Compared to Signal, where does element stand today in terms of privacy and encryption? Due to the decentralized nature they werent able to offer the same guarantees from what I remember
Matrix allows for unencrypted messages so it's inherently less encrypted than Signal. The federation capability also means messages leak metadata. Furthermore, encrypted messages also contain some metadata in the unencrypted envelope. Some protocol features (emoji reactions) also ended up outside of the encrypted envelope because of that. It's a risk with any protocol that has encryption bolted on and optional.
On the other hand, you can host your own Matrix server and still participate in the network, whereas Signal will have you convince your friends and family to install a custom Signal client if you want to run your own Signal server, for instance because you don't want to rely on Amazon's servers (Signal was down when Amazon went down this morning).
Signal sacrifices network openness for encryption capabilities.
There's also the MLS/MIMI side of things, but AFAIK that work hasn't been completed yet (MIMI isn't even a full RFC yet).
Element/Matrix, with some modifications, has been chosen as the messenger of choice by the French government (Tchap) as well as the German military (BwMessenger, BundesMessenger) and healthcare (TI-Messenger).
> Matrix allows for unencrypted messages so it's inherently less encrypted than Signal.
But that logic, Matrix is less encrypted than Whatsapp, too, which is a crazy thing to say.
> The federation capability also means messages leak metadata.
It's the opposite: The centralized architecture means that there is a single target server to attack for the metadata. With decentralization, you can't easily scale up your attack to all users.
> But that logic, Matrix is less encrypted than Whatsapp, too, which is a crazy thing to say.
From a protocol perspective, it is. Without an open-source WhatsApp client and independent protocol security analysis, it's hard to judge the effectiveness of the encryption, of course.
> means that there is a single target server to attack for the metadata
Signal does not collect or provide much metadata. It has IP:port mappings, for sure, and keeps track of when a user last checked in, but the protocol itself is extremely well-suited to resist analysis.
A lot of information Matrix provides you for "free" once you break the HTTPS tunnel needs advanced analysis to get it out of Signal. Signal's protocol security is really impressive, I don't think there's anything comparable out there.
Somewhat related - Can someone explain this to me? France and Germany want to lessen dependence on American organizations, so they choose Matrix, also an American organization.
Matrix, the organisation, takes care of the open source side of things.
BwMessenger is a partnership with "ELEMENT SOFTWARE SARL" (according to https://messenger.bwi.de/datenschutz), the French entity of the commercial side of the people originally behind the open Matrix ecosystem (https://element.io/legal/company-information). I'm not sure why the French entity is doing business with the Germans as Element also has a German entity, but either way the American side is not the one doing the work.
For the American entity, a lot (most?) of the work that's not from unrelated open source contributors seems to be coming in from either EU countries or the UK.
Element is also UK headquartered, albeit with French/German/US subsidiaries when selling to those respective governments. BWI buy via France because when we started working with them we didn’t have a German legal entity yet.
Signal and any kind of Slack SaaS: US infrastructure, US law around data governance. Matrix (and Zulip, for that matter, and mattermost too) encourage self-hosting on your own infrastructure, or at least in-country, even if the upstream security patches are coming from US developers.
If it's open source (and libre software) then it's not as important where the main development offices are (or where the company is incorporated). You still have control.
Thank you, and I see it's registered in the UK.
I think it started in the US? Well, not like it's relevant anymore.
And can you answer this question:
If everyone has secure chat, then won't that benefit criminal organizations?
I struggle to understand the love for private communication when it seems like that would benefit, for example, religious sects and sex abuse rings.
NOT that I like that Zuckerborg keeping all my messages.
> If everyone has secure chat, then won't that benefit criminal organizations? I struggle to understand the love for private communication when it seems like that would benefit, for example, religious sects and sex abuse rings. NOT that I like that Zuckerborg keeping all my messages.
Yes, sort of.
The thing is, the government is already not permitted to wiretap people, at least without reasonable suspicion.
Wiretaps themselves are not admissible in court, and can only be offered as a mechanism to correlate behaviour anyway. At least in the UK. (Which, is ironic when you consider what's going on there with online speech, but I digress).
Factually speaking, in order to do a crime you have to physically do a crime, the police knowing when and where do not require access to your communications to figure out. They will sting people, get people to turn on other people or simply catch red-handed when doing ordinary police work.
If we legitimately believe what the governments of the world are saying: that we need to embolden the police. Then funding them properly is the right start, yet nobody seems to be doing that. The EU has been making cross border communication easier though, which is in-line with emboldening the police, so I'll give them that.
Having more information will do very little to help, for the same reason that phone taps aren't given out freely (and never have been) - because even if you have the data, you have to choose how to act on it, and you'd need the resources to investigate and follow-through.
There is a distinct irony that unencrypted SMS is more secure than online messengers, because there are legal protections.
Are you European? I don't understand that use of hinder. You mean prevent from using? Then no, I don't think preventing normal people from using encryption will prevent criminals from using encryption, and didn't mean to imply that
> If everyone has secure chat, then won't that benefit criminal organizations?
Probably. But criminal organizations also benefit from having electricity, or cars, or a million other things that we all would be much worse off if we didn't have them. Just because something benefits criminal organizations as a side effect is not really a reason to not do it for the benefit of ordinary citizens.
My point wasn't that we should or shouldn't have it. I just get the impression that the same people calling for privacy will be highly outraged the next time, for example, an Austin Wolf (gay porn 'star' who used Telegram to share thousands of files showing abuse of children) situation arises, or it's inevitably revealed that religious sect xyz coordinated over it. Europeans trash talk Telegram (and that is fine), but somehow Matrix is different? How?
Oh I don't think it's different at all in that respect. I think that many people are very ignorant about the inherent double-edged sword that is freedom, and think that it's possible to deny it to only bad people. On top of that, many people don't particularly value private communications, considering it to be a theoretical issue that doesn't affect them. So yeah there will certainly be outrage in cases like you mentioned.
I think these two topics need to be looked at a bit separately, similar to for example WhatsApp, where you have e2ee but there are still lots of privacy risks.
In the matrix ecosystem, as far as I understand, having only one user from the matrix.org homeserver in your room already undermines metadata privacy to some degree. Also, there still are issues with decrypting messages from time to time with certain combinations of clients, rooms and homeservers, which effectively means that the "failsafe" option for getting messages across the network is using unencrypted rooms.
Having free, secure, federated, usable instant messaging is still not solved imho, and I think it's not easy to solve. So far matrix is the best attempt in my book, but it's also not there (yet?).
> So far matrix is the best attempt in my book, but it's also not there (yet?).
IMO XMPP is the best attempt so far, but it's completely outdated by today's standards. Matrix is a modern attempt, but it's just bad. I doubt that Matrix will actually get anywhere usable in the future.
It's absolutely possible to build such a protocol with high performance, seamless UX, Signal's level of privacy and security, and Discord's level of features. It's just a lot of work to actually build the specifications and flagship implementations, compared to just building a good centralized option.
> Matrix is a modern attempt, but it's just bad. I doubt that Matrix will actually get anywhere usable in the future.
Obviously I’m biased, but I seriously suggest looking at the various vids from the Conference. Matrix has definitely had some ups and downs in the past, but right now it is in a good place.
>I think requirements also changed a lot over the years with smartphones and mobile internet access everywhere.
I recently started using an XMPP client on a smart phone (Cheogram, fork of Conversations). It handles that stuff remarkably well. Switching between, say, mobile data and WiFi takes seconds. It seems to have some way of noticing the loss of connection and immediately fires up a new TCP connection on the new medium.
I don't think this is a super useful comparison, because the two services have wildly different threat models. I think of Matrix as a secure replacement for Discord. Signal is about small group messaging. It's literally a replacement for the built-in texting app on your phone, and that's its intended userbase. Signal is what you use when you need to know, to the limit of best practices available to ordinary users, that your messages will be as private as they can be made to be. That's a goal that isn't compatible with many of the affordances people want for project discussion platforms and things like that.
If you pit Signal against Matrix and make the competition purely about security, Signal will win for the foreseeable future. But I think it makes much more sense to think about different sets of tradeoffs being more appropriate for different kinds of problems.
Signal is centralized, so it becomes a huge target of all kinds of hackers and three-letter agencies. This alone is sufficient for me to never touch it. And then, there is this:
The vast majority of people using "end to end encrypted" messaging systems fail to verify the identity of their contacts. So those running the servers can fairly trivially MITM the messages. So in practice it does matter who controls the servers.
The good thing is that verifying the other contact is invisible to the server in Signal. This means that it's stochastically sufficient that a few people do check their contacts in order to see whether there is any widespread MITMing going on.
It's less encrypted. E.g. you'd think that emoji reactions are end-to-end-encrypted (as they are in Signal). But they aren't[1]. I expect similar implementation issues wrt. the encryption in Matrix.
Signal uses a whole suite of modern cryptography, including post-quantum ratchets for key agreement and zero-knowledge proofs for group membership.
Meanwhile, Matrix has a plaintext mode and knowingly shipped libraries with side-channels for years, by their own admission (and left many clients in the ecosystem depending on the vulnerable C implementation when they rewrote their cryptography protocol in Rust).
Even today, they are not the same protocol. Olm/Megolm is distinct from Signal in a lot of ways that I've outlined in my previous blog posts.
I don't particularly care if people like Matrix, but please don't spread falsehoods about the cryptography being used.
The fundamental difference boiling down to trust isn't primarily in the cryptography; it's entirely down to the infrastructure and the root of control.
Signal is widely regarded as the gold standard for centralised E2EE, but its architecture forces you into two massive, non-negotiable trust compromises:
1) You must trust the Signal corporation with all your metadata. Every routing and handshake detail passes through one single choke point that they control. That is an unacceptable risk for security-minded users.
2) You rely completely on Signal to truthfully publish a pre-compiled binary that actually reflects the open-source code. For the vast majority, this is unverifiable in practice. It's a critical client-side act of faith.
Matrix’s design fundamentally eliminates these single points of failure, shifting the root of trust squarely to the user (or a group you trust):
1) Self-hosting; This is the game-changing feature. Host your own Synapse/Dendrite instance. Your metadata never leaves your control. You move the trust boundary from a corporation to yourself. You genuinely achieve "no communication outside your control."
2) Matrix uses an open specification. You can use FluffyChat, Nheko, or Element. This breaks the coupling between the server and the client. Even if you rely on a third-party server, you can use a client built by a completely different team, making the client-side code independently auditable and verifiable across projects. This is the ultimate defence against subtle backdoors in a single vendor's binary.
TL;DR: Signal offers "trusted third-party" crypto running on a single, unauditable binary. Matrix is decentralised, verifiable zero-trust communication. The comparison isn't about the strength of the AES key or which data it has been applied to; it's about the architectural freedom to not have to trust another entity with either your data or your code. That freedom represents an essential leap in trustworthiness.
Super nice summary. Makes me want to use Matrix again, but the clients have all been very poor in my experience. Element on desktop was okay and I used it for work without issue, but it's not nearly as slick as "scan this QR code and import your contacts" (oh that's another difference, your ability to use the network is governed by Signal allowing you to register an account, typically requiring a phone number for bot prevention, which seems like an extreme step for an app that aims to keep you anonymous.)
You might be making good points, I'm not familiar enough with the context to tell, but whining about downvotes is in bad taste, so a large part of your downvotes probably come from there, mine included.
Apologies, it's frustrating watching my comment go from +5 to -2 in a handful of seconds.
Not that I'm into karma farming (or that it even means anything), but it irritates me to think that people are gaming the discourse here.
There's an implicit groupthink when it comes to seeing greyed out comments; to the point that people may (and do) think that the comment is non-factual or at the very least unpopular. This is especially true in subjects that are critical of Signal.
Quoting the guidelines [0], if you think that's really what's happening, you can try reaching out to the mods.
> Please don't post insinuations about astroturfing, shilling, brigading, foreign agents, and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
With Signal, you can't really validate the code running on the client. Signal insists on distributing only via Google Play Store or Apple App Store, so usually updates are automatic and uncontrolled by you. And Signal has a history of not releasing timely updates of their client code, so even if you would do your own builds or compare their released code to their public updates, you would have at least a few weeks latency. And I doubt anyone would notice, since the Signal people tried hard to piss off everyone who did reproducible builds of their code.
In theory you can do the same with Signal, as they source dump their server code every now and then.
If you reject that on the basis of "we can't know if it's what they're running" or "it's a partial dump", then I don't see how Matrix is any different. Not only we can't know if Matrix servers have modified software, but we also have to trust/verify several servers instead of a single one.
