Synapse if you just want everything to work. Conduit (or its fork, conduwuit) if you're okay missing some features but want an efficient Matrix server.
I don't think SS0 is supported very well and I believe I've heard they're planning on changing how it works, but I don't remember the details. If you need SSO, you may need to stick with Synapse.
For your disk space issue, there are tools to compress room state and delete old media to keep disk space usage down.
Their site explicitly says it supports running VMs, Kubernetes and Docker containers so you have plenty of options. Docker's pretty easy and mostly just works.
I did have a chat with one of the Element sales people a few months back and based on the conversation, it sounded that Dendrite is not anywhere on their roadmap to invest any resources.
Synapse is the most feature-complete server, and still the one to receive spec compliance updates the fastest.
For a small number of users and bridges, it being written in python is not a concern performance-wise.
Not sure what you mean by multiple domains. The domain of the home server IS its identity, same goes for user addresses. You can't have multiple addresses all hooked up to one account on one instance. (At least not until account portability is a thing)
You could run multiple homeservers with different domains, tho. They'd essentially be separate instances, interoperable through federation same as everything else.
Synapse is what matrix.org currently runs, while Dendrite is what it will eventually use.
Thanks. Yeah I know most of the story/history of Matrix. I'm just now making the decisions for the years to come. And Dendrite has been the announced successor to Synapse for quite some time now... I'm not sure what to make of this. If it's going to happen soon, I'd like to switch now. And not move again and relocate my friends more times than necessary.
Judging by the graphs on my Netdata, Synapse plus the database are currently eating more resources than I'd like for just chat. Afaik the other projects were meant to address that. But I've never used anything else. And I've always refrained from joining large rooms because people told me that'd put considerable load on the server. If there's a better solution I'm open to try even if it's not the default choice... It just needs to work for my use-case. I don't necessarily need feature-completeness.
Yeah, with the multiple domains: I meant I have 1 VPS and like 3 domain names for different projects. I have a single email-server, one webserver and they just handle all three domains. Even Prosody (XMPP) has "VirtualHost" directives and I only need to run it once to provide service on all the different domains. With Matrix this doesn't seem to be the case... I'd need to launch 3 different instances of Synapse simultaneously on that one server and do some trickery with the reverse http proxy. That'd be more expensive and take more time and effort. I don't really care about how the identities are handled internally, I can provide them in a format that is supported. And the users are seperate anyways. It's just: I'd like to avoid running the same software three times in parallel.
Out of curiosity: Do you have to deal with that much spam? If so: Is there a specific reason?
Because I only get some bot join one of the public rooms and start spamming every few months or so. And we deal with that pretty quickly. My own account has been perfectly safe for years... So my experience is different. Might be my usage-pattern vs yours?!
If they don’t care about the protocol, choose a protocol that doesn’t take minutes just to join rooms & has clients that use less data/power so the family isn’t annoyed to have that app on their phone.
When using encrypted chat, message contents are securely encrypted. Attachments as well, as they're secured by keys exchanged through those some encrypted messages.
Matrix does leak quite a bit of metadata that a few other apps, like Signal, doesn't leak.
If you're sharing family photos, it'll probably be secure enough. If you're committing crimes or shit talking your oppressive government, probably best to pick something else.
If you're not comfortable with all the data shared with some of these companies, you may want to find a matrix homeserver with a more suitable privacy policy, and perhaps a matrix client app that doesn't collect as much data. Do note that some information, such as encrypted attachments, may end up on other servers if you talk to people with accounts on matrix.org. It's the same as with email: you can use protonmail pretty securely, but if you send an email to @gmail.com, Google may be able to read (parts of) it.
I understood clearly what you said. Thanks for detailed text. The protocol uses end-to-end encryption, yes. But, I didn't understand what type of information is being leaked. Do you mean e-mails, phone numbers, profile pics etc. as metadata? If I use another server or self-hosted server, can I avoid the leak. And not only matrix.org, Element uses same types of informations. Element's permissions was a bit high in Android, Flatpak etc. I'm using Element on my GNU desktop and not on phone. No phone number, no profile pic, no e-mail; only username, server and password. Do I still give information?
Information leaked by the protocol is "what user IDs from what servers are in what groups, replying to what other user IDs how often and at what times". It's the kind of metadata the NSA collected from Americans that landed them in hot water. This is exchanged between servers and copied over to any server with an account present in the room. This information is encrypted by HTTPS in transit, so it's not plain readable, but you have to trust every server in a given room not to leak that information.
Things like profile pictures and display/user name can also be derived relatively easily in common use, though it'll be very difficult to find if you don't join any public rooms and pick a random looking username.
On a protocol level, there's no need for you to provide an email address or a phone number. Some services may require these details to prevent spam/account floods, but you can use Matrix without either. The only reason you're asked for these is that they allow others who have you in their address book to find you, so you can start chatting to people without exchanging usernames. I've opted not to use this info in my account.
I don't know what permissions you found troublesome on Android, though. Everything it asks seems to make sense for a modern messenger with features like video calling and location sharing. There are other apps available for Android, though.
If you use your own server, you'll be in charge of what information you provide, and you can even firewall off servers that you're not interested in communicating with if you want. If you join any public rooms you'll still need to share some info (or the protocol won't work), but you can do things like configure your server to only permit fetching attachments from whitelisted servers. This isn't a standard option, but with some knowledge of reverse proxies it's not impossible to pull off.
Compared to more private, but non-federating, protocols like Signal, Matrix leaks a decent bit of metadata when using encrypted channels. It may even leak more than XMPP, though I don't really use that as nobody I know still uses XMPP. On the other hand, Signal is centralised on one single server, and if that server goes down, your ability to use the app goes down with it. With Matrix, you can just register on another server.
I would say Matrix is secure enough for everyday chat if you enable encryption (and preferably verify the keys of the people you communicate with), but not a good choice for human rights activists or criminals.
Thanks for much detailed comment. That helped me alot and answered all of the questions from my head. Eventually, I am not a criminal or activist. Looks like its secure and private enough. At least there is some eyes as Meta, Google etc. I will mind self-hosting. Thank you again for your labor. Goodbye.
It's end to end encrypted, it could be hosted on the NSA's servers for all you care, it should be safe.
The reason this is there is likely because they use those cloud services to provide the hosted services, so they disclose that they do. I don't think it applies to the client you download or the ones you self-host from open-source builds on your own homeserver on your own infrastructure.
maybe a hot take.... but beeper. makes it way easier to manager the keys and crap with an email login for those that loose their passwords all the time. and linking their other favortire socials might be a selling point. but if youre super cautious/paranoid, they have ways to run your own server. (i use their servers...)
Does the new Beeper Android client already work with Matrix messages? I tested it briefly after the release, but it basically didn't support regular Matrix at all yet
so unfortunately, you can't log into your matrix account, but rather it creates a @username:beeper.com account. Which (if you bug them) you can use to log into your favorite matrix client. but you can then join our favorite rooms and chat folks using normal matrix commands.
Yeah, you can use Element web and reset the account password using "forgot password" to use the beeper homeserver, but OP is asking about Android clients
The Beeper client is 100% not usable for Matrix-to-Matrix messaging, I don't think it even supports e2ee, but I have heard they're working on it.
I'm talking about the android client for beeper but have used it for nheko...and it does support e2ee. I use it for all matrix convos and rooms. Maybe something changed in the time you last used it and I signed up, but yeah not having any e2ee issues once I verified the key
After their plan of starting with local iMessage and expanding later didn't turn out well, they turned it around. Start with Matrix, add local bridges later.
The current application is based on the Beeper Mini codebase, is Matrix-First and will soon allow you to use local bridges to better preserve E2EE. As seen by some MSCs opened up by the beeper team, they are also looking into encrypted chat backups with these local bridges.
Lots of people complain about Schildichat for various reasons, but Element for Android gets unbearably slow for me after less than a day of use. Clearing the cache resets the timer, but it just keeps happening. That doesn't happen on Schildichat, and those two apps are the only ones I know of that support both spaces and threads, which I need.
I had big problems with pairdrop and webrtc which also needs coturn stun or turn(s) protocol...
I found a good hiden hint for coturn and webrtc...
For special usecases you need two stun-server with different ip-addresses to be able to detect a working p2p connection.
You can use 2 different machines in different datacenters or it could also work with the same coturn on a vm with 2 different public ip-addresses.
If a p2o-connection is not possible, a turn(s)-server should be configured in matrix homeserver too.
This can be the same coturn as for stun.
AND... this cost me days of research and trial&error...
For a propper webrtc-connection in a federated system as matrix is, BOTH matrix homeservers must have configured 2 stun and at least one turn(s) server in their homeserver.yaml
I reproduced this every time trying to establish a call from two different mobile-phones with natted internet-connections from different ISPs on different matrix homeservers with different or one with no stun/turn-server configured.
I tried all setups many times.
You won't find this info elsewhere...
What i still not got working is, ehen one client is connected through vpn, and the other not.
I've no chance to establish a connection.
If this was the case, the playbook would surely set up two different Coturn instances. Also, I don't understand why it would work that way.
My setup is not a "special usecase", but a single unfederated homeserver. Calls do not work between users unless turn.matrix.org is enabled.
The stun protocoll is btokering a direct p2p-connection between devices, when it's possible in case of network.
When a direct connection is not possible (both devices are behind differen natted networks/firewalls), turn is needed (turns with ssl) and the audio/video datastream runs through the turn-server.
Are your devices in the same LAN/WLAN? Or in different?
Is one at home, the other in office-network?
If they are in different networks, (it belongs to the clients, not the server!) a stun server is needed outside the network in the free, for both reachable internet!
So both can see and reach the stun/turn server.
I think, your coturn is not not good reachable from outside in your setup, that's why turn.matrix.org works, and yours not.
Coturn can work as turn and stun at the same time.
Maybe the standardports 5439 and 3478 (each also +1) or the highports are blocked by your firewall.
So you can try to let them listen on port 443 (turns) and 80 (stun) from outside. Most firewalls won't block those ports...
Or describe please, how exactly do you use your matrix? Where is your homeserver, in which networks are your clients? Do you use vpn?
This is hardcore network-stuff snd not directly related to matrix.
The homeserver incl. Coturn is running on a VPS, no ports blocked.
The clients are in different networks. Everything should just work, but it doesn't for some reason.
Matrix
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.