Revolt (matrix)
Revolt is a Trisquel package described as follows:
Description: better desktop integration for Riot.im
Revolt is a small application which wraps the Riot.im webapp to provide better
integration with desktop environments in general, and GNOME in particular:
.
* Having Riot as a "standalone" application with its own window, launcher,
icon, etc. instead of it living in a browser tab.
* Persistent notifications (for desktop environments supporting them, i.e.
GNOME). Notifications are automatically prevented when the Revolt window
is focused.
* Status icon for desktop environment which have a tray bar applet (XFCE,
Budgie, likely many others).
I tried using revolt with the matrix server available within https://freedombox.org, it seems to work well and unlike the XMPP server within the same project, file transfer is supported.
I have read the nice explanations at https://trisquel.info/en/forum/matrix-client#comment-155204 about Element mobile and desktop clients including Electron that is non-free. Is revolt effectively making the same as Electron for the Element desktop client, while avoiding the dependency on non-free software, and not running any proprietary JS from matrix.org if one is not using matrix.org as the server?
Besides, I am wondering about mobile clients. https://matrix.org/clients lists a number of clients as having a free software license but the Element desktop and mobile clients are listed while saying nothing about the problematic dependency on Electron. Were other mobile clients checked from software freedom perspective? For instance, SchildiChat, Syphon or Nio?
I reply to myself to report my findings on Revolt plus some other related things.
Revolt seems to access element web, so it is not the same situation like Electron (see [1]) and hopefully free software. I used Revolt, it works for chat and file transfer but not for voice or video calls. On my D8, it now has a blank window and I did not manage to solve that so far.
I tried other free (at least listed so on the free software directory) matrix clients: Quaternion and Nheko from Guix and Fractal as Flatpak. Only Nheko supports end-to-end encryption, it works fine to send and receive ciphered text messages but it crashes as soon as I press the button to attach a file. With Fractal and Quaternion, the other user was using Element on mobile (includes Electron, see [1]) and failed to send messages unciphered, then Quaternion reports "unknown event" and Fractal absolutely nothing. It was mentioned (see [1]) that Pidgin could use Matrix but I failed to find the related extension.
The only reason I persist with matrix rather than XMPP is that, with the Freedombox (that provides easy self hosting of matrix and XMPP servers), I can send files with matrix but not with XMPP as the related extension is supported by the ejabberd version installed but not activated by the configuration interface (but this is being considered, see [2]).
Until I have a solution with the Freedombox for hosting the server, I am using XMPP hosted by conversation.im. As XMPP clients on Trisquel, I tried Gajim and Dino (Guix versions), Dino looks good and simpler but it is currently impossible to configure sounds for incoming messages on Debian derivatives (I got it confirmed on the support chat group) and does not show a number of information that are visible with Gajim (like people join/leave a group or battery notifications sent via XMPP by MAXS running on a mobile phone). So I am using Gajim now.
Reference:
[1] https://trisquel.info/fr/forum/matrix-client#comment-155204
[2] https://salsa.debian.org/freedombox-team/freedombox/-/issues/703
There are many ways to securely send files, if this is the only reason you are using matrix. As just one example, Filezilla can do the job just fine through sftp/ftps and you can still encrypt the file and sign it with a signing key if you want more security.
I am looking for a replacement of Whatsapp that can be easily be adopted by my family members and their closest friends used to Whatsapp, for individual and small group chat with pictures or videos shared in the chat (nobody uses the voice or video call, so I don't care too much about that). I need the same to replace Wechat with my Chinese friends, at least those living outside of China, for the ones in China it might be more tricky as some services are blocked.
I don't want to use Signal because it is very difficult to make people move to another app and Signal may go the same way like Whatsapp and if I have to convince people to move again, their willingness to follow my suggestions will be even lower. I tried Jami but it does not have group chat (and it had a lot of connection problems but they seem to have improved recently).
Things would be nice with XMPP if I could host the server with the option to share pictures/videos. I don't even really need ciphering to avoid mass surveillance because everything will only go through my server.
> I don't even really need ciphering to avoid mass surveillance because everything will only go through my server.
That's correct. If you trust your ISP, that is. As well as the ISPs of all the other people connecting through your server. Also, arguably, the software vendors whose code populates the terminals of the said users. In fact, some strong encryption sounds more reasonable.
> "If you trust your ISP, that is. As well as the ISPs of all the other people connecting through your server. Also, arguably, the software vendors whose code populates the terminals of the said users."
And all the international spy organizations who have backdoors into all the ISPs.
The commnications between the server and the client should be ciphered but isn't the only additional benefit of end-to-end encryption to protect against malware on my server? Sure, that is some benefit but my server runs only free software (including free bootloader) and I don't install anything besides ejabberd/synapse and I stick to recommended configurations.
About "the software vendors whose code populates the terminals of the said users", I agree it is essential and I should explain that to the users but end to end encryption cannot protect against malicious code that spies directly in the terminal on which people type and read unciphered data.
For communication only between users using my server, using Quaternion which is free software and does not support end to end encryption (but of course supports encryption to the server) seems better to me, even from privacy perspective, than using Element that supports encryption but includes Chromium which is known to leak information to Google.
I did not specifically mention E2E encryption, but since you now have, I think it is not a bad idea to use two encryption layers. You never know how strong each of them really is, and you definitively give more work to any potential snooper.
XMPP is imho the way to go, because it is decentralized, so it is worth pondering over its security model. I think it would be great if you could get all these people to move to your XMPP server.
I would generally rather stay away from Matrix as it stands, it is far too centralized for an allegedly federated network. You seem to have found an alternative server, though.
> I would generally rather stay away from Matrix as it stands, it is far too centralized for an allegedly federated network.
Do you mean that in practice most people use the same server or that even when people use a different server, some functions are going to matrix.org anyway?
The main reason why Matrix is not my preference is because I could not find any fully functional and stable client besides Element, and the supposedly most stable and functional alternative candidates have dependencies on things not available in Trisquel or Guix repositories and are so big that they are hard to review. The fact that Matrix specifications are constantly evolving might play a significant role in that problem.
> You seem to have found an alternative server, though.
I am not sure what you mean. I am running https://www.freedombox.org on a machine at home and on there you can start a matrix server, this is what I am using. The XMPP server works fine too but so far is not configurable to support file upload. So if I tell people to move to my XMPP server now, it won't work. I will see how I can contribute to having that function added.
Yes, I think it is good to be able to use another server instead of the default matrix.org instance. Running your own instance, which seems to be the whole idea of freedombox, is even better.
> The fact that Matrix specifications are constantly evolving
I guess this is also the reason why instances have such a hard time keeping up. The Disroot example is very telling.
> Do you mean that in practice most people use the same server or that even when people use a different server, some functions are going to matrix.org anyway?
I think both are somehow true, or at least used to be, but the main problem is the former. Of course, how important the problem is also depends on user case, and in your case these problems can most probably be mitigated.
The main reason why I would usually favor XMPP is because it is an established universal standard, while Matrix is still too dependent on the Matrix people. There is not one person or small group of people who can decide to change any RFC in a way that could break your XMPP instance. As you mentioned, the Matrix people often do precisely that, whatever laudable intentions they may have.
Is it not possible for you to choose what Jabber/XMPP server to install on your freedombox? IIRC, the community version of ejabberd was indeed missing some nice features, but maybe you could find and configure a different XMPP server. I only ever used ejabberd, for text messaging.
> Is it not possible for you to choose what Jabber/XMPP server to install on your freedombox?
This is basically Debian plus a web interface (called plinth) to configure services that you want to run.
If you want, you can ssh to it and install and edit configuration files (this is ejabberd for XMPP) but the whole point of this project is to make the configuration and maintenance work so small that a lot more people can run their own server. Not doing anything besides what plinth offers saved me a lot of time which I used to discover other useful free software.
Sure. Freedombox is making decentralizing much more accessible.
I thought your needs could be met by XMPP, which would save you the numerous problems of Matrix. Ejabberd has a module called 'mod_proxy65' for XEP-0065 that you might want to activate and configure to support file transfer.
A short introduction to file transfer in XMPP - I would recommend the "Classic" approach:
https://sco0ter.bitbucket.io/babbler/xep/filetransfer.html.
> Do you mean that in practice most people use the same server or that even when people use a different server, some functions are going to matrix.org anyway?
You might want to pay a visit to some of these links:
https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0
https://www.hackea.org/notas/matrix.html
https://trisquel.info/en/forum/matrix-client#comment-154940
Thanks. The comments in the previous discussion thread in Trisquel's forum were that some issues already had been adressed, this previousy made me disregard the link, so your message make me give a look again and see there may be some updates.
Apparently, the reference for the first link you gave should now be https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org. I will read it fully later, I think it takes time to really understand and I will try.
What would be interesting is a comparison with XMPP as a protocol and common XMPP clients on desktop and mobile, as well as Jami. I suspect some issues may exactly be the same.
Besides, I could not find any guide on how to use XMPP clients and E2EE properly. For PGP with emails, there is a lot to know so I would be surprised if similar care is not needed for XMPP.
> how to use XMPP clients and E2EE properly
Gajim has an official OMEMO plugin, as mentioned there: https://gajim.org (see "End-to-End Encryption"). Dino too is listed as an OMEMO capable client: https://omemo.top.
So you should be safe :)
What I am looking for is how to use OMEMO and XMPP clients properly to ensure privacy, the good way and the pitfalls.
For instance, by default, Conversations and Gajim use "Blind Trust before Verification" as described in https://gultsch.de/trust.html, and it says that, if you don't verify manually once each of your contact, anyone can pretend to be that contact and your client will always trust it is and show you a nice shield that seems to say everything is ok.
Then, if you trusted someone blindly first and then verified one client, what about the other blindly trusted ones? Is it needed and sufficient to untrust them?
Is there a way to automatically tell others not to trust one of your client that was stolen or hijacked?
> if you don't verify manually once each of your contact
Why would you not? OMEMO has made E2EE as simple as verifying contacts, why would you want to skip that? If your usage case is, as you described, keeping in touch with a handful of people, you can easily make sure they all handle OMEMO properly.
> Is there a way to automatically tell others not to trust one of your client that was stolen or hijacked?
Possibly. Depending on your threat model, though, calling them in person, by phone or by email might be more efficient. What if the hijacker has already told the others that your non hijacked clients have been compromised?
> Why would you not?
Because the XMPP clients do not suggest doing so, neither during use nor in the user guide, and show a comforting shield with each message, and no one told me to do it.
> What if the hijacker has already told the others that your non hijacked clients have been compromised?
For family and close friends, I would give a phone call indeed. That sounds safer to me than email. I already told people in my family not to trust emails. But if I would have a lot of contacts using XMPP (in 10 years maybe, but let's plan ahead), perhaps a phone call to each of them is not that practical. With PGP, you generate a revocation certificate that you store safely and can upload to a key server if needed. I don't know whether there is something similar with OMEMO.
I guess what I am looking for is how OMEMO works.
> Depending on your threat model
I am just trying to make it more difficult for anyone to spy on my communications. In any case, I am keeping a number of discussions purely face to face and with the battery removed from my mobile phone (I would prefer to remove the integrated microphone permanently, that would be safer and more convenient).