I am searching for a selfhosted and secure (end to end encryption) chat platform for my family (5-20 users), possibly one i can host on a raspi.
Is matrix a good choice, or should i try something else?
I’ve been using matrix for years to this purpose, but moving to xmpp/prosody now
Can I ask why you’re switching?
No.
Yeah ok. First of all, because I can 😁. I mean z what’s good being an IT nerd if I can’t change stuff when I want?
Jokes aside, I’ve been reading more recently on matrix and looks like there are some security issues in the design of the app/protocol. I’m on mobile now, I’ll look for sources when I’m on pc. Also I don’t like that it is a server centric system (so data is primarily on the server instead of the clients). Also it takes more resources than I was expecting. For less than 10 users I can’t have less than 4gb of ram (on a dedicated debian server, running docker) or it swaps so much it kills the system.
So basically I’m testing out if xmpp is a better system for those issues.
Any Reason Signal doesn’t do it?
Selfhosted isn’t always the Best option
XMPP. It just works, requires very little resources, is stable and has decent clients.
I would go with Snikket instead of Prosody if I had been starting now.
Conversations on phones, Dino or Gajim on PCs, plus a conversejs install on the xmpp server, to allow web access when needed.
Conversations is easy for the family to figure out.
three main ones I’ve seen in this comment section are
• XMPP
• Matrix
• SimpleX
So all of these encrypt the conversations so not even the server admin can access them?
XMPP only does it with certain client extensions. And Matrix only does it when the rooms are set up this way. SimpleX does what you want, but is kind of unintuitive for the average user.
I say go with Signal, it does what you want and is idiot-proof.To be fair, pretty much all major XMPP clients have adopted OMEMO encryption, so doesn’t seem like much of an issue.
E2E is complicated, if you self-host for a group, having TLS and encrypting data at rest (storage) may be enough. Get a threat model. That being said, I would recommend snikket.org which is a superset of extensions over XMPP which is the open source IM that was the base of almost every app out there. Matrix and Rocket are both alright too. Depends too on your resources, synapse requires too much RAM (or so I heard)
Yes, XMPP with proper TLS on the server side and Conversations or one of its forks (preferably fetched from F-Droid) using OMEMO encryption should be good enough. If you are brave or paranoid, give Tox a try: https://tox.chat/
Except tox’s graphical clients aren’t maintained anymore