[HN Gopher] Element - All-in-one secure chat app for teams, frie...
___________________________________________________________________
Element - All-in-one secure chat app for teams, friends and
organisations
Author : dunefox
Score : 239 points
Date : 2021-01-10 14:02 UTC (8 hours ago)
(HTM) web link (element.io)
(TXT) w3m dump (element.io)
| gavreh wrote:
| I am using this as I move from Google Chat (Hangouts). Convincing
| friends to move over is the hard thing, but the fact that they
| have a web interface is key in convincing them to switch,
| compared to competitors.
| rq1 wrote:
| Worth to be noted: the app and the underlying protocol are
| protected against unilateral removal or blocking decisions from
| different app stores or cloud providers.
| 13415 wrote:
| How?
| m-p-3 wrote:
| I guess with the openness of the source code, the multiple
| clients available, and the ability to host your own instance
| (Synapse) it would be kinda hard to make it completely
| inaccessible.
| motiejus wrote:
| I have replaced Hangouts, WhatsApp and Messenger front-ends on my
| phone and laptop with Element. I have been running the Matrix
| bridges for each[1] and am donating monthly to the creator. It's
| worth it.
|
| So far the "network effects" have been coincidental: one small
| group of colleagues registered on matrix.org after one more
| colleague from our small circle turned out to have a home server.
| There are 7-ish of us now, 2 with their home servers (myself and
| the "other colleague"), and 5 with accounts on matrix.org.
|
| To go "native", I see one lacking point with discoverability: I
| don't know of a way to discover my "contacts" whether they use
| Matrix without asking them first. Which is not true in any other
| messaging apps I have tried: Signal and WhatsApp use my address
| book and their phone numbers, Messenger is tied to my "friends".
| However, although Matrix allows entering phone and e-mail
| identifiers, I haven't seen an easy way to "find" them. Any
| pointers?
|
| Overall, Synapse is easy to install and run. Took about two
| evenings to configure synapse + 3 bridges (whatsapp, messenger,
| hangouts).
|
| [1]: https://matrix.org/bridges/
| thinkmassive wrote:
| Regarding contact discovery, that seems to be the purpose of
| the identity server:
|
| https://matrix.org/faq/#what-is-an-identity-server%3F
|
| Many people run their own homeserver but I haven't heard much
| about identity servers besides the official one at vector.im /
| matrix.org.
| 2Gkashmiri wrote:
| So how much of a vps you need to host like 100k users? More
| users? I tried to look but couldnt find much information.
| justaj wrote:
| Depends on what server implementation you're going to go for.
|
| Synapse is the reference implementation currently, but also the
| most resource hungry. For 100k users I would be looking at 24gb
| RAM and 256GB+ storage space. Along with multiple cores.
|
| If you don't need as much features, then you can try Dendrite
| which can have 5x to 10x less resource usage than Synapse.
| cvwright wrote:
| I'd be surprised if 24gb is sufficient for 100k users. Back
| when they switched Synapse to Python3, they showed a graph
| where the matrix.org homeserver had something like 8-10
| syncotron processes consuming 8-10gb each.
| kitkat_new wrote:
| probably twice as much as the German military for 50k
| RL_Quine wrote:
| You would need a serious dedicated server if it was possible at
| all. Matrix as a protocol is excessively resource hungry,
| there's a reason the default matrix.org server runs like
| treacle.
| skinkestek wrote:
| A dedicated server or two for the communication for 100 000
| people seems completely reasonable IMO.
|
| They probably don't need to be expensive either.
| 2Gkashmiri wrote:
| So whats the idea for matrix to scale? If they want more
| people to join servers other than matrix.org, how will it
| happen?
| stryan wrote:
| Besides what others said, I believe you can now shard
| Synapse and scale horizontally (part of why matrix.org has
| gotten faster recently).
| RL_Quine wrote:
| Matrix.org still has message latency of over 30 seconds
| pretty regularly unfortunately.
| feanaro wrote:
| The reference implementation (Synapse) is written in
| Python. There's a next-gen golang server in development
| called Dendrite and also Conduit, which is written in Rust.
| Both of those are expected to have better performance.
| INTPenis wrote:
| Maybe. Not very good PR when matrix.org is having massive
| performance issues all the time.
|
| What fascinates me the most about matrix is that an org could
| setup their own federation bubble. Like a big game company would
| setup a new synapse instance for each studio they purchase and
| just federate them all together for a sort of DIY MS Teams
| alternative.
| ajot wrote:
| Didn't Mozilla migrate their IRC chat to Matrix recently?
| kitkat_new wrote:
| afaik this is what France did with their government
| pw6hv wrote:
| The application was called Riot earlier and went through a
| rebranding in July 2020:
|
| https://element.io/blog/welcome-to-element/
| agilob wrote:
| It also called Vector before.
| monopoledance wrote:
| Both sound better than 'element' to me.
|
| "Comms app" isn't exactly what I expect to be 'atomic', or
| 'simple', either. Aaand "Element Matrix Services"? bitch,
| please... XD
|
| 'Element' is so un-cybery, feels dated. First association is
| Bam Margera and teenage skateboard consumer culture. The
| uncool one, lacking punk rock and attitude. Such a 2000s
| word.
|
| Anyway, naming things is hard and annoying, so I am glad they
| found something _they like <3
| kitkat_new wrote:
| uncybery describes it well
| Shared404 wrote:
| I agree. I believe the change in name was at least
| partially to make it easier for IT to sell to management.
|
| I don't envy the person trying to convince their manager to
| switch to Riot.
| monopoledance wrote:
| But 'vector' sounds fine and cyber. Or 'scalar'.
|
| They could at least go with 'LMNT' (leet manager's new
| tool) and make the logo a cyber ambigram, like this: `
| |_|\|\|-| `.
|
| As you can see, I do sympathize with their struggles XD
| Shared404 wrote:
| IIRC, I saw in a discussion somewhere that most of the
| math related names are already taken, and Vector was
| moved off of for search rankings or some such thing.
|
| And yeah, Element is a pretty boring name.
| meowface wrote:
| I suppose it's safe to assume a horrific atomic accident is
| on the horizon?
| louib wrote:
| Been using Element for a while now (since back when it was called
| Riot). So far so good. I managed to convince a few friends to
| switch over from Hangouts and Signal. There's even a Rust Weechat
| plugin for Matrix, the underlying protocol. Would love to hear
| feedback if anyone tried it.
| antpls wrote:
| For anyone wondering how it compares to Signal privacy wise:
|
| Signal works with a contact list, for private 1 to 1 and private
| groups. You need a phone number to use it, and they claim to
| encrypt almost all metadata, such as message senders. Signal
| claims they cannot read the content nor the history of users
| actions (but you have to trust them on that, they claim to use
| SGX enclave stuff, but can anyone technically verify that they do
| what they say they are doing?)
|
| Element works with rooms, there is no contact list. A 1 to 1
| conversation is a room with 2 people. The homeserver Matrix.org
| stores all metadata and they are readable (metadata are not
| private/not encrypted) by Matrix for some features to work. You
| only need a nickname to use it (at least for now). The content of
| conversations are e2e encrypted. In theory, i understand it would
| be possible for a matrix server to delete any metadata/messages
| once messages are delivered, but some features would not work,
| and you would also have to trust the server to actually delete
| the metadata.
|
| Would be happy to read anyone who could correct or complete me.
| jszymborski wrote:
| Would anyone be familiar as to how to regularly purge metadata
| (or even message history) from homeservers?
|
| I run my own server and don't need my message history to live
| forever there.
| gary-kim wrote:
| Set the retention policy setting on your homeserver (I'm
| assuming you're using Synapse): https://github.com/matrix-
| org/synapse/blob/bce0c91d9a89097c9...
|
| I also have mine set up though without a default_policy so I
| can have the server forget stuff in my bot control rooms
| cause they get cluttered with useless stuff pretty fast.
| redsolver wrote:
| The main difference is that you can choose your own homeserver
| and communicate with users on other homeservers which makes the
| Matrix protocol decentralized or at least distributed. So when
| I'm @redsolver:matrix.org, I can still chat with
| @bob:example.com just like with other distributed systems like
| email.
| suyash wrote:
| Element looks like more of a hassle specially for non tech
| savvy users in my family circle, I'm trying to get them to move
| to Signal from WhatsApp / FB Messenger.
| kitkat_new wrote:
| how so?
| suyash wrote:
| look at the setup steps and compare that with installing
| Signal app
| kitkat_new wrote:
| set username & pw?
|
| people get that done - look at Instagram which grew
| despite having to do the exact same
| sundarurfriend wrote:
| Out of curiosity, why Signal and not Telegram? I don't know
| details about either, just that Telegram seems more popular
| with reportedly a better UI for non-technical people.
| kitkat_new wrote:
| Telegram does not really support e2e encryption, except for
| 1:1 chats (which will only work on one device and must be
| activated explicitly)
| arghwhat wrote:
| Matrix: Every home server involved in the chat stores the
| message, and messages on matrix are therefore most considered
| permanent.
|
| As matrix is federated, every user can be on their own
| homeserver, which will be storing a copy of all messages seen
| by that user.
|
| E2E is more recent and optional. Most rooms are not E2E, and
| have browsable history.
|
| Signal: Only E2E, with clients themselves storing the only copy
| of messages. You can only see messages that a device has
| received.
|
| Any app you did not write/review and compile requires trusting
| the author, so this is not a signal specific concern. A crypto
| app can always store and send keys to a server if it wanted.
|
| However, unlike WhatsApp, these apps are open source and _can_
| be reviewed and compiled if you so desire.
| kitkat_new wrote:
| I doubt that most rooms are not E2EE. People usually have
| more private conversations than public ones. Private rooms
| are the default and they default to E2EE.
| oehtXRwMkIs wrote:
| E2EE by default is a recent change so I doubt it.
| snvzz wrote:
| >E2E is more recent and optional. Most rooms are not E2E, and
| have browsable history.
|
| E2E is actually turned on by default, as of about one year
| ago.
| eredengrin wrote:
| > Most rooms are not E2E, and have browsable history.
|
| Not sure how this is meaningful especially without further
| context. A large number of rooms on matrix are public
| channels to begin with (eg bridged rooms from irc, open
| source collaboration channels, etc), so they have no need for
| e2e encryption. All this is really saying is that E2EE is
| optional, which you already said (and which I'd also argue is
| probably irrelevant, especially given that E2EE is on by
| default).
| busrf wrote:
| Have you read this very extensive blog post on how the SGX
| enclave is used for Signal's contact discovery?
| https://signal.org/blog/private-contact-discovery/
| swebs wrote:
| Edit: Whoops, wrong thread
| turnerc wrote:
| I guess this was meant for
| https://news.ycombinator.com/item?id=25719796 ? :)
| swebs wrote:
| Whoops, thanks
| Hnrobert42 wrote:
| Should be ShowHN:
| ColinWright wrote:
| Disagree. "Show HN" is for when someone has themselves made
| something and are submitted it to HN to show it. This is not an
| example of that.
| niutech wrote:
| Previous comments: https://news.ycombinator.com/item?id=23842179
| Uninen wrote:
| I tried the iOS client yesterday but could not log in (to a well-
| known third-party server) and the app just did not work at all.
| The error stayed on the login screen no matter what I tried, and
| it did not offer any debug info or help, and I just couldn't get
| past it.
|
| I've been developing software for 20 years so I know something
| about buggy software and different stages of completeness so I
| usually give open source projects more slack but after 30 minutes
| I just gave up and uninstalled the app.
|
| I really hope these kind of projects get more funding and wind
| behind them to get a bit more mature so there would be serious
| alternatives for the likes of Whatsapp.
| remram wrote:
| I'm surprised Matrix is on the front page as much as it is. I
| mean, it's cool tech, and I use it myself, but it really seems
| like it's up there every other day.
|
| Is there an update that warrants this new post?
| Steltek wrote:
| Probably the gold rush for decentralized, censorship-resistant
| platforms for the Right to jump to.
|
| This is bad for any mainstream ambitions by the Matrix team. If
| it becomes the next Gab/Parler, normal people will avoid being
| associated with it. I know this association would absolutely
| sink my friends exploring the platform further while we're
| exploring alternatives for when Google Hangouts is
| decommissioned.
| ZoomZoomZoom wrote:
| I don't see people avoiding using phones even though neo-
| nazi, criminals, redheads and people with sexual preferences
| radically different from theirs use them constantly.
|
| Matrix is not a platform, it's a protocol and some
| implementation software developed in the open.
| swsieber wrote:
| Yeah, I'd see more of an issue it matrix was a platform.
| It's more akin to email.
| johnchristopher wrote:
| You mean in a few years there'll be only 3 or 4 free mail
| providers with e2e disabled for convenience[0] and data
| broker objectives (as a mean to pay for the service) and
| only a selected few can federate (because hey, spam or
| something) ?
|
| Like Mastodon, Matrix has it built-in in its principles
| that a federated instance can prevent being contacted
| from another (this is the whitelist setting). Feel free
| to correct me, I am not 100% sure.
|
| [0] or available for real money !
| _1100 wrote:
| And these distinctions are esoteric to most.
|
| If the headline "(extremist group) use / flock to matrix to
| plan (nefarious thing)" shows up in the news, these
| distinctions hardly matter anymore.
| yorwba wrote:
| Has the headline "(extremist group) use / flock to
| WhatsApp to plan (nefarious thing)" ever dissuaded
| someone from installing WhatsApp? Probably, but it got
| popular anyway.
|
| https://www.express.co.uk/life-style/science-
| technology/6275...
| kitkat_new wrote:
| Do you think they notice that Element uses Matrix as a
| protocol?
| karatinversion wrote:
| So, it's important to get this right. In reputational
| effects, like this one, we don't care about
|
| P(I use this | I'm a bad person)
|
| because, like you point out, this obscures cases, like
| breathing air, where P(I use this) is already high.
| Instead, we care about
|
| P(I'm a bad person | I use this)
|
| And we especially care if this conditional probability is
| perceived to be high. This is because then your potential
| users will worry that if they use your product, others will
| make the (justified!) Bayesian inference that they are bad
| people. Because they don't want to be seen to be bad
| people, they will avoid it.
| feanaro wrote:
| Considering the substantial and increasing
| government/military usage of Matrix, I don't think this is a
| realistic scenario, but I guess only time can tell.
| iotku wrote:
| >If it becomes the next Gab/Parler, normal people will avoid
| being associated with it.
|
| Matrix's policies are pretty well enough to keep them pretty
| far out of contention for such a comparison
| https://matrix.org/legal/code-of-conduct#definitions
|
| > I know this association would absolutely sink my friends
| exploring the platform further while we're exploring
| alternatives for when Google Hangouts is decommissioned.
|
| Should there be such rooms (that still fall short of being
| removed for "abuse") you're not forced to join them. No
| different than you not joining Google Hangouts full of people
| you'd rather not talk to.
|
| Chat systems like IRC/Element don't force you to join and
| speak with anyone you don't want to unlike social media sites
| which try to have literally everyone in the same pool.
|
| If your standard is "people I don't like are able to use this
| service" you will find no service that will have 0% of said
| people.
| Steltek wrote:
| You may as well say, "There's nothing wrong with
| Gab/Parler/Voat as long as you stay away from the political
| discussions". It doesn't matter. Your technical and logical
| distinctions are minor and irrelevant to most people
| compared to an overwhelmingly negative reputation.
| iotku wrote:
| >You may as well say, "There's nothing wrong with
| Gab/Parler/Voat as long as you stay away from the
| political discussions".
|
| It's just a fundamentally different system than what
| you're comparing it to and has many well established
| communities that aren't what you appear to be alluding
| to.
|
| >It doesn't matter. Your technical and logical
| distinctions are minor and irrelevant to most people
| compared to an overwhelmingly negative reputation.
|
| Are there any major situations involving matrix that you
| can point to?
|
| I'm not aware of any major issues and just because it's
| not one of the major social media platforms (arguably not
| even social media depending on your definition) doesn't
| mean it's inherently bad.
| Steltek wrote:
| > It's just a fundamentally different system than what
| you're comparing it to and has many well established
| communities that aren't what you appear to be alluding
| to.
|
| You may as well be telling me how wonderful BitTorrent is
| for downloading Linux ISOs and to ignore that whole The
| Pirate Bay thing.
| iotku wrote:
| >You may as well be telling me how wonderful BitTorrent
| is for downloading Linux ISOs and to ignore that whole
| The Pirate Bay thing.
|
| The hash checks help validate that the ISO file is
| properly in tact and not corrupted in transit and the
| peer to peer nature keeps speeds high by distributing the
| load between multiple peers.
|
| Have a nice day.
| profsnuggles wrote:
| It's probably on the front page because of the Prosody post
| that is on the front page. Matrix is on the front page because
| it's really the only open protocol that has a chance of gaining
| non-technical users.
|
| I run a matrix server, which has been nothing but a constant
| pain. My friends that use it can also use my ircv3 server or
| xmpp server that I run that use no resources and take up none
| of my time with maintenance. They do not. The only thing I've
| run that they like better so far is mattermost. I don't like
| the open core though. Matrix, xmpp and irc are backed by ldap
| which is impossible with mattermost.
| pkulak wrote:
| I remember I spent about 10 minutes looking into setting up
| my own Matrix server. Seemed like a good day of work, and
| then I would still need to figure out how to support media
| uploads and E2E.
|
| The real kicker is that having the data on my own server is
| certainly nice, but I just don't think it's less likely to be
| exposed while I'm holding it vs someone else. I remember when
| everyone had a self-hosted WordPress blog. Eventually you'd
| get tired of applying patches every 2 weeks and instantly get
| added to a bot farm. No thank you.
| profsnuggles wrote:
| To be fair installing synapse is fairly easy. Media uploads
| and e2e should "just work". When I recently changed the VPS
| I was running it on I set up synapse from scratch in about
| 15 minutes. Of course I have set up synapse many times.
| pkulak wrote:
| You're right. Just found these directions here and it
| seems far simpler than whatever I was looking at months
| ago:
|
| https://github.com/matrix-
| org/synapse/blob/master/INSTALL.md
| 2Gkashmiri wrote:
| I asked this in the other comment, what is your server specs
| and user base? Constant pain as in moderation or server
| breaking ?
| profsnuggles wrote:
| Well I was running it on a 2GB VPS, I have since November
| switched to a 4GB VPS, no issues since then but it's still
| early days. I haven't benchmarked either VPS, the 2GB I had
| a single dedicated CPU core, some 3.5+ghz xenon. I didn't
| check what my cpu allotment was on the new VPS, it was a
| $65 a year black friday thing. Moderation is not an issue,
| I only have 5 users other than myself.
|
| Here is the last time I complained about matrix.
| https://news.ycombinator.com/item?id=25100873
|
| I saw your comment and considered posting a facetious
| comment about how you would need 80TB of ram and at least
| twice as much disk space.... but that would add nothing to
| the discussion.
| kitkat_new wrote:
| I think you definitely should try PostgreSQL
| profsnuggles wrote:
| I am using postgresql now. That is not a silver bullet
| for anything though. I switched to postgresql early on
| (when I first started using matrix I think synapse only
| supported sqlite?) and I've had less disk space & memory
| trouble using sqlite than I have postgresql.
|
| Of course I was using sqlite when there weren't nearly as
| many users as there are today or when I had federation
| disabled.
| MattJ100 wrote:
| If your XMPP server is Prosody check out the new invitation
| feature to help people sign up:
| https://blog.prosody.im/great-invitations/
|
| If they're people who want a web client you can look at
| mod_conversejs: https://modules.prosody.im/mod_conversejs -
| but it is not as comprehensive a web client as Element, in my
| opinion.
| johnchristopher wrote:
| People are migrating en masse from WhatsApp to Signal and
| Telegram. I am pretty sure it's ruffling some feathers
| considering the vocal people defending and promoting Matrix and
| federation in every Signal thread and considering this informal
| poll: https://news.ycombinator.com/item?id=25669864
|
| Telegram 806 points
|
| Zom 3 points
|
| Viber 15 points
|
| Threema 69 points
|
| Signal 1699 points
|
| Discord 102 points
|
| Matrix (added after 25 mins) 374 points
|
| Last I read speculations were that Signal had something like 10
| millions users/downloads and Matrix 25 millions users (take
| that with a boulder of salt).
| generalizations wrote:
| Far as I can tell, matrix needs to focus harder on the user
| experience. It was a pain to get set up on.
| kubanczyk wrote:
| I've installed Element on Android last week and created a
| fresh matrix.org account. No tech skills required so far.
| SAI_Peregrinus wrote:
| I just tried it (new account) to see.
|
| Downloaded client on Windows. Fine. Installed fine.
|
| Hit the button to make an account, everything went fine.
| It sent a verification email. I clicked the link. It said
| "something" was wrong with my setup. I JUST installed it,
| with the default options.
|
| On a hunch, I went back to the client, and was able to
| log in. The failure message was entirely spurious. If I
| hadn't been tech savvy I likely would have been scared
| off and not bothered, assuming it was just broken.
| johnchristopher wrote:
| Cool. Now get 5 friends of yours to join you in a crypted
| room with each using a phone and then a browser, wait two
| days, get back to it and manage all the insecure session
| notices.
|
| Beware, they removed the warning from the android client
| though. It confused people.
| kitkat_new wrote:
| are you talking about the gray shield?
| johnchristopher wrote:
| I am talking about the insecure session red warnings in
| the room details and the notices aside messages of
| untrusted/unverified/forgotten session.
| kitkat_new wrote:
| was? Find it pretty easy nowadays (well - you need to
| create an account)
| skinkestek wrote:
| Facebook has announced they now have courage to overstep the
| agreement with EU even more.
|
| People start getting tired and look for alternatives.
| gingerlime wrote:
| Did they? I was reading conflicting info. Some were saying
| that the EU was "excluded" from the change... (not sure how
| the distinction is made precisely)
| yorwba wrote:
| Both EU users and non-EU users are required to accept new
| terms of service or lose access in a month, but the EU
| terms don't have most of the data-sharing bits that would
| be likely to violate the GDPR.
| stonesweep wrote:
| Browsing f-droid recently, I found 2 other clients (second one
| based on Element codebase) also being actively developed:
|
| https://syphon.org/
|
| https://schildi.chat/
| kitkat_new wrote:
| Didn't know about Syphon! The design looks good. Hope it exits
| alpha soon!
| Iv wrote:
| There are a lot of different clients, in various stage of
| development: https://matrix.org/clients/
|
| Element is kind of the official full feature, basic client
| implementation but there are lighter clients with different
| flavors out there.
| stonesweep wrote:
| Syphon and Schildi are not mentioned/linked in the above
| marketing page, the purpose of my sharing was to raise
| awareness to their existence.
| xorcist wrote:
| There's also
|
| https://fluffychat.im/
| jhowell wrote:
| It was probably a good idea to rebrand from Riot to Element after
| this week's deadly violence at the US Capitol. It's difficult for
| me to imagine endeavoring to protect tribal, potential violent
| rhetoric given recent historical events. It seems short-sighted
| to sell a water poisoning solution to people who don't mind
| destroying themselves to attack their perceived opponents.
| st1x7 wrote:
| > It was probably a good idea to rebrand from Riot to Element
| after this week's deadly violence at the US Capitol.
|
| They rebranded in July 2020 - https://element.io/blog/welcome-
| to-element/
| oehtXRwMkIs wrote:
| It's ambiguous, but they might not have been implying it
| occurred after the Capitol event but rather that the idea
| itself has proven to be a good one especially after such
| events.
| swebs wrote:
| They rebranded it back in July, after the deadly violence by
| BLM.
___________________________________________________________________
(page generated 2021-01-10 23:01 UTC)