I am searching for a selfhosted and secure (end to end encryption) chat platform for my family (5-20 users), possibly one i can host on a raspi.
Is matrix a good choice, or should i try something else?
You must log in or register to comment.
Any Reason Signal doesn’t do it?
Selfhosted isn’t always the Best option
I’ve been using matrix for years to this purpose, but moving to xmpp/prosody now
What clients will you use for xmpp/prosody?
Gajim on pc (I use arch btw - well endeavourOS because I can’t be bothered) and don’t remember what on android (there is the full list or clients and capabilities on xmpp.org)
How do you convince your family/friends to switch to a new app on their smartphone and use one just to talk with you/others in the crew?
Frienda no, but I do use whatsapp bridges so I can have all conversations in one place.
Family with extreme nagging, and because I’m the IT guy of the house so they kinda trust me/can’t be bothered to try and out-talk me.
WhatsApp bridge? How does it work?
The chat server (matrix and xmpp have different ones, but same functionality) that act like a whatsapp desktop client. Have you ever run whatsapp desktop client on your pc, where you have to pair it with your phone? Same thing, but you do it withing a special “bridge” (usually as a bot) in matrix or xmpp. So you get all the messages in one place. But it doesn’t work for calls, just for messages.
I’ve never heard about those bridges, thanks! I’ll have a look.
My dad suggested me this after i told him about the new upload filters the eu is thinking about. Here is a link to a german blog post about it: https://netzpolitik.org/2024/anlasslose-massenueberwachung-frankreich-wackelt-in-der-ablehnung-der-chatkontrolle/#dokument
Can I ask why you’re switching?
No.
Yeah ok. First of all, because I can 😁. I mean z what’s good being an IT nerd if I can’t change stuff when I want?
Jokes aside, I’ve been reading more recently on matrix and looks like there are some security issues in the design of the app/protocol. I’m on mobile now, I’ll look for sources when I’m on pc. Also I don’t like that it is a server centric system (so data is primarily on the server instead of the clients). Also it takes more resources than I was expecting. For less than 10 users I can’t have less than 4gb of ram (on a dedicated debian server, running docker) or it swaps so much it kills the system.
So basically I’m testing out if xmpp is a better system for those issues.
Edible paper, lemon juice, and hair dryers.
My threat model is not that big :)
I guess you’re not a furry then.
licks the edible paper, but it tastes like plant
meows
XMPP. It just works, requires very little resources, is stable and has decent clients.
I would go with Snikket instead of Prosody if I had been starting now.
Conversations on phones, Dino or Gajim on PCs, plus a conversejs install on the xmpp server, to allow web access when needed.
Conversations is easy for the family to figure out.
XMPP if you are loving the 90’s
IP was invented in the '70s. Sometimes older protocols that work are just fine.
Fine is a relative word
Any particular problems you’re having or have you briefly used Pidgin in 2008 and think nothing has improved since then?
What’s your problem with xmpp?
It is text only for the most part
E2E is complicated, if you self-host for a group, having TLS and encrypting data at rest (storage) may be enough. Get a threat model. That being said, I would recommend snikket.org which is a superset of extensions over XMPP which is the open source IM that was the base of almost every app out there. Matrix and Rocket are both alright too. Depends too on your resources, synapse requires too much RAM (or so I heard)
Yes, XMPP with proper TLS on the server side and Conversations or one of its forks (preferably fetched from F-Droid) using OMEMO encryption should be good enough. If you are brave or paranoid, give Tox a try: https://tox.chat/
Except tox’s graphical clients aren’t maintained anymore
Ah, docker-mailserver and delta.chat could also be great for your case!!
I just have my kids, wife, close friends and in-laws on SimpleX.
Sure, some of them use mainstream stuff as well, but if they want to reach me, that’s their only option.
Matrix is a pretty good choice for self-hosted. The reason I don’t do it is because I’ve become lazy lately.
Matrix has issues and can be a pain
deleted by creator
I know it’s not self hosted but why not Signal? Matrix is demanding on a SBC and your family would probably get the ‘unable to decrypt message, please re-verify keys’ error that happens in encrypted matrix group chats and Element does not have the best UI especially if you want your grandma to use it.
What’s your source on the reverify thing? I use matrix a lot, and this hasn’t been an issue I ever experienced anymore since they introduced cross-signing a couple years ago.
Same goes for the common clients such as element. It has been clunky in the past, but after the past major overhauls ( also years ago now) everything has been silky smooth for me, if not better than others. The one thing left I prefer from Signal is the one-time photo share.
Matrix is great, clients are great too, only the server part still is annoyingly complicated and messy. Would only recommend that for tinkerers, on that case it’s a great path to learning about the complexity of addressing lots of security concerns that others gloss over.
Edit: to add - there’s a reason why the French government and the German military decided to build their secure internal IM infrastructure on Matrix. Obviously they are hosting their own private network, but if the concept is good enough for European government and military, it is an indicator for quality especially in terms of security and privacy.
Still no suggestion that has wide cross platform and it’s just simple . Matrix has that all . So for now I choose matrix and clients
I recommend Matrix with the Conduit server. This server requires almost no resources and even runs on a Raspberry Pi.
Cinny works perfectly as a desktop client (in case you want to escape from the ubiquitous Element). And for mobile I would use Element for Android/iOS although FluffyChat also works very well.
This is nice to know. Cinny looks beautiful from a UX perspective, wish they made an app too. Not enough good UX in open source stuff.
Yes, without a doubt, for me it is the most balanced client, a pity that there is not for Android, but well, in mobile Element does not give problems either.
Conduit seems to have next to no docs on actually installing it for some reason.
They are very focused on development and therefore the documentation is a bit sparse (maybe).
The truth is that it is not very complicated to install. It is simply to download the binary (it is statically compiled so it has no dependencies) place it in
/usr/binand execute it (the best is to create a user in the machine with the home in/var/lib/conduitand then launch it with systemd).Another option is to simply launch it with docker.
In any case, if you have problems, comment it here and we will look to see what could be happening.
Also https://conduit.rs/
Dendrite iirc is essentially in maintenance mode. I run a small one but I don’t think it’s expected to get any new features until there is more funding.
For me you can try to host a SimpleX server and then connect to it (with SimpleX it is pretty as much secure to run its one server than use a public one).
Or maybe use XMPP but try to use a good encryption protocol. This option is great in term of power efficiency, XMPP would run great on a RasPI
Did you have trouble setting up XFTP one? SMP was fine but XFTP seemed to have some error in the systemd settings provided in the manual.
You could try Jami. It’s peer to peer, so essentially any participants are self-hosting it. Its E2E encrypted, supports group messaging, voice and video calling, has easily ‘linkable’ mobile and desktop apps for all platforms and requires no email address or phone number to use. It’s also the only messenger I’m aware of which is endorsed by the Free Software Foundation. I highly recommend it 👌
matrix should cover everything you need with the added bonus that you can chat with people from other instances
I just wish it was more secure and performant
The other suggestions are probably better, but you can technically self-host Wire (from Wire Gmbh) but I’ve never done it successfully.
Mattermost runs as a Docker container and is excellent. You can create channels and groups which is incredibly useful.
Mattermost is a lot like Slack, right?
Yes.
Is there e2e encryption available for mattermost that normies can use?
Can we use group meeting in self hosted version?
