Crosspost: https://feddit.de/post/8502102

Element for Android doesn’t support searching in encrypted channels and I think you can’t use E2EE in the browser at all(?), plus basically every other client has even more drawbacks when it comes to E2EE.

My team recently tried RocketChat, but E2EE is obviously an afterthought for that project as it has even more limitations than non-Element Matrix clients (no searching, no pinning, no file upload, no edit, etc.). Plus Jitsi integration seems to be buggy right now (at least on my Windows installation).

What else is out there that’s not on my radar? Is Matrix with Element really the best option right now? Is there no project that puts E2EE above all else?

Edit: Should be self-hostable and (FL)OSS.

  • ono@lemmy.ca
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    1
    ·
    11 months ago

    Correcting some misconceptions…

    Element for Android doesn’t support searching in encrypted channels

    That’s true of regular Element for Android, but it’s being replaced with Element X (which is built with Rust). I would expect search to be added there if it isn’t already.

    and I think you can’t use E2EE in the browser at all(?)

    I have done it in Firefox, so that’s false. Perhaps you had trouble with a specific browser?

    plus basically every other client has even more drawbacks when it comes to E2EE.

    Nheko handles E2EE just fine, so that would seem to be false as well.

    Since you’re looking for recommendations, it would help if you said which clients you tried and what problems you had with them.

    In case you haven’t seen it, you can set a Features: E2EE filter on this list:
    https://matrix.org/ecosystem/clients/

    • haui@lemmy.giftedmc.com
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Thanks for the great explanation. You said it a lot better than I could.

      Imo, matrix is worth using if the bugs dont make it impossible (which they dont for me).

      For peeps that absolutely need the perfect finish (which sounds like mixed priorities but maybe its just me) one could use signal.

      Peeps who need polished stuff and great privacy should probably pay for it.

    • Lemmchen@feddit.deOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      11 months ago

      I would expect search to be added

      That’s what I expected fo regular Element for Android as well, but it never came into existence.

      Element X

      I fail to find a feature comparison between the two. Does it have feature parity with Element yet? If not, what’s missing?

      Firefox

      Firefox is my main browser and has been for the last 15 years or so. It definitely was Firefox, but maybe I’m confusing it with a different issue. There definitely was some feature in Element Web that didn’t work and told me to use Desktop instead, unless I’m imagining things now.

      Nheko

      Interesting, I’ll take a look.
      EDIT: Nheko is NOT a mobile client. I’ve misinterpreted your statement.

      https://matrix.org/ecosystem/clients/

      That unfortunately doesn’t specify the extend of the E2EE support (like search), but I appreciate your effort.

      • ono@lemmy.ca
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        11 months ago

        Does it have feature parity with Element yet?

        Not yet. It’s in beta.

        https://element.io/labs/element-x

        EDIT: Nheko is NOT a mobile client.

        If you specifically meant mobile, you could have said so. Your statement was, “every other client has even more drawbacks when it comes to E2EE.” Nheko disproves that statement. It also suggests that some alternative mobile clients might handle E2EE at least as well as it does. You might want to try them.

        By the way, text search with end-to-end encryption happens to be tricky to implement, and Matrix projects aren’t funded by corporations with deep pockets. Tempering your expectations regarding development speed is probably worthwhile here.

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        Element X works really well but Servers need to additionally run the sliding sync program. They still run normal synapse, but the sliding sync needs to be added. I could not find a list of Servers that have that installed.

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        There definitely was some feature in Element Web that didn’t work and told me to use Desktop instead, unless I’m imagining things now.

        It’s search.

        Even in Element, last time I checked, search was incredibly half-baked and mostly useless.

        I know you don’t want to use Signal, but it actually has searches that function.

        • ono@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          Back when encrypted search was being developed for the Electron app, I think someone had it working in a standalone browser as well. Perhaps that was with the help of a browser add-on; I don’t remember for sure. I suspect github.com/t3chguy would know, as he seems to be active in discussions of that feature. It might be worth asking him about it.

        • Pantherina@feddit.de
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          11 months ago

          You cannot compare Signal to Element at all.

          Like, at all.

          Signal has no search for Groups, there are no public groups or channels. Signal has a monopole server that is supposed to be OpenSource but nobody can run their own one.

          • LWD@lemm.ee
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            11 months ago

            Strange reply.

            • Read the post, the use case doesn’t require public groups.
            • Read the messages above, I was talking specifically about search
            • Does this mean that Telegram (the messaging app) is closer to Element (the Discord-like app) than Signal (the messaging app), because it has channels?

            Etc

            • Pantherina@feddit.de
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              11 months ago

              Yes, search on Signal is fundamentally less complex than on Element because there are no Groups or Servers to search.

              You are talking about searching in local messages I guess, which is unrelated and should work everywhere.

              Telegram, Signal and Element are 3 different products. Signal is very restricted but encrypted. Telegram is way less restricted, the desktop client is somewhat standalone but has no encryption which is bad. Element is way more complex and allows encrypted and unencrypted.

              • LWD@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                11 months ago

                More weird assertions.

                Signal has groups.

                And I asked, is “Telegram (the messaging app) is closer to Element (the Discord-like app) than Signal (the messaging app), because it has channels?”

  • cum@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    11 months ago

    Matrix, Signal, Session. If there was anything as mature an feature complete that you’re looking for, you’d probably already have heard of it

  • Lemmchen@feddit.deOP
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    11 months ago

    Things I will take a look at:

    Things I will not take a look at:

    Feel free to add more suggestions.

    • ono@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      11 months ago

      Keybase was popular with some Hacker News users for a while, but now that it’s owned by Zoom, anyone concerned about privacy ought to think twice before using it.

      XMPP might be worth considering if you’re hosting for yourself and all your contacts. I suggest avoiding it for public use, mainly because features are piecemeal and coordinating them across everyone’s clients and servers is a bit complicated. (Also, I don’t know if there’s a good XEP for encrypted search.)

      • Lemmchen@feddit.deOP
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Yeah, it’s sad to see it in Zoom’s hands, but it is still open source and receiving updates.

    • Lemmchen@feddit.deOP
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      edit-2
      11 months ago

      I’ve used Session for quite a while. It is not something I would use in a professional environment where reliability is required.

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        11 months ago

        Yeah its overkill.

        Also important things in my opinion:

        • spaces
        • admin rights management, roles
        • group invite links
        • device management (logging out a lost phone etc.)

        I think a slimmed down Element with a selfhosted matrix server and no federation is the best for companies

  • uzi@lemmy.ca
    link
    fedilink
    arrow-up
    6
    arrow-down
    2
    ·
    11 months ago

    Does XMPP with OMEMO give you what you are looking for, or am I misunderstanding?

    • poVoq@slrpnk.net
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      In regards to e2ee probably, but they seem to have very specific feature requirements for a team-chat, which current XMPP clients do not fulfil.

      However I do wonder about the fixation on e2ee. In a self-hosted scenario with TLS encryption (and local users only) there is no real need for e2ee.

      • Lemmchen@feddit.deOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        The server is not hosted on premise and the team will exchange communication that requires to remain private. That’s why I really need E2EE for everything (and why RocketChat is not an option as E2EE is not fully implemented).

        • poVoq@slrpnk.net
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          Why not move the server on premise? e2ee is a very imperfect protection against metadata leaks and running the servers on premise has loads of other advantages.

          • Lemmchen@feddit.deOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            11 months ago

            There isn’t really a premise per se as we are a decentralized team, but the details don’t really matter.

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        Its crazy how Tech Giants burst out chat apps like nothing.

        Having a good client based on Conversations with some stuff added would cost nothing.

    • Lemmchen@feddit.deOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      First of all Jitsi isn’t part of the rocketchat-server package, so you need to set it up yourself or use a hoster, which both require separate accounts from the RocketChat ones.

      The specific issue I had on Windows was that RocketChat wasn’t registered to handle jitsi-meet:// links, it would just open a blank “open with” Windows dialog everytime. In general the “integration” seems lacking, the whole UX is really bad compared to Matrix/Element where voice calls just work.

      • Phen@lemmy.eco.br
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        But where did those `` jitsi-meet://` links come from?

        The calls generated inside rocket.chat are supposed to be handled by the rocket.chat app, everything else it doesn’t get involved with.

        (I wrote this integration so I’m legitimately interested in how it could be better)

        • Lemmchen@feddit.deOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          I wrote this integration

          Oh, nice! I can make a video later on how it looks on my machine. I even tried fiddling with the registry to force them to be opened with RocketChat, but that didn’t work either.

        • Lemmchen@feddit.deOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          11 months ago

          I’ve made some screenshots instead of a video. I hope you still get what the issue is.

          At the end there is no usuable call from the RocketChat client. But I can copy the meet.jit.si URL and open it in a browser.

          Originally I had an error message telling me that Windows doesn’t know what to do with jitsi-meet:// links, but that doesn’t show up anymore for some reason. Maybe because of me messing with the registry to solve the issue, but I’ve actually removed the registry key I had created before.

          • Phen@lemmy.eco.br
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            11 months ago

            Ah I had that popup confused with one of our own; Now that I checked the text on google translate I figured out what’s happening.

            The meet.jit.si domain is a public jitsi instance that is kept by jitsi themselves. They recently implemented this login requirement on that domain (one user in every meeting must authenticate); They probably assumed that those meetings would always be in a browser and our desktop app is not handling that authentication flow properly. I’ll register a task for someone from our app’s team to take a look.

            If you host your own jitsi instance, this login requirement won’t be there and you won’t have this specific issue (though I assume you probably won’t stay with Rocket.Chat anyway due to the E2EE requirement).

    • toastal@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Jitsi runs XMPP under the hood so why not just use that as your chat server instead of running two separate servers?

    • Lemmchen@feddit.deOP
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      3
      ·
      edit-2
      11 months ago

      Not really what I am looking for. Neither is it self-hostable, nor do you have access to independent clients. Plus the requirement for phone numbers makes it undesirable.
      Also, I’m not really looking for a simple messenger and more for something that is useful in organizing a team.

      • solrize@lemmy.world
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        11 months ago

        Are you saying you want encrypted text chat? Or do you want voice or video too?

        I wouldn’t obsess too much about e2ee once there are that many client os’s and apps involved, if the server is self hosted. There will be plenty of other points of vulnerability regardless, including careless humans at the endpoints. It’s not really possible to achieve security by just choosing the right software. Real opsec is much more complicated.

        • Lemmchen@feddit.deOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          11 months ago

          Voice is a requirement as well.
          EDIT: But I could get by by hosting Jitsi for that.

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        Molly or Signal-FOSS on Android, flare on Linux.

        Flare is incomplete and the others are softforks though. Molly not so much, they support multiple phones / tablet. The Desktop client is bad.

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        Molly or Signal-FOSS on Android, flare on Linux.

        Flare is incomplete and the others are softforks though.

        Signal sucks.

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        What do you mean by “independent clients” - multi device login?

        There’s Wire, but it still resembles Signal more than Slack. But apparently they’ve put some work into making it self-hostable.

        https://docs.wire.com/versions/install-with-poetry/index.html

        Matrix is still probably the closest thing to Slack, Discord etc that actually has functioning E2EE, but also includes cloud synchronization when people can remember their keys.

        • Lemmchen@feddit.deOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          11 months ago

          What do you mean by “independent clients” - multi device login?

          Yeah. Right now you have to have Signal running and connected on a phone. If the phone is off or not connected to the internet, you can’t use the Desktop client.

          • LWD@lemm.ee
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            11 months ago

            Signal on the desktop does work even if the phone client is off, FWIW. This might have been true at one point, or at least for other apps, but it’s no longer the case.

            ETA: you can even use the desktop app without a smart phone, although the setup not for the faint of heart… Just illustrative of how you shouldn’t need a smartphone (at least, not one that’s even turned on more than once a week) for Signal to work on the desktop.

            • EngineerGaming@feddit.nl
              link
              fedilink
              arrow-up
              2
              ·
              11 months ago

              For some reason, adding a desktop client didn’t work for me, so I am stuck with Signal-cli. Good thing I don’t have to use Signal that much. Anyway, I think not having an option to register right in the desktop client is absolutely unacceptable.

              • LWD@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                11 months ago

                Sounds like you might want to look into why the desktop client isn’t working, especially if you aren’t trying some strange, unconventional setup for getting it that way.

          • Pantherina@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            Signal Desktop is restricted but you can install Signal in an emulator, somehow scan that QR code and deactivate the app from the emulator