I am searching for a selfhosted and secure (end to end encryption) chat platform for my family (5-20 users), possibly one i can host on a raspi.
Is matrix a good choice, or should i try something else?
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Simplex chat would work
However, I wouldn’t host on a Raspberry Pi or even at home for that matter. Get a VPS and host it there. Linode even has a one click app install for Simplex Chat
Why not host at home?
To much risk and you won’t have as much uptime.
Whats the risk? My uptime is pretty good and I host from home.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
5 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #809 for this sub, first seen 16th Jun 2024, 15:45] [FAQ] [Full list] [Contact] [Source code]
three main ones I’ve seen in this comment section are
• XMPP
• Matrix
• SimpleX
So all of these encrypt the conversations so not even the server admin can access them?
XMPP only does it with certain client extensions. And Matrix only does it when the rooms are set up this way. SimpleX does what you want, but is kind of unintuitive for the average user.
I say go with Signal, it does what you want and is idiot-proof.
It is literally one setting in Matrix to force all rooms to only do encrypted messages.
Signal is pretty unintuitive when it comes to multiple devices per user, device transfers after a device has been lost,etc.
Signal is perfectly good under normal usage. Everything is unintuitive when it comes to extremes like losing your device.
Wouldn’t say that. With most Matrix Clients, WhatsApp, etc. it’s far easier. Especially from a perspective of a elderly,less tech adept user.
Signal is annoying to use if you don’t have a smartphone you can trust, since they do not allow registration from desktop. So either an Android VM or Signal-cli. But maybe it was just a one-off bug that the desktop client didn’t bind to signal-cli for me. Still, the fact that you need an unofficial command-line application just to register makes it not exactly user-friendly.
I imagine that most people’s families will find Singal easier than using a CLI program anyway. It’s rare to find an entire family without typical cellphones.
Yea, but a typical cellphone is not as easy to make private as a typical laptop or desktop. Lineage has some tradeoffs and not accessible on all devices, and Graphene needs even more specific, quite expensive hardware!
To be fair, pretty much all major XMPP clients have adopted OMEMO encryption, so doesn’t seem like much of an issue.
But it’s not self hostable.
no idea, I’ve just seen these in the comments
The other suggestions are probably better, but you can technically self-host Wire (from Wire Gmbh) but I’ve never done it successfully.
For me you can try to host a SimpleX server and then connect to it (with SimpleX it is pretty as much secure to run its one server than use a public one).
Or maybe use XMPP but try to use a good encryption protocol. This option is great in term of power efficiency, XMPP would run great on a RasPI
Did you have trouble setting up XFTP one? SMP was fine but XFTP seemed to have some error in the systemd settings provided in the manual.
Matrix is good, secure, very versatile, Foss, and easy to use, but I think not easy to set up or manage.
Depends. If you use an intermediary layer like Yunohost/Cloudron/etc. or now your way around docker it’s manageable easily.
deleted by creator
I’ve been using matrix for years to this purpose, but moving to xmpp/prosody now
What clients will you use for xmpp/prosody?
The easiest is to use the clients officially rebranded for Snikket, but there is a good overview on modern clients on https://joinjabber.org
Gajim on pc (I use arch btw - well endeavourOS because I can’t be bothered) and don’t remember what on android (there is the full list or clients and capabilities on xmpp.org)
Can I ask why you’re switching?
No.
Yeah ok. First of all, because I can 😁. I mean z what’s good being an IT nerd if I can’t change stuff when I want?
Jokes aside, I’ve been reading more recently on matrix and looks like there are some security issues in the design of the app/protocol. I’m on mobile now, I’ll look for sources when I’m on pc. Also I don’t like that it is a server centric system (so data is primarily on the server instead of the clients). Also it takes more resources than I was expecting. For less than 10 users I can’t have less than 4gb of ram (on a dedicated debian server, running docker) or it swaps so much it kills the system.
So basically I’m testing out if xmpp is a better system for those issues.
Conversations being paid on the google play store is what’s stopping me from going xmpp… I can’t just say “message me via xmpp, you can use the Conversations app”. Now I’d have to explain what F-Droid is and why would they even get another app store and enable “unknown apps”. it’s not doable. I remember telling my mom to install Signal (before I got into self hosting) because I deleted whatsapp and she got angry like she worked for the zuck, saying “what do you mean you don’t use whatsapp” with an astonished face, started lecturing me on why I was destroying my social life… That just made me realize right now they probably wouldn’t download conversations either…welp I just wanted to share
I know exactly what you mean. Just for general information, I’ve found another android client that I think it’s better than Conversations. It’s called Monocles chat (and it’s on f-droid). On matrix/xmpp I install the whatsapp bridge. I can convert a few close family members but no way everyone. For me it’s an acceptable compromise. I get the close members to use my servers/apps, everyone else through the bridge so I can at least have all the chat in one place
How do you convince your family/friends to switch to a new app on their smartphone and use one just to talk with you/others in the crew?
@mcmodknower@programming.dev
My dad suggested me this after i told him about the new upload filters the eu is thinking about. Here is a link to a german blog post about it: https://netzpolitik.org/2024/anlasslose-massenueberwachung-frankreich-wackelt-in-der-ablehnung-der-chatkontrolle/#dokument
Frienda no, but I do use whatsapp bridges so I can have all conversations in one place.
Family with extreme nagging, and because I’m the IT guy of the house so they kinda trust me/can’t be bothered to try and out-talk me.
WhatsApp bridge? How does it work?
The chat server (matrix and xmpp have different ones, but same functionality) that act like a whatsapp desktop client. Have you ever run whatsapp desktop client on your pc, where you have to pair it with your phone? Same thing, but you do it withing a special “bridge” (usually as a bot) in matrix or xmpp. So you get all the messages in one place. But it doesn’t work for calls, just for messages.
I’ve never heard about those bridges, thanks! I’ll have a look.
Still no suggestion that has wide cross platform and it’s just simple . Matrix has that all . So for now I choose matrix and clients
Lol, Snikket/xmpp has been suggested multiple times, and it is as good if not better regarding “wide cross platform” support. To get the same with Matrix you basically have to use a web-client or Electron, while XMPP has very efficient native clients.
just looked it up and couldn’t find a decent client for ios. There was Monal but it looks more like a draft rather than a finished application. Things don’t even have padding or margins. The snikket one I won’t even mention, you can’t expect people to use something that gives them visual discomfort.
Visual discomfort because it looks like an slightly older app? What kind of issue is that???
And Monal has improved a lot in recent months, the current version is mostly fine.
You’ve met an iOS user.
…exactly the kind that discourages 60-something, non-technical family members.
It discourages 60-something nontechnical family members that the app looks like WhatsApp? Are you being serious?
I originally suggested Monal to my friend (who is quite into iOS and really appreciates a well designed application) and she found the same, but then she tried Siskin, and was happy enough to use it to this day.
https://github.com/matrix-org/dendrite
Dendrite iirc is essentially in maintenance mode. I run a small one but I don’t think it’s expected to get any new features until there is more funding.
Also https://conduit.rs/
Self host beeper… I love matrix but people struggle with maintaining a key and password … beeper simplifies this and has other chat protocols (bridges) that might entice normies.
Those are Matrix bridges. Beeper is a skin over matrix.
Im aware, I’m specifically speaking about the log in process being simpler for most people on beeper vs matrix. I use beeper thru nheko, as you said it’s just matrix. But less work for the end user
Matrix and beeper
Ideally, SimpleX (https://simplex.chat/). Session is nice, but less secure (https://getsession.org/). Delta Chat (https://delta.chat/en/) will be secure enough, and the most familiar visually. Lastly, XMPP is a great solution as well.
What makes session less secure? This is the first I’ve heard of it.
I am suspicious of it because you pretty much cannot host a node. Well, you can - but you’d have to deposit an INSANE amount of money (like $2k or something). While Simplex, even though I do have a concern with its initial centralization by the power of default, is decidedly easy to selfhost.
Session has user IDs, the so-called “sessions”.
Simplex is the first platform I’ve heard of that doesn’t use IDs (which doesn’t make much sense to me, practically, but sure). So would you say everything is less secure than simplex?
I say it depends on what you are looking for. Depends on your “threat model” – among other things.
For example, if you are looking for something more private (smaller chance on linking identities with digital footprint, smaller chance on identifying a person, etc), I suggest SimpleX. They also have a great protocol. Their white paper is worth reading as well. But it might be a little challenging for non-tech people. And the thing is still in development.
If you don’t mind Session’s IDs (after all you can still store them somewhere and change them), it’s a good one. The protocol is promising, and they have a nice white paper. Unlike SimpleX, it’s much easier to set up for a non-tech person, although it’s also in development.
XMPP (Conversations, Monal, etc) rely on a well-known technology, and it is stable. And the interface doesn’t scream “hacking”, " techy" etc.
Lastly, Delta Chat is also a nice project, with a well-known record. The interface looks super convenient and familiar. And the functionality is feature-rich enough in case you want to doe something special.
I would say the thing with IDs (or absence of IDs) is yet another layer that ensures privacy and security. But all of the apps are secure enough. Even Signal is secure enough if you don’t mind exposing your phone number.
I guess the real question is about convenience. That is, knowing about SimpleX, Session, XMPP, and DeltaChat, which one is convenient, private enough, and secure enough for your particular case.
deleted by creator
Sorry, didn’t mean to.
Mattermost runs as a Docker container and is excellent. You can create channels and groups which is incredibly useful.
Mattermost does not have E2EE to my knowledge.
Mattermost is a lot like Slack, right?
Yes.
Can we use group meeting in self hosted version?
Is there e2e encryption available for mattermost that normies can use?
https://snikket.org/ (xmpp based) is perfect for that. Matrix will work, but you will likely reach the limits of your Raspi with it fairly soon if you allow federation with other servers.
Matrix or XMPP.
Is it fast on a raspberry pi?
Uh, don’t know. XMPP likely yes.
Nothing is going to be fast on a raspberry pi.
Ok that’s just not true at all.
Core temps ramp up astonishingly fast on RPi!
ducks
minceraft