top | item 46995500

(no title)

For everyone not reading the post:

> Practically speaking, that means that people and organisations running a Matrix server with open registration must verify the ages of users in countries which require it. Last summer we announced a series of changes to the terms and conditions of the Matrix.org homeserver instance, to ensure UK-based users are handled in alignment with the UK’s Online Safety Act (OSA).

At least you can self-host matrix and messages are end to end encrypted, unlike IRC.

discuss

drnick1|17 days ago

> Practically speaking, that means that people and organisations running a Matrix server with open registration must verify the ages of users in countries which require it.

Practically speaking, I would just ignore this requirement. The UK government has no jurisdiction on this side of the pond.

digiown|17 days ago

Oops your plane had some issue on its way to a different European country and now has to make an emergency landing at Heathrow.

https://en.wikipedia.org/wiki/Ryanair_Flight_4978

ThrowawayTestr|17 days ago

That's fine if you never intend to visit the UK

phyzome|17 days ago

You can try to self-host. Neither Synapse nor Dendrite is in a good state for running a server. I tried Dendrite for a while and it was always playing catchup to Synapse, despite being the supposed successor, and is now not even under development? I can't even tell what's going on over there.

Anyway, my main experience of Matrix is "failed to decrypt message". It's... not great. I wish it were better.

iknowstuff|17 days ago

You did it wrong. The correct approach is to flip a coin and let it decide between tuwunel and continuwuity, then self hold that until it dies along with its database format

tcfhgj|17 days ago

> It's... not great. I wish it were better.

Unable to decrypt has improved quite a bit fwiw

Bender|17 days ago

unlike IRC

There are a few IRC clients that support OTR. irssi-otr is one [1] weechat-otr is another [2]. Pidgin though I have not used it in a very long time. Hexchat using an always work in progress plugin. There may be others.

OTR could use some updates to include modern ciphers similar to the recent work of OpenSSH but probably good enough for most people.

E2EE aside having chat split up into gazillions of self hosted instances makes it much harder for chat to be hoovered up all in one place. It takes more effort to target each person and that becomes a government scalability issue. Example effort: [3]

[1] - https://github.com/cryptodotis/irssi-otr

[2] - https://github.com/mmb/weechat-otr

[3] - https://archive.ph/4wi5t

progval|17 days ago

Links 1 and 2 have not had updates in 10 and 8 years respectively, they probably don't even compile anymore. They implement OTRv3 which was published in about 2005 and uses 1536-bits primes. As far as I know, neither the protocol nor the implementations were audited (and especially not audited recently). This is not good encryption at all.

Additionally, OTRv3 does not allow multiple clients per account, which makes it unusable for anyone who wants to chat from two devices.

1vuio0pswjnm7|16 days ago

To what is [3] pointing

Why not provide the URL

Some people cannot access archive.today sites

These sites also serve CAPTCHAs. They block users who prefer not to use Javascript for non-interactive www use, e.g., reading documents

notepad0x90|17 days ago

Those are all opportunistic. being able to talk to anyone secure, even if they haven't setup a special client with special plugins is important.

kkfx|17 days ago

IMVHO these days chats serve two purposes:

- notes left there for work, family organization, etc basically things for which an email is "too much" but a small scrap of text seen by some serve the purpose well

- calls, whether audio-only or audio + video

For social use, I see Lemmy or Nostr/Habla more than Matrix. But for all of this, there's a major lack of a single app that is easy go install-able, pip install-able, or cargo build-able without a gazillion dependencies and a thousand setup problems, to the point that most people just choose Docker, using stuff made by others that they know almost nothing about because setting up and maintaining these solutions is just too complex.

wolvoleo|17 days ago

IRC is also most commonly used for open servers where anyone can join whenever they want to without as much as needing to register for an 'account'! You just pick a nickname out of thin air and off you go.

In that kind of environment, end to end encryption really doesn't add value.

cuillevel3|17 days ago

The IRC admins can read all your messages, be it to a channel or to another user.

Even without registering my nick, I would expect a modern protocol to keep my pm communication private by default.

vonunov|17 days ago

or what