I am really struggling to replace facebook messenger / whatsapp for a few casual conversations. My friends and I are all wanting to move away. We are not heavy users of this but need it to work. I think the requirements are:

  • floss client for android, linux, windows

  • persistent history across devices

  • reasonable security

  • don’t need to self host server

  • can send a message to offline user, they get it when they come online

  • not tied to or reliant on phone number / cell service

  • ETA: end user documentation explaining how to set up and common troubleshooting

tried:

  • matrix: the thing with having to keep track of room keys and stuff is too complicated. every time someone uses a new device it is a ton of issues and we could never quite get it ironed out

  • signal: tied to phone number, no history across devices

  • xmpp: similar to matrix the key situation is confusing, also no cross device history

  • ETA: simpleX: a lot of people here are mentioning simpleX. It didn’t come up in previous investigations so will give it a shot.

    • ETA 2: It doesn’t seem to have persistent history across devices. Clarification?

I actually didn’t think this would be such a problem but it is breaking us. we don’t need a lot of sophisticated features like voice, video, moderation, 1000s of participants, spam protection etc that seem to be of concern to the projects. just simple text chat.

  • Pantherina@feddit.de
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    edit-2
    11 months ago

    SimpleX

    But as alternative to FB messenger?? Literally anything, switch as fast as you can!

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    7
    ·
    11 months ago

    xmpp: similar to matrix the key situation is confusing, also no cross device history.

    Please don’t tell me you only tried Pidgin 🤦‍♂️

    Of course there is cross device history on xmpp. And what “key situation”? Its all automatic.

    • linuxPIPEpower@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      pidgin, gadjim, chatty, dino, kaiden, psi, psi+… some other ones

      it isn’t automatic from what I have found. vague “omemo”-related errors are popping up here and there.

      what set up do you suggest where the experience is simple? it seems that there are a bunch of standards which servers and clients have varying support for. plus there is a plugin architecture for lot of them which extends or changes functionality, or it matters what version of libraries were used in compilation, and many other little details.

      I believe that some people do have a seamless experience but ours hasn’t been. If there is some sort of documentation describing exactly how to get going I would appreciate it.

      • poVoq@slrpnk.net
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        11 months ago

        Well you can try https://snikket.org which packages a Prosody server with suitable clients and it all should just work ™. They also offer a hosted version.

        On https://joinjabber.org you can also find recommended clients and servers that should work without problems.

        But to be honest, none of the issues you describe are actually real in my experience. Yes you read them everywhere from badly informed online pundits, but if you use a modern xmpp client with a modern xmpp server it all just works without issues and e2ee keys are automatically exchanged on first message without any problem.

        There are some vastly outdated clients like Pidgin that do cause issues, but it is a bit unfair to blame that on xmpp, when Pidgin has not updated their xmpp implementation for more than 10 years 🙄

        • linuxPIPEpower@discuss.tchncs.deOP
          link
          fedilink
          arrow-up
          3
          ·
          11 months ago

          Do you have the impression that I have not actually had the problems I am describing? Like I just read online that other people had problems? Not the case. As I said after you assumed I “only tried Pidgin 🤦‍♂️” I have tried lots clients.

          but it is a bit unfair to blame that on xmpp, when Pidgin has not updated their xmpp implementation for more than 10 years 🙄

          Who is blaming anything on pidgin? you are the one who brought up pidgin.

          The join jabber link is very nice and I didn’t find it before. But I actually tried the 2 linux clients they recommend: dino and gajim. And between us, going from memory I think we have tried all but 1 of the recommended servers.

          The impression I got from digging around in repos (which I don’t really want to be doing just to get a messaging app tbh) is that the problems we had are legit open issues in some cases. But it is hard to diagnose because the client developers don’t have knowledge/control of the end user’s local environment or the server set up. And likewise the server admins don’t know the internals of every single client. End users with problems are challenged to collect all the required information. Here is an example from gagim: Chat History Sync Issue (#11380)

          I do not think it is fair to characterize that user as a “badly informed online pundit”. They have a problem and it is basically too complicated to resolve with the available resources. There is probably some unknown contributing factor.

          Snikket:

          Help! I just want to chat!

          Don’t worry! If there are no Snikket services that would give you an invite and if you are unable to run your own, Snikket may not currently be the right app for you.

          • poVoq@slrpnk.net
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            11 months ago

            https://snikket.org/hosting/

            They can host it for you.

            As for Gajim, I have been using it for years and never had history sync issues. Maybe you expect to be able to sync old e2ee messages on new devices? That is impossible to do with OMEMO and actually an intended security feature.

  • rufus@discuss.tchncs.de
    link
    fedilink
    arrow-up
    8
    arrow-down
    2
    ·
    edit-2
    11 months ago

    Have a look at:

    https://www.messenger-matrix.de/

    You could also use Matrix or XMPP without all the complicated e2ee stuff, room keys etc. It’s encrypted on transport. It won’t be super safe and have the highest level of privacy this way, but easier to use. You just have to remember not to enable room encryption. And maybe use SchildiChat instead of Element.

    • linuxPIPEpower@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      11 months ago

      That is a great chart. Do you think it’s up to date? One issue I had was trying to discern very old from current materials.

      Thanks, we don’t need high level security, just a reasonable modern attempt at it. Due diligence. I had a hard time understanding what kind of encryption we “should” use.

      I tried SchildiChat and I liked it except for all the problems that seems inherent to matrix.

      • rufus@discuss.tchncs.de
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        11 months ago

        Sure, this chart is updated from time to time. (The guy who published it also has a very nice german tech blog: https://www.kuketz-blog.de/ ) But it only contains widely adopted messengers and focuses on open-source. So it doesn’t necessarily contain every good messenger out there.

        I know. Matrix is quite good. I learned how to operate it, so that’s alright for me. But I know there are a few annoying things in there. And I think they did a few design decisions with the encryption that make it difficult to use. In the years I’ve been using it I’ve been annoyed many times by incompatible verification techniques or missing encryption support in some clients/libraries. It’s getting better but I can understand why you would prefer something else. I’m not an expert on messengers, I hope some of the other suggestions here work for you.

        • linuxPIPEpower@discuss.tchncs.deOP
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          I’m not an expert on messengers

          me neither! and I have not desire to become one. :D

          It has been a big surprise to see how involved you have to get and how much complex understanding is required just to chat. And in my group of friends I am one of the more power user types. If I struggle to use something, then I can’t recommend it to others. So far everyone is really discouraged and I think it is reflecting quite badly on the concept of moving away from corporate/proprietary solutions. And FLOSS. It seems like just not viable for average users. :(

          In this kind of situation we don’t have unlimited chances to try all different options one by one. because in requires a coordinated effort for multiple people to make accounts, set up devices, learn new software etc. People do not have time for that on demand. I think for most people, you have 1 shot at this kind of thing, if any. And if they are not FLOSS-type people they will be basing their opinions of all of FLOSS alternatives on the experience.

          Patience is wearing thin. I think if the next thing we try doesn’t work, then it’ll be back to facebook/whatsapp/sms for the next 10 years. So I want to find a viable suggestion or be able to manage expectations and adapt to what is realistic.

          • rufus@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            11 months ago

            Well, I get your frustration. But I also disagree.

            There are several different things at play. first of all I think Matrix has made some non-optimal design decisions with their protocol. For example I think e2e-encryption should have been mandatory for clients to support from day one. With like 2 mandatory verification processes that are well-documented and taught to the users.

            The second thing is, some clients are bloated and also expose weird stuff to the user. For example the device-keys (session-/room- whatever). That should be build on-top the encryption and handled without the user knowing anything about it.

            That would leave us with 3 concepts to understand:

            1. How to do the emoji-verification to verify new devices and other people
            2. You need to do 1 backup to make sure you don’t ever lose access to your account, just write down a sequence of words or characters on paper or do a screenshot
            3. a screen that shows you which devices are logged into your account with a button to delete them. No further handling of cryptographic keys

            And I think with a few limitations that are due to the history of Matrix’s development, they strive to become that and aren’t far away from it. I don’t think it’s too complicated. I’ve taught 15 year old kids how to do the emoji-verification and why that’s important.

            And it is important… If you take end to end encryption seriously, there is no way around verifying the other end once. You can see which messengers take it seriously and which don’t. For example WhatsApp doesn’t ask you this. And it can’t ever detect if this is really the person they claim to be. The only thing it can do is assume it and make sure the person at the other end doesn’t change. And the backup is non-negotiable, too. You either do that yourself, or let your provider do it. But then they have access to your messages.

            And this isn’t Matrix’s or XMPP’s fault. security and convenience are somewhat on opposing ends and you can’t have both at the same time. It’s somewhat like this, and it’s a limitation of how the world is:

            You’re free to choose where you want to be on that triangle. You can have something with many features and very secure. But that won’t be easy to use. Or you want something easy, but it won’t ever be secure. Matrix tries to be everywhere, but that can’t work. You can just disable encryption on Matrix, this will do away with all of that complicated stuff immediately, at the cost of some security. But you could also use WhatsApp or iMessage to talk to your friends. My grandma could use it, but it has other downsides.

            I’ve been with the FLOSS people and advocating for freedom and empowerment of the user for quite some time. It’s always a struggle. You always have to actively fight for your freedom. And if you want to stay in control of your data, you have to take matters into your own hands, to some degree. And that is some work. You have to learn concepts and gain a certain amount of literacy. The other option is to give up parts of your autonomy.

            With that said, I still think Matrix could do a better job and make it easier. I think it’s usable. But I’d be happy, too, if I could recommend it to more of my friends without there being any catch. In fact, I recommended it to other people and like 3 friends use it, my dad, my spouse and like 15 other people I know from real-life. They’re not all tech-savy and it works. There have been some issues, but that was some time ago and issues have become less and less over time.

            • linuxPIPEpower@discuss.tchncs.deOP
              link
              fedilink
              arrow-up
              2
              ·
              11 months ago

              I did the emoji thing and even though I went through it correctly it did not proceed reliably. A problem with the client? Network issue? Who knows. Sometimes it works after a few attempts and other times not.

              Encryption keys didn’t work because my password manager ended up with several keys all associated with the same account but I didn’t know what each one was for. (And did the keys each also have another password too? I might be thinking of something else.) They were for the account or the device or the conversation or the client or the session? And my friends were having similar issues; even when I get it set up someone else is having a problem.

              I guess with all these things, it gets easier once you get going and stable. You can’t do the emoji thing without having a logged in client available. If everyone is bouncing around clients it’s a mess. There is nothing stable for any of us to join onto. I have used the occasional established matrix community and I don’t have these issues in that case. A lot of the complications come from the fact that we are trying to move together.

              I’ve been with the FLOSS people and advocating for freedom and empowerment of the user for quite some time. It’s always a struggle. You always have to actively fight for your freedom. And if you want to stay in control of your data, you have to take matters into your own hands, to some degree. And that is some work. You have to learn concepts and gain a certain amount of literacy. The other option is to give up parts of your autonomy.

              I mean the other other option would be to take care of each other and struggle collectively. I do not really think we get freedom one by one. I believe that to be in alignment with FLOSS.

              Philosophically it’s kind of regressive to say that lost autonomy is deserved by people who fail to learn to the standards you think are reasonable in the areas you think they should know about. There is way too many things in the world we can’t all know about all of them.

              • rufus@discuss.tchncs.de
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                11 months ago

                I did the emoji thing and even though I went through it correctly it did not proceed reliably.

                Oh. That’s not how it’s supposed to be. I self-host my own (Synapse) matrix server. So I wouldn’t know if there are issues with the network or something like that with the established, big servers.

                several keys all associated with the same account […] (And did the keys each also have another password too?)

                Yeah, That’s too many details. It should be: you sign up for a new account, keys are generated and you are requested to back up your master key. Maybe that backup can be protected with an additional password, I don’t really know. From that point cross signing and all cryptography should kick in automatically. Everything should be handled without the user needing to worry about additional keys. And in my oppinion the additional inner workings should be hidden from the user. At that point you’re set and once you log in with a different device or add a friend, a popup should open telling you to verify the other user/device with the emojis.

                If everyone is bouncing around clients it’s a mess.

                That is the most annoying thing with Matrix. I’ve also had this happen. Some time ago I had clients not support emoji verification. Or I try to write a bot in python and it runs on a server with no means of displaying emojis. I think Matrix isn’t strict enough to handle the diversity of clients. In theory diversity is a good thing, but for Matrix… I’ve also had some issues with that exact thing.

                […] struggle collectively. I do not really think we get freedom one by one.

                That is especially true for messengers and social media. There is the network effect. A platform has little to no benefit if it doesn’t connect people and it’s just you ;-)

                Philosophically it’s kind of regressive to say that lost autonomy is deserved by people who fail to learn to the standards you think are reasonable in the areas you think they should know about. There is way too many things in the world we can’t all know about all of them.

                I agree. I have compared this to the Age of Enlightenment before. There is some basis we need to agree on. Everyone has to agree they want freedom and be ready to put in some work and face the struggles. But not everyone needs to become a computer expert and have this as their primary hobby. Just being a follower should be alright, the only thing is you can’t be annoyed by change and experiencing a dry spell every now and then. I think this is consensus and also how it works with parts of the FLOSS ecosystem. There are clubs and individuals who operate the servers and handle all the difficult and tedious parts of hosting. Not everybody can, or wants to do this. As a user it is your obligation to know how to operate your computer and smartphone. But it shouldn’t be overly complex. That takes away from the spirit and makes it inaccessible for some people. And we want the opposite of that, spread the freedom amongst everyone who is willing to participate.


                I really don’t know what to recommend to you. Don’t resign and let the technical difficulties keep you from getting what you want. It’s the right choice. Maybe you find something better than Matrix for your use-case. I’m kind of in another situation, so my experience doesn’t necessarily apply to your situation. Maybe have one person do the work, try out a few servers and Apps/clients and pave the way for the rest of the group. It definitely doesn’t work if it’s an uncoordinated effort and there are sub-optimal choices and traps out there. And it will scare some people off (rightfully) if they have to start over for the third time.

                With our group, we have tested matrix for some months with two people, then a third and then a friend of mine invited all the other people. Most of them use matrix.org as their Homeserver. And we keep the room unencrypted for maximum compatibility. We don’t give admin rights to everyone, that would lead to confusion. One person manages the room and they put in the effort to learn how to manage the room and help people get the app installed on their phones and join the room.

            • lascapi@jlai.lu
              link
              fedilink
              arrow-up
              2
              ·
              11 months ago

              You resumed very well the triangle.

              My dream is to build an app/service which is easy to use as Signal but compatble with matrix and xmmp.

  • oranki@sopuli.xyz
    link
    fedilink
    arrow-up
    4
    ·
    11 months ago

    I have a feeling you are overthinking the Matrix key system.

    • create account
    • create password you store somewhere safe
    • copy the key and store somewhere safe
    • when signing on a new device, copy-paste the key

    Basically it’s just another password, just one you probably can’t remember.

    Most of the client apps support verifying a new session by scanning a QR code or by comparing emoji. The UX of these could be better (I can never find the emoji option on Element, but it’s there…). So if you have your phone signed in, just verify the sessions with that. And it’s not like most people sign in on new devices all the time.

    I’d give Matrix a new look if I were you.

    • linuxPIPEpower@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      I tried both of those. I don’t know if I got confused about which key was the right one or what but that didn’t work. I also didn’t really get what the key was for… it was attached to my account, or to the conversation…? Ended up with multiple keys and trying to guess what they are for. And since I’m not the only one involved and others were having issues it was just constant headaches.

      The emoji thing I did and it also just seemed to fail. Like I would get through it and it’s still not working. Sometimes it works after a few tries another other times not.

      I think that having a few people all trying to move together kinds of exacerbates all these issues to be fair. Because everyone is setting up multiple devices (maybe trying different clients on a given device) and trying things out. Normally you just wouldn’t be doing that much logging in. And none of us could really help the others out. If it was just one person joining an established network I don’t think it would be so annoying.

      • oranki@sopuli.xyz
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        They could explain things better, you are right. I actually think I remember having almost the exact same confusion a few years back when I started. I still have two keys stored in my pw manager, no idea what the other one is for…

        The decryption has gotten much more reliable in the past year or two, I also try out new clients a lot and have had no issues in a long time. Perhaps you could give it a new go, with the info that you use the same key for all sessions.

    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      If Facebook messenger is the comparison, Deltachat is awesome. Its very bloated though if you use it for email too. Also for some reason it doesnt delete messages from the server which is really annoying

    • linuxPIPEpower@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      I have seen it but never tried it. I kind of got the impression it was like a novelty/experimental thing rather than a general purpose serious application. Is that incorrect?

      Does your email account get filled up with bazillions of messages? I once installed an app that “backed up” all my SMS to email; it made 1 email for every SMS. It was terribly annoying because when searching mail for something all these irrelevant scraps of old conversations ago clutter up.

      Or do you just have a separate mail account to use on chat?

  • Andy@programming.dev
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    11 months ago

    If you want, you could use Telegram without your real phone number by either getting a virtual number from Google Voice or another service, or you could buy a Telegram-only number from their fragment site.

    • Chewy@discuss.tchncs.de
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      Telegram doesn’t support E2E cross-device history. It’s more similar to Discord than to secure e2e messengers like Signal or WhatsApp.

  • Helix 🧬@feddit.de
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    When did you try Matrix? You can just choose to not encrypt your chat room. Apart from that, in 2022 the encryption hiccups got way better, in 2023 they’re barely happening.

    I recommend FluffyChat as mobile client and Nheko for desktop. The Matrix experience relies heavily on the client you’re using.

  • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.social
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    edit-2
    11 months ago

    Session satisfies all your points. It started life as a fork of Signal, but is not tied to any PII. Synced across devices, everything. iOS, too, even. The only thing it doesn’t have is a terminal client, but it’s easly days.

    I’ve tried them all; so far Session is the only one that passes the non-tech-spouse test. We were happy sith Wire for a couple of years, but it’s been going through some severe enshittification in the post several months.

    Edit fixed the fdroid repo URL

    • linuxPIPEpower@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      10
      arrow-down
      2
      ·
      11 months ago

      so if you click documentation on the session website it brings you to this page https://docs.oxen.io/oxen-docs/products-built-on-oxen/session

      I am seeing the words “blockchain”, “economics”, “token”, “instant transactions”… And one click to NFT crypto stuff.

      I remember hearing that blockchain tech could be used for stuff other than scams but it is used for scams a lot and this app seems to be related to scam-type activity.

      Can someone provide any insight?

      • a. not all blockchain is bad b. I have neither seen, nor heard, of blockchain or cryptocoins on the platform. If blockchain is being used under the covers, it’s not visible to users. I see no ability to do anything with NFTs or cryptocoins in any of the clients.

        Session delivers messages more reliably than many platforms; E2E encrypts all messages (unencrypted is not even an option); requires no PII; has a good battery profile on mobile; reliably allows sharing, and has nice QOL features (that my non-tech family members have come to expect) like animated GIF search-and-embed; it supports message deletion and dissapearing messages; it has encrypted voice and video chat.

        If there’s any blockchain in the stack, then Session is an excellent example of its usefulness.

        It’s all open-source, too, so audit away.

        It’s not perfect, of course. There’s no CLI client. Because there’s no PII, there’s no registry, so connecting to people is harder than many platforms, and looking people up, impossible. The desktop client is an Electron app, so it’s typically resource hungry. It doesn’t yet have sent message editing.

          • linuxPIPEpower@discuss.tchncs.deOP
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            Sorry that was pretty unclear lol

            I was linking to another comment I wrote in this thread about this very strange cryptocurrency-based chat thing. I sort of had the impression maybe you have some prior knowledge of this. I never heard of it and find it puzzling just what the heck they are up to. I am not gonna use it because it smells bad. But am now interested to know what sort of business is going on. The person who recommended it sounds very satisfied with the chat interface. Why/how is it attached to crypto? Just… so weird.

            • erAck@discuss.tchncs.de
              link
              fedilink
              arrow-up
              2
              ·
              11 months ago
              • Session connects to Oxen Service Nodes.
              • One can run such node only if one buys into $OXEN.

              That already is sufficient to stay away.

              Additionally, node operators are rewarded in $OXEN for services offered on nodes, mined on the Oxen blockchain.

              If these nodes cease to operate, Session will be dead.

  • Handles@leminal.space
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    11 months ago

    I’ve used matrix and simplex for different friend groups. While I prefer the former in terms of privacy, I get your point that the encryption keys and account verification is kind of a pain in the ass. Simplex is pretty …simple in comparison, but then, I haven’t had to use it on more than one device yet.

    Just for the federation of it all, I’m also eyeing Databag. Now, if I can get my contacts on board as well is another matter…

  • Dessalines@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    11 months ago

    Matrix / Element is pretty streamlined nowadays, I’d give it a try again. It has all the features you mentioned above.

    • kevincox@lemmy.mlM
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      I agree with this. I don’t know what keeping track of rooms keys is. Never heard of that problem. Adding devices to an account (cross-signing) is pretty easy these days with a popup wizard. Or a backup key if you don’t have any online devices.

      If you want persistent multi-device history it is really one of the few options.

      Probably the other main options would be XMPP and Jami but I don’t have much experience with either of those.