matrix vs. XMPP, Security, Privacy, Apps, Efficiency ? - eviltoast

I recently saw Alex’s video about XMPP and I got curious.

I am using Element and Schildichat a bit, trying Element X and curious about the new Development here. It seems vibrant, they rewrite stuff in rust, the Apps are fancy and all.

But I tried Conversations and it seems based too, has transparent encryption, it is damn fast, usable, supports groups and files and all. Probably doesnt use the latest fancy Android SDKs but it seems solid.

I was surprised about how fast it was, as Matrix drastically varies per server. But also I found many dead communities, and in general I dont see XMPP at all, while many Projects (if not using Discord, bruh…) have a Matrix room.

How secure is OMEMO in todays standards? Or OpenPGP, compared to Matrix or Signal Encryption? I heard it also has rotating keys and all.

There are other things, like permission systems, chosen federation, privacy, bridge support and more, that are interesting. Are there advanced modern WebUIs for XMPP you like?

I saw that it uses up waaay less resources, why is that? Really, is “simply encrypted mail” somehow worse in an important way?

Similar to IRC, where I never found nice usable apps for my taste, I thought XMPP was deprecated, but that doesnt seem so?

What can you tell me about XMPP, is it modern, secure, privacy friendly?

  • TheAgeOfSuperboredom@lemmy.ca
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    1 year ago

    Can you elaborate on what you mean that Matrix is a closed protocol? The spec is open and there are several server and clients to choose from.

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      7
      ·
      1 year ago

      Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. XMPP is an open standard, truly open and if you notice you’ve had a lot of implementations of it all able to properly integrate with each other without effort.

      The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result. The kind of open collaboration where the protocol becomes mostly invisible for the end user isn’t just the objective of Matrix.

      • TheAgeOfSuperboredom@lemmy.ca
        link
        fedilink
        arrow-up
        5
        arrow-down
        2
        ·
        1 year ago

        Sorry, but nothing you mentioned has anything to do with Matrix not being an open protocol. I don’t know what you mean by “truly open”. It sounds like a “no true Scotsman” argument.

        The spec is absolutely open, and you can see it in what I linked. There are also several servers and several clients if you don’t like one written by the Matrix or Element folks. Heck, there’s even a client for emacs! Now there are compatibility issues since not every server and client implements the entire protocol yet, but that’s not an issue of openness. I used to run into problems all the time with XMPP way back when for similar reasons. I even recall something about Google breaking the XMPP protocol in some ways and causing problems.

        I’m not even sure your claim of VC funding is true, since the faq mentions several non VC sources of funding. I couldn’t find anything about VC at element.io, so maybe it’s hidden there, or something has changed a matrix.org?

        Still, discussion about not liking their business model is orthogonal to whether the protocol is open or not. Maybe we run the risk of them pulling a HashiCorp and changing some licensing down the road, which would be terrible. But I think it’s dishonest to say it’s not open.

        • poVoq@slrpnk.net
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Try contributing to the Matrix specs. It literally has a paywall (only contributing foundation members can do it) and basically any proposal that does not further the business goals of Element gets shot down by the overwhelming majority of Element employees or affiliates on the Matrix foundation board.

          So while the protocol is open to use, it does not really fulfill the typical requirement of openess in so far that it is also open for contributions and changes.

          This is totally different from the truly open standardisation process for XMPP where anyone can contribute freely and no single company dominates the process.

          Edit: the VC funding is for Element / New Vector, but that company fully controls the Matrix Foundation.

          • chayleaf@lemmy.ml
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            no? anyone can send a spec proposal here. After discussion and implementation, it may well be accepted.

            • poVoq@slrpnk.net
              link
              fedilink
              arrow-up
              0
              arrow-down
              2
              ·
              1 year ago

              Sure, you can beg them to consider your proposal, but I hope you do realize that this isn’t the same as an open standardization process, right?

                • poVoq@slrpnk.net
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  The original objection was about it not being and “open protocol”, which is not the same as having the source code of an implementation under an open source license.

                  That Matrix isn’t an open protocol has always been one of the core objections against it. This isn’t moving goal-posts, and if you fail to understand the original objection then why are you even commenting on it?

          • TheAgeOfSuperboredom@lemmy.ca
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            So is the Linux kernel not open because code has to go through review and may be rejected?

            Is Gnu software not open because you have to sign over copyright or may have code rejected for ideological reasons?

            Guido van Rossum was BDFL of Python until recently and had pretty much final say on anything that went into the langauge. So I guess Python isn’t open?

            Hopefully the XMPP Standards Foundation doesn’t just blindly merge in every pull request that comes their way! I’m sure there have been plenty of people that had to beg and still had their proposal rejected.

            You may not agree with the decisions being made about Matrix, but that doesn’t mean it’s not an open protocol or an open process. In fact it’s extremely transparent as another commenter linked to their proposal pull requests on GitHub.

            There’s plenty to criticize about Matrix. It may be overly complicated and over-engineered. If there is significant VC involvement, then the threat of enshittification is very real. Element is also quite slow in larger rooms and the search is pretty terrible at the moment.

            But, it’s dishonest to say it’s not open. I just don’t want other readers to think it’s somehow closed, when it isn’t. Discord is closed. Slack is closed. Matrix is not.

            Also, while being open is a good thing, it’s not a virtue unto itself. Visual Studio Code is an open editor but I stay away from it because I don’t trust Microsoft to not fuck it up. Likewise Chromium is open but I stay away from it because I trust Google even less.

            • poVoq@slrpnk.net
              link
              fedilink
              arrow-up
              1
              arrow-down
              2
              ·
              1 year ago

              You do not seem to understand the difference between source code of an implementation and the protocol specifications themselves.

              I think you need to read up on that first before we can continue this discussion.

              • TheAgeOfSuperboredom@lemmy.ca
                link
                fedilink
                arrow-up
                2
                arrow-down
                1
                ·
                1 year ago

                Sorry, but that’s a bit of a rude conclusion to come to considering you know nothing about me or the fact that I’ve been writing software for over 20 years.

                Anyway, I think we’ve both said our piece and I’m happy to just disagree. You seem like a cool person and I’d rather not have us get upset over semantics.

                Take care! :)

                • poVoq@slrpnk.net
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  1 year ago

                  No hard feelings and I didn’t mean to be rude, but this was a rather factual observation.

                  What you are saying is basically because you have 20 years experience of driving a taxi you know how to operate a train service. Those are just two totally different things.

        • vintprox@kbin.melroy.org
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I think some people don’t give any room to breathe to projects that just want major contributors be paid, even when, as you rightfully say, XMPP had the same compatibility struggles in its infancy as Matrix implementations now have.

          So far, there is a lot of FUD around newer protocol and that it lacks in openness. But if you look again, it recognizes versions and differences between them in the specification. Every MSC proposal covers the context of change and recommendations to implement, while keeping backwards-compatibility with older software in mind. If you make a proposal, it will be reviewed. If you need someone else besides Spec Core Team members to move it forward, flag to you - fork. But I rather prefer this model in upstream than beating around the bush and electing someone who might have lost an idea of why they are still in the project.

        • poVoq@slrpnk.net
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          There is the non-profit Matrix Foundation that functions as a thinly veiled front for the Element for-profit company that controls the Foundation in almost every regard.

      • TCB13@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything (…) The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result

        For all the people downvoting my original comment this was just out. Oh well what do I know…

        Decentralized communication protocol Matrix shifts to less-permissive AGPL open source license

        Element, the company and core developer behind the decentralized communication protocol known as Matrix, has announced a notable license change that will make the open source project just that little bit less appealing for companies looking to build on top of it.

        https://techcrunch.com/2023/11/06/decentralized-communication-protocol-matrix-shifts-to-less-permissive-agpl-open-source-license/