This was once common, but it’s somewhat rare now in my experience, and the upcoming Matrix 2.0 apparently addresses most (all?) of the remaining causes.

I still see it - usual case is when someone has two clients. One of them will have issues with this.

I consider this a good thing, for the sake of the people who joined or wrote in the chat with the understanding that what they write is and will remain encrypted. If you want to abandon encryption, you can always create a new room.

Disabling encryption in the room did not have to mean decrypt past history. Yes you can create a new room. But for big groups who wants to risk it. The room admins I know steer clear of encrypted group chats because of the previous issue.

No, there is one officially released client for android: Element. Element X is in beta. When it leaves beta, it will take over as the one officially released client.

One would never guess based on the release announcement

This is just plain false.

https://spec.matrix.org/latest/client-server-api/#sending-encrypted-attachments

The docs say it clearly “If encryption is enabled”. Otherwise attachments are just a link, nothing special there.

Yes and No

I consider matrix to be somewhat equivalent to XMPP or public mailing lists. It is potentially decentralized (even though everyone uses matrix.org) and it can host group chats. And for those purposes it is ok-ish, but for privacy it is no good.

My pet peeve with matrix is that I consider most features to be half baked. And instead of fixing them we just keep pilling up more. Here is a list in no particular order

• encryption regularly breaks in weird ways, usually you see a message that you can’t read
• if you enable encryption in a chat room you cannot disable it
• we now have two official clients for Android (Element and Element X) in the first one encryption breaks in weird ways, in the later there is no way to use Spaces properly
• direct messages between people don’t work well - it is like they are a room with the two people
• privacy wise matrix is weak, leaks metadata, attachments are not encrypted, etc. Do not use if you expect privacy/anonymity. Also I think most groups run without encryption because of the other issues.
• verifying sessions between clients is painful e.g. the client annoys me to verify but then verification does not trigger on the second client

Because of this mess your quality of experience will vary depending on the client and features you use. The web clients are usable.

I don’t really use the video/audio calls so I have no comments on that front.

Just pilling on some concrete examples, awesome-gemini is definitely the best place to start looking. There are both converters for the gemtext format and gateways for the protocols.

For format conversion tools, awesome-gemini already lists a handful of tools.

From the gemini side there are some gateways for specific websites operated by various people

• BBC news gemini://freeshell.de/news/bbc.gmi
• The Guardian gemini://guardian.shit.cx/world/
• Lots of others gemini://gemi.dev/cgi-bin/waffle.cgi

These work pretty well for me. I think there were public gateways to open http pages from gemini, but I can’t recall one from the top of my head.

Some of the gemini browsers support gemini proxies to access http(s) content. You can run it in your own machine. Duckling is the only one I’m familiar (but see the awesome list for more)

• https://github.com/LukeEmmet/duckling-proxy

Conversely, to access gemini pages from a web browser portal.mozz.us hosts a gateway (just place whatever gemini link you want in the box).

One big privacy caveat of using gemini proxies for this is that while this may improve your privacy with regards to javascript/cookies it will reduced it because it makes your behaviour more identifiable from the point of view of the websites you visit (i.e. your proxy is clearly not a browser making it unusual).

There are gemini to http gateways so the content is probably already crawled anyway.

So lets be clear - there is no way to prevent others from crawling your website if they really want to (AI or non AI).

Sure you can put up a robots.txt or reject certain user agents (if you self host) to try and screen the most common crawlers. But as far as your hosting is concerned the crawler for AI is not too different from e.g. the crawler from google that takes piece of content to show on results. You can put a captcha or equivalent to screen non-humans, but this does not work that well and might also prevent search engines from finding your site (which i don’t know if you want?).

I don’t have a solution for the AI problem, as for the “greed” problem, I think most of us poor folks do one of the following:

• github pages (if you don’t like github then codeberg or one of the other software forges that host pages)
• self host your own http server if its not too much of an hassle
• (make backups, yes always backups)

Now for the AI problem, there are no good solutions, but there are funny ones:

• write stories that seem plausible but hold high jinx in there - if there ever was a good reason for being creative it is “I hope AI crawls my story and the night time news reports that the army is now using trained squirrels as paratroopers”
• double speak - if it works for fictional fascist states it works for AI too - replace all uses of word/expression with another, your readers might be slightly confused but such is life
• turn off your web site at certain times of the day, just show a message showing that it only works outside of US work hours or something

I should point out that none of this will make you famous or raise your SEO rank in search results.

PS: can you share your site, now i’m curious about the stories

Here is my take as someone who absolutely loves the work simplex did on the SMP protocol, but still does not use SimpleX Chat.

First the trivial stuff:

1. no one else seems to use it
2. UX is not great because of initial exchange

These two are not that unexpected. Any other chat app with E2E security has tricky UX, and SimpleX takes the hard road by not trading off security/privacy for UX. I think this is a plus, but yes it annoys people.

Now for the reasons that really keep me away:

1. the desktop app is way behind the mobile app - and I would really prefer to use a desktop CLI app
2. haskell puts me off a bit - the language is fine I just don’t know how to read it - for more practical issues it did not support older (arm6/7) devices which kept lots of people in older devices away
3. AFAIK no alternative implementations of either the client or the SMP server exist - which is a petty I think the protocol would shine in other contexts (like push notifications)
4. I was going to say that there are not many 3rd party user groups - but I just found out about the directory service (shame on me, maybe? can’t seem to find groups though)
5. protocol features/stabilization is a moving target and most of the fancy new features don’t really interest me (i don’t care much about audio/video)
6. stabilization of code/dependencies would help package the server/client in more linux distros, which I think would help adoption among the tech folk

Finally a couple of points on some of the other comments:

• multi device support - no protocol out there can do multi device properly (not signal, none really) so i’m ok with biting the bullet on this
• VC funding is a drag - but I am still thankful that they clearly specified the chat protocol separate from the message relay, which means that even if the chat app dies, SMP could still be used for other stuff.

First of all, you can assume the server can infer this in a number of ways - there is actually no way to fully block it, but we can try.

The main issue for privacy is that it makes your browser behave in ways that are a bit too specific (i.e. less private by comparison with the rest of the browsers in the known universe).

As for techniques the site can use

• javascript can test the geometry of something that was rendered to draw conclusions - was this font actually used? test several options and check for variations
• measure font work between network events i.e. generate a site that makes the browser use unique links for 1) fetches a font 2) renders text and 3) only then another fetch - measure the time between 1) and 3) and draw conclusions. Repeat for test cases and draw conclusions - e.g. is the browser really fast using monospace vs custom huge font? not a great method, but not completely worthless
• some techniques can actually do some of this without Javascript, provided you can generate some weird CSS/HTML that conditionally triggers a fetch

By the away not downloading the fonts also makes you “less private”. Some of this is a stretch but not impossible.

Now for a more practical problem. Lots of sites use custom fonts for icons. Which means some sites will be very hard to use, because they only display buttons with an icon (actually a letter with a custom font).

FWIW these two lines are in my Firefox profile to disable downloads and skip document provided fonts:

user_pref("gfx.downloadable_fonts.enabled", false);
user_pref("browser.display.use_document_fonts", 0);

If someone has better/different settings please share.

Finally the Tor browser folks did good work on privacy protections over FF. Maybe their issue tracker is a good source of inspiration https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18097

I’ve tried a few times in the past 2 weeks. Using a good email account and also with github, no luck though. Maybe its doing some “smart” heuristics to trigger it.

I just retried now, using that temp mail (but no vpn) and got the exact same phone verification. Maybe my IP address is evil :D