Suggest me a secure chat platform for my family

submitted by mcmodknower

I am searching for a selfhosted and secure (end to end encryption) chat platform for my family (5-20 users), possibly one i can host on a raspi.

Is matrix a good choice, or should i try something else?

Log in to comment

133 Comments

pewgar_seemsimandroid , edited

three main ones I've seen in this comment section are

• XMPP

• Matrix

• SimpleX

lemmyvore

So all of these encrypt the conversations so not even the server admin can access them?

Lemmchen

XMPP only does it with certain client extensions. And Matrix only does it when the rooms are set up this way. SimpleX does what you want, but is kind of unintuitive for the average user.
I say go with Signal, it does what you want and is idiot-proof.

philpo

It is literally one setting in Matrix to force all rooms to only do encrypted messages.

Signal is pretty unintuitive when it comes to multiple devices per user, device transfers after a device has been lost,etc.

essteeyou

Signal is perfectly good under normal usage. Everything is unintuitive when it comes to extremes like losing your device.

EngineerGaming

Signal is annoying to use if you don't have a smartphone you can trust, since they do not allow registration from desktop. So either an Android VM or Signal-cli. But maybe it was just a one-off bug that the desktop client didn't bind to signal-cli for me. Still, the fact that you need an unofficial command-line application just to register makes it not exactly user-friendly.

philpo

Wouldn't say that. With most Matrix Clients, WhatsApp, etc. it's far easier. Especially from a perspective of a elderly,less tech adept user.

EngineerGaming

To be fair, pretty much all major XMPP clients have adopted OMEMO encryption, so doesn't seem like much of an issue.

matcha_addict

But it's not self hostable.

pewgar_seemsimandroid

no idea, I've just seen these in the comments

oldfart , edited

XMPP. It just works, requires very little resources, is stable and has decent clients.

I would go with Snikket instead of Prosody if I had been starting now.

Conversations on phones, Dino or Gajim on PCs, plus a conversejs install on the xmpp server, to allow web access when needed.

Conversations is easy for the family to figure out.

Mom Nom Mom

This is what my family (and a few friends) use. We have been using it for a while now because it just works. Also, the kids have never complained about using Conversations, or about using it *only for us* (like if you have that one family member who won't leave SMS behind - we're that guy, I guess), and we can make as many channels as we need for the house, the kids, with each kid individually, for our MTG cards, with our couple of friends that use it, etc…

I don't personally do the hosting, so I can't speak to that. That's the hubby's thing
¯\_(ツ)_/¯

Possibly linux

XMPP if you are loving the 90's

atzanteol

IP was invented in the '70s. Sometimes older protocols that work are just fine.

Norah - She/They

Same with email.

bastion

Sick burns

Possibly linux

Fine is a relative word

oldfart

Any particular problems you're having or have you briefly used Pidgin in 2008 and think nothing has improved since then?

callcc

What's your problem with xmpp?

Possibly linux

It is text only for the most part

poVoq , edited

It's not. Emoji reactions, stickers, audio-messages, audio/video calls are all supported by modern XMPP clients with smaller caveats depending on the client.

poVoq

https://snikket.org/ (xmpp based) is perfect for that. Matrix will work, but you will likely reach the limits of your Raspi with it fairly soon if you allow federation with other servers.

adr1an

E2E is complicated, if you self-host for a group, having TLS and encrypting data at rest (storage) may be enough. Get a threat model. That being said, I would recommend snikket.org which is a superset of extensions over XMPP which is the open source IM that was the base of almost every app out there. Matrix and Rocket are both alright too. Depends too on your resources, synapse requires too much RAM (or so I heard)

Thomas

Yes, XMPP with proper TLS on the server side and Conversations or one of its forks (preferably fetched from F-Droid) using OMEMO encryption should be good enough. If you are brave or paranoid, give Tox a try: https://tox.chat/

diamond_shield , edited

Except tox's graphical clients aren't mainteined anymore

adr1an

Ah, docker-mailserver and delta.chat could also be great for your case!!

Im_old

I've been using matrix for years to this purpose, but moving to xmpp/prosody now

DARbarian

Can I ask why you're switching?

Im_old

No.

Yeah ok. First of all, because I can 😁. I mean z what's good being an IT nerd if I can't change stuff when I want?

Jokes aside, I've been reading more recently on matrix and looks like there are some security issues in the design of the app/protocol. I'm on mobile now, I'll look for sources when I'm on pc. Also I don't like that it is a server centric system (so data is primarily on the server instead of the clients). Also it takes more resources than I was expecting. For less than 10 users I can't have less than 4gb of ram (on a dedicated debian server, running docker) or it swaps so much it kills the system.

So basically I'm testing out if xmpp is a better system for those issues.

chordsphere1 , edited

Conversations being paid on the google play store is what's stopping me from going xmpp... I can't just say "message me via xmpp, you can use the Conversations app". Now I'd have to explain what F-Droid is and why would they even get another app store and enable "unknown apps". it's not doable. I remember telling my mom to install Signal (before I got into self hosting) because I deleted whatsapp and she got angry like she worked for the zuck, saying "what do you mean you don't use whatsapp" with an astonished face, started lecturing me on why I was destroying my social life... That just made me realize right now they probably wouldn't download conversations either...welp I just wanted to share

Im_old

I know exactly what you mean. Just for general information, I've found another android client that I think it's better than Conversations. It's called Monocles chat (and it's on f-droid). On matrix/xmpp I install the whatsapp bridge. I can convert a few close family members but no way everyone. For me it's an acceptable compromise. I get the close members to use my servers/apps, everyone else through the bridge so I can at least have all the chat in one place

mcmodknower [OP]

What clients will you use for xmpp/prosody?

poVoq

The easiest is to use the clients officially rebranded for Snikket, but there is a good overview on modern clients on https://joinjabber.org

Im_old

Gajim on pc (I use arch btw - well endeavourOS because I can't be bothered) and don't remember what on android (there is the full list or clients and capabilities on xmpp.org)

peregus

How do you convince your family/friends to switch to a new app on their smartphone and use one just to talk with you/others in the crew?

@mcmodknower@programming.dev

Im_old

Frienda no, but I do use whatsapp bridges so I can have all conversations in one place.

Family with extreme nagging, and because I'm the IT guy of the house so they kinda trust me/can't be bothered to try and out-talk me.

peregus

WhatsApp bridge? How does it work?

Im_old

The chat server (matrix and xmpp have different ones, but same functionality) that act like a whatsapp desktop client. Have you ever run whatsapp desktop client on your pc, where you have to pair it with your phone? Same thing, but you do it withing a special "bridge" (usually as a bot) in matrix or xmpp. So you get all the messages in one place. But it doesn't work for calls, just for messages.

peregus

I've never heard about those bridges, thanks! I'll have a look.

mcmodknower [OP]

My dad suggested me this after i told him about the new upload filters the eu is thinking about. Here is a link to a german blog post about it: https://netzpolitik.org/2024/anlasslose-massenueberwachung-frankreich-wackelt-in-der-ablehnung-der-chatkontrolle/#dokument

Neon 🇺🇦🇪🇺🇹🇼🇮🇱 , edited

Any Reason Signal doesn't do it?

Selfhosted isn't always the Best option

Rebellious Trickster , edited

Ideally, SimpleX (https://simplex.chat/). Session is nice, but less secure (https://getsession.org/). Delta Chat (https://delta.chat/en/) will be secure enough, and the most familiar visually. Lastly, XMPP is a great solution as well.

teawrecks

What makes session less secure? This is the first I've heard of it.

EngineerGaming

I am suspicious of it because you pretty much cannot host a node. Well, you can - but you'd have to deposit an INSANE amount of money (like $2k or something). While Simplex, even though I do have a concern with its initial centralization by the power of default, is decidedly easy to selfhost.

Rebellious Trickster

Session has user IDs, the so-called "sessions".

teawrecks

Simplex is the first platform I've heard of that doesn't use IDs (which doesn't make much sense to me, practically, but sure). So would you say everything is less secure than simplex?

Rebellious Trickster

I say it depends on what you are looking for. Depends on your "threat model" – among other things.

For example, if you are looking for something more private (smaller chance on linking identities with digital footprint, smaller chance on identifying a person, etc), I suggest SimpleX. They also have a great protocol. Their white paper is worth reading as well. But it might be a little challenging for non-tech people. And the thing is still in development.

If you don't mind Session's IDs (after all you can still store them somewhere and change them), it's a good one. The protocol is promising, and they have a nice white paper. Unlike SimpleX, it's much easier to set up for a non-tech person, although it's also in development.

XMPP (Conversations, Monal, etc) rely on a well-known technology, and it is stable. And the interface doesn't scream "hacking", " techy" etc.

Lastly, Delta Chat is also a nice project, with a well-known record. The interface looks super convenient and familiar. And the functionality is feature-rich enough in case you want to doe something special.

I would say the thing with IDs (or absence of IDs) is yet another layer that ensures privacy and security. But all of the apps are secure enough. Even Signal is secure enough if you don't mind exposing your phone number.

I guess the real question is about convenience. That is, knowing about SimpleX, Session, XMPP, and DeltaChat, which one is convenient, private enough, and secure enough for your particular case.

drspod , edited

Deleted by author

Rebellious Trickster

Sorry, didn't mean to.

youmaynotknow , edited

I just have my kids, wife, close friends and in-laws on SimpleX.

Sure, some of them use mainstream stuff as well, but if they want to reach me, that's their only option.

Matrix is a pretty good choice for self-hosted. The reason I don't do it is because I've become lazy lately.

Possibly linux

Matrix has issues and can be a pain

MonkderDritte

Matrix or XMPP.

cryptix

Is it fast on a raspberry pi?

MonkderDritte

Uh, don't know. XMPP likely yes.

Possibly linux

Nothing is going to be fast on a raspberry pi.

felbane

Ok that's just not true at all.

Core temps ramp up astonishingly fast on RPi!

*ducks*

pewgar_seemsimandroid

minceraft

ogarcia

I recommend Matrix with the Conduit server. This server requires almost no resources and even runs on a Raspberry Pi.

Cinny works perfectly as a desktop client (in case you want to escape from the ubiquitous Element). And for mobile I would use Element for Android/iOS although FluffyChat also works very well.

Flax

Conduit seems to have next to no docs on actually installing it for some reason.

ogarcia

They are very focused on development and therefore the documentation is a bit sparse (maybe).

The truth is that it is not very complicated to install. It is simply to download the binary (it is statically compiled so it has no dependencies) place it in /usr/bin and execute it (the best is to create a user in the machine with the home in /var/lib/conduit and then launch it with systemd).

Another option is to simply launch it with docker.

In any case, if you have problems, comment it here and we will look to see what could be happening.

Lumisal

This is nice to know. Cinny looks beautiful from a UX perspective, wish they made an app too. Not enough good UX in open source stuff.

ogarcia

Yes, without a doubt, for me it is the most balanced client, a pity that there is not for Android, but well, in mobile Element does not give problems either.

theorangeninja
timbuck2themoon

Dendrite iirc is essentially in maintenance mode. I run a small one but I don't think it's expected to get any new features until there is more funding.

foremanguy

For me you can try to host a SimpleX server and then connect to it (with SimpleX it is pretty as much secure to run its one server than use a public one).

Or maybe use XMPP but try to use a good encryption protocol. This option is great in term of power efficiency, XMPP would run great on a RasPI

EngineerGaming

Did you have trouble setting up XFTP one? SMP was fine but XFTP seemed to have some error in the systemd settings provided in the manual.

derbolle

matrix should cover everything you need with the added bonus that you can chat with people from other instances

Possibly linux

I just wish it was more secure and performant

Churbleyimyam

You could try Jami. It's peer to peer, so essentially any participants are self-hosting it. Its E2E encrypted, supports group messaging, voice and video calling, has easily 'linkable' mobile and desktop apps for all platforms and requires no email address or phone number to use. It's also the only messenger I'm aware of which is endorsed by the Free Software Foundation. I highly recommend it 👌

Mango

Edible paper, lemon juice, and hair dryers.

mcmodknower [OP]

My threat model is not that big :)

Mango

I guess you're not a furry then.

bastion

*licks the edible paper, but it tastes like plant*

*meows*

Mike Wooskey

Matrix is good, secure, very versatile, Foss, and easy to use, but I think not easy to set up or manage.

philpo

Depends. If you use an intermediary layer like Yunohost/Cloudron/etc. or now your way around docker it's manageable easily.

Possibly linux , edited

Simplex chat would work

However, I wouldn't host on a Raspberry Pi or even at home for that matter. Get a VPS and host it there. Linode even has a one click app install for Simplex Chat

matcha_addict

Why not host at home?

Possibly linux , edited

To much risk and you won't have as much uptime.

matcha_addict

Whats the risk? My uptime is pretty good and I host from home.

geography082

Still no suggestion that has wide cross platform and it’s just simple . Matrix has that all . So for now I choose matrix and clients

poVoq

Lol, Snikket/xmpp has been suggested multiple times, and it is as good if not better regarding "wide cross platform" support. To get the same with Matrix you basically have to use a web-client or Electron, while XMPP has very efficient native clients.

iarigby

just looked it up and couldn’t find a decent client for ios. There was Monal but it looks more like a draft rather than a finished application. Things don’t even have padding or margins. The snikket one I won’t even mention, you can’t expect people to use something that gives them visual discomfort.

ambitiousslab

I originally suggested Monal to my friend (who is quite into iOS and really appreciates a well designed application) and she found the same, but then she tried Siskin, and was happy enough to use it to this day.

poVoq

Visual discomfort because it looks like an slightly older app? What kind of issue is that???

And Monal has improved a lot in recent months, the current version is mostly fine.

gaylord_fartmaster

Visual discomfort because it looks like an slightly older app? What kind of issue is that???

You've met an iOS user.

danl

…exactly the kind that discourages 60-something, non-technical family members.

poVoq

It discourages 60-something nontechnical family members that the app looks like WhatsApp? Are you being serious?

bss03

The other suggestions are probably better, but you can technically self-host Wire (from Wire Gmbh) but I've never done it successfully.

danhab99

Rocket chat is like slack but FOSS.. haven't tried it myself but it could be something

OSH

Not FOSS anymore. More like open core these days.

Lemmchen

Not E2EE though, or at least not fully.

danhab99

I mean if it's just a private server for just the people he knows then I don't get why this would be a concern, but if it is to mitigate family drama then rocket chat definitely has end-to-end encryption https://docs.rocket.chat/use-rocket.chat/workspace-administration/settings/e2e-encryption

kugmo

I know it's not self hosted but why not Signal? Matrix is demanding on a SBC and your family would probably get the 'unable to decrypt message, please re-verify keys' error that happens in encrypted matrix group chats and Element does not have the best UI especially if you want your grandma to use it.

philpo

Very unlikely by now, these issues have been adressed a while ago.

Senshi , edited

What's your source on the reverify thing? I use matrix a lot, and this hasn't been an issue I ever experienced anymore since they introduced cross-signing a couple years ago.

Same goes for the common clients such as element. It has been clunky in the past, but after the past major overhauls ( also years ago now) everything has been silky smooth for me, if not better than others. The one thing left I prefer from Signal is the one-time photo share.

Matrix is great, clients are great too, only the server part still is annoyingly complicated and messy. Would only recommend that for tinkerers, on that case it's a great path to learning about the complexity of addressing lots of security concerns that others gloss over.

Edit: to add - there's a reason why the French government and the German military decided to build their secure internal IM infrastructure on Matrix. Obviously they are hosting their own private network, but if the concept is good enough for European government and military, it is an indicator for quality especially in terms of security and privacy.

pewgar_seemsimandroid

i had slightly issues with the failed to decrypt on element, just on a chat where the other person left

PlutoniumAcid

Mattermost runs as a Docker container and is excellent. You can create channels and groups which is incredibly useful.

SteelCorrelation

Mattermost is a lot like Slack, right?

kurcatovium

Yes.

Lemmchen , edited

Mattermost does not have E2EE to my knowledge.

iso

Can we use group meeting in self hosted version?

mcmodknower [OP]

Is there e2e encryption available for mattermost that normies can use?

OSH

Zulip hit's the sweet spot for me, as it's pretty straight forward to use and not too many bangs and whistle's.

Alternatively I'm also very happy with signal for communicating with other ones where Idon't have to vother about user management too much.

ᕙ(⇀‸↼‶)ᕗ

also: that has a client that works on android tv.

Decronym , edited

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
IP Internet Protocol
RPi Raspberry Pi brand of SBC
SBC Single-Board Computer
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL
VPS Virtual Private Server (opposed to shared hosting)
XMPP Extensible Messaging and Presence Protocol ('Jabber') for open instant messaging

5 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

[Thread #809 for this sub, first seen 16th Jun 2024, 15:45] [[FAQ](http://decronym.xyz/)] [[Full list](http://decronym.xyz/acronyms/selfhosted@lemmy_world)] [[Contact](https://hachyderm.io/@Two9A)] [Source code]

Nine

XMPP is fantastic IMHO

If you want to support a great project and have great uptime check out conversations.im

I don’t recommend self hosting something you want available all the time. That being said everyone has different needs/uses 😊

helenslunch

Matrix is fine but quite slow. Has excellent clients and is feature rich.

There's also an app called Circles that turns your Matrix chats into a social feed.

XMPP is fine but the available clients are outdated and ugly.

Session is also self-hostable and anonymous.

callcc

Not true about xmpp in general. There are modern clients out there.

helenslunch

Prove it

ambitiousslab , edited

Just for reference, here are my favourites on each platform.

Each support modern XMPP extensions, interoperate very nicely with each other, and (at least in my opinion) look good!

poVoq , edited

https://gajim.org/post/2024-06-10-gajim-1.9.0-released/ looks great these days. Give it a try.

https://movim.eu is also a really nice looking modern webclient

helenslunch

Gajim looks like it runs on windows XP. Movim does not appear to be a client.

poVoq

Lol, what? Did you download an old version or are you just trolling?

And of course Movim is a client, a web-client like I wrote.

philpo

Matrix is slow on large instances, but that's not the case here, especially if no federation is done.

And the issue with sluggishness is currently the main development focus with ElementX/matrixX that will become mainstream matrix soon. With that even the large instances are extremely fast.

helenslunch

Matrix is slow everywhere. Anyone who says otherwise is *lying*. Element X is also super slow. Waiting 5-10 secs for messages to appear every time I open the app. I know what I'm talking about.

philpo

And on which instance did you experience that?

helenslunch

All of them

philpo

Thanks for confirming that you're full of shit.

Because there are very very few Sliding Synch (which is the part of X that makes it faster) instances at the moment and only one that has a major userbase.....

Qkall , edited

Self host beeper... I love matrix but people struggle with maintaining a key and password .. beeper simplifies this and has other chat protocols (bridges) that might entice normies.

fmstrat

Those are Matrix bridges. Beeper is a skin over matrix.

Evotech

Matrix and beeper

Qkall

Im aware, I'm specifically speaking about the log in process being simpler for most people on beeper vs matrix. I use beeper thru nheko, as you said it's just matrix. But less work for the end user

Presi300

Telegram

matcha_addict

Not self hostable and not secure by default.

EngineerGaming

Effectively not encrypted, requires a smartphone, can be anal about bans, etc.