Why didn't they make it so a room is only hosted on one server and everyone participating can access it with an API from every other server? Why does every room need to be copied to every other server creating infinite bloat and making it impossible to run your own server? Are they retarded or is there a deeper reason?
you can disable federation entirely so its just your server.the bigger problem with it is the normal server stack is architected and documented like ass, the only way i could get it installed is with the ansible script which doesn't expose admin APIs which mean management is going to be a giant pain in the ass. users also need email verification (???wtf???) or their data gets wiped upon every login. this is such a shitty pozzed software and if it werent for its pretty UI this would be considered unusable garbage. fuck this shit and fuck discord. i guess we just have no good alternative. oh well.
>>108110039>users also need email verificationWhere? I never needed one for any of my accounts
>>108110299even after disabling email verification requirement in config i get this every time I log in
>>108110427You need to restore your encryption keys or sync them with another device. You are keep deleting the only copy you have, how are you expecting this to work? This has nothing to do with email verification.
>>108109811>Why didn't they make it so a room is only hosted on one serverThey specifically wanted so that rooms don't die if the server on which it was created dies, otherwise there's no reason for course
>>108110456yeah even after creating a recovery key and enabling encryption it will still ask me to verify on every login. is this just because im using browser? will app client not require this?
>>108110541nope still asks me to use recovery key every single time.
>>108110596dork, im telling you that the client forgets after every logout. i sign in. i verify keys. i log out and log back in. it asks me to recover. every single time. why?
>>108110541>after creating a recovery keyBut did you use said recovery key?If you use it, you don't have to verify.Pic related is the first screen you saw on login. And you didn't click on "Use recovery key", you clicked on "Cant confirm".
>>108110613yeah i didnt set up the key at first. but even after i did it's still endlessly asking for it. is the idea that you're just supposed to never log out?
>>108110604>client forgets after every logoutOf course?What is it supposed to do?It is End-To-End encrypted.If the server saves and remembers your keys for you, it isn't End-To-End.You also specifically clicked on "Can't confirm", otherwise you wouldn't have gotten to the screen that you showed.
>>108110604>it asks me to recover. every single time. why?Because it is E2EE>is the idea that you're just supposed to never log out?You don't even have to use a web app, you can use any native client.If you want to always keep your encryption keys local, you indeed should not logout.If it would keep your encryption keys while you are logged out, it would be lying to you. Log out means that the encryption keys of that session are dropped.It can't be any other way.
>>108110631the server wouldn't have to save them... the client (and even your browser) could absolutely hang on to your keys for you, but it just doesn't
>>108110670>the client (and even your browser) could absolutely hang on to your keys for youThat would be insecure as fuck.You would be living in a world of pretense. The encryption keys are far more important than your username and password. What dd the logout then achieve?If you don't want to use E2EE, then just don't. You don't have to. Click away that warning, you will still be able to see every single unencrypted room. Or use a client that doesn't bug you with that warning.Just consider it a 2FA login and it seems far less annoying. Imagine setting up a TOTP or passkey, and then you are annoyed that it asks you for a TOTP or a passkey on login.
>>108110764it would be the equivalent of my keys falling off my keyring every time i pulled them out of the lock but i get what you're saying and how this functions, thanks for your time
do any of the alternative clients support element call?
>>108109811>Why does every room need to be copied to every other serverI hate this so much, because it blows the database so hard and the only thing to stop that bloat is a tombstone.. so basically: Close the whole room and make a new one and refer to it.I get the whole "archive everything" mindset. I am not opposed to it. I also get the "rooms should be independent of homeservers" thing, even thought that i consider this low priority.But surely there could be SOME way to avoid this state bloat.Maybe SOME form of room that is local to one homeserver?>>108110815It's ok anon. We all had to learn that E2EE is uncomfortable at one point.The best course of action is to just not use it when you don't need it. A public room doesn't need it.It also teaches you that Signal E2EE is equally bad as the one WhatsApp has. It is worthwhile knowledge.XMPP has three different standards of E2EE and the only one that is widely supported by clients is the one marked as "deprecated" and another one that only encrypts chat messages once and only in DMs.>>108111806There are two different forms of calls: The Jitsi thing or the direct voice call thing.Jitsi is the conference call and works best.The direct voice call thing needs you to setup a turn server and is prone to fail.Jitsi is also supported by FluffyChat, i don't know any other.Direct voice calls are supported by nheko and Commet.Nheko is a proper native application, its great.NeoChat is also a native application, but it is super buggy and it was always buggy, for years now. But NeoChat supports running multiple accounts at once. It has a built-in account switch. Very great.
with ties to pissrael what do you expect?
>>108112000>It also teaches you that Signal E2EE is equally bad as the one WhatsApp has.LMFAO troon knows nothing about double ratchet matrix e2ee is backdoored to hell and uploads all your keys to your ""home"" server where the server owner or vps can just crack your backup only need to crack 1 key instead of every message key dont forget messages are never deleted from homeservers making this very convenientsignal is the only good im it is as safe as it gets in combination with iphone 17 with memory tagging
>>108112112Matrix uses double ratchet and the experimental xmpp proposal as well.And double ratchet doesn't save you from having to do verification.In fact, all those recent leaked Signal groups (of both the Drumpfi guys and those epic anti-Drumpf protesters) prove just how important vereification is.We have recent real world examples where people, who used Signal, got fucked in a way they wouldn't have gotten fucked at if they would have used a secure messenger who forces verification on you.No verification -> No security
>>108112179it doesnt matter that it uses whatever pseudo double ratchet when it uploads all your keys to a server protected with single passphrase nevermind the fact signal double ratchet is on the entire networked binary meanwhile matrix only uses it to encrypt one field in 50mb json message>sperging about signaldont invite journo scum to your place btw trump won you lostSECURITY IS WHEN YOU UPLOAD ALL YOUR KEYS TO NSA OWNED VPS AND GET THEM CRACKED IN 5 SECONDS WITH SINGLE GPUdont try to bullshit me with made up security i make millions doing cryptanalysis
>>108112000https://github.com/element-hq/element-call/tree/livekitWhat about this? Comes by default with the server suite
>>108112223>its PSEUDO, not the REAL ONE, that is used by WhatsApp and Signal!>only use officially as safe and secure declared messengers like Signal or WhatsApp (uses "the Signal protocol")Enjoy your Signal chats getting leaked.Signal is also only developed by a single person for years now, nobody else knows whats going on and there is no code review whatsoever, they just merge in whatever they feel like. How the fuck would you ever even claim that this is secure?Signal is the worst garbage out there. Don't fall for the glowfag lies.>but but matrix does this thing that it doesn't even doyeah, cool, i can construct a fantasy universe as well
>>108112247Better ignore that for now.It's a new thing in development, only works with Element X (unfinished and missing many features like spaces) or SchildiChat Next (better, but a fork of Element X).It might get dropped one day, when they are again out of money.
>>108112271the passphrase you are given or password backup you manually generate is for your private keys which are uploaded to the server you useless goyimhttps://spec.matrix.org/latest/client-server-api/#deriving-keys-from-passphrases>matrixmessages are forever stored by everyone, you are never able to delete your informationsingle key that can unlock everything uploaded to server>signalkeys never stored anywhere and securely erased from rammessages never stored server even encrypted ones, automatic deletion from chat historytrump won btw you lost enjoy palantir database tranny your entire digital footprint is ez to decrypt i will continue getting paid to own your chat communication networks
>>108112223>dont invite journo scum to your placeWho says that they invited them?Nobody in Signal verifies anything and it doesn't force you to, so the Signal backend could have just """coincidentally""" decided that the invite goes to this other guy, or pretended for him to be someone else.
>>108112338the server has no authority over chatsyour client will only share keys with users whom it is aware ofi hate goyim techlets so much cant even run signal server in pit setup and pentest it
>>108112326Oh look, something optional, that you don't have to do and many clients don't even support!Surely Signal has none of that, right?https://support.signal.org/hc/en-us/articles/9708267671322-Signal-Secure-BackupsOoops, looks like Signals Double Ratchet algorithm is fundamentally broken and backdoored to hell and uploads all your keys to signal servers!>>108112354>has no authority over chatsOh look, dishonesty!Who could have expected this!>with users whom it is aware ofI wonder how those users are found and who is in charge of this!
>>108112354So when Signal automatically finds your friend with his phone number in your address book.How do you think does that work?What makes you think that Signal can't just.... give you someone else?
>>108112435the backup is optional on signal, meanwhile on matrix its done automatically when you log in and you cannot avoid it there is no way to avoid having all your keys being stored on the server low quality backdoor dumb izzat rat shill>Is Secure Backups optional?>Yes. This feature is opt-in.>MUH MAGIC INVITEthe server has no authority, i already tried your meme idea decade ago i get paid do to this you worthless goyim
>>108112476It is optional on matrix as well.You lost.
>>108112455it cant give you someone else only try to mitm the key exchange which will fall apart if the person gets online, you are advised to verify safety keys in person
>>108109811Just use IRC.
>>108109811i want whatever brand of paint product the matrix guys were abusing when they made database as a chatroom
>>108112488yeah bro optional you just have to not login>still seething about trump and ice
>>108112504It can just give you someone else to begin with.What does it change when the other person come offline? The signal server can just completely cut that guy off from you and pretend that someone else is him.People kept telling you that requiring a phone number is a big huge red flag. And it is obvious why.Signal also syncs your whole address book to them, because the app asks who has signal.Add the google notifications on top of that, and the result is a "safe and secure encrypted messenger" who is as safe as Facebook.
>>108112678>Signal also syncs your whole address book to themcontacts permission is not granted by default since android 2>What does it change when the other person come offline?comes online* learn to read there would be double key exchange fuckery>It can just give you someone else to begin with.does not differ from key mitm>Add the google notifications on top of thatcontent not included>The signal server can just completely cut that guy off from youwow what a not huge red flag that is easily provable via secondary channel and wouldnt destroy signal reputation if it were to happen im sure it happens daily>People kept telling you that requiring a phone number is a big huge red flagits a good thing, prevents spam and it is trustworthy source of identity>and the result is a "safe and secure encrypted messenger" who is as safe as Facebook.thats a lot of mental gymnastics, but matrix still uploads all your keys to their servers kekstill not downloading your gay school project chat app muh communist free and open sauce low quality code will save me from ice *uploads all keys to nsa*
