I tried all of the major Discord alternatives. Here's what I found:
Discussion
Loading...
Discussion
@mttaggart The Zulip docs and website needs better clarity and organization. It has built in moderation tools (https://zulip.com/help/moderating-open-organizations) and the Self Hosted plans only add push notifications for the mobile apps and product support. Everything else, including SSO via SAML, are included in the open source version for as many users as your server can handle. They even have decent docs related to scaling.
Thank you for the clarification. Yes, the documentation is excessively hard to follow. I will update the article with these changes. The moderation tools listed are not really up to par, imo, but at least there's a mention of them.
Also crazy that there are basically two separate docs sites.
@mttaggart Great list and good info. Would be interested to hear how you think modern Teamspeak stacks up too.
@katharta Both Teamspeak and Mumble can have roles to play in a community platform, but I don't think by themselves they constitute one.
@mttaggart This is very informative and well-written. Thank you for sharing your findings!
On the Matrix encryption thing: I heard you. I really do think that I found unencrypted data from encrypted rooms, but without proper time to test, I have removed that paragraph from the article.
@mttaggart you need to check/update the facts on Matrix. I don't think it's a fair review.
@cos Care to specify which parts?
@mttaggart the file encryption part. Either you have found a major security issue or it's not correct.
The CSAM attacks did happen, but there are now improvements to block such attacks in major rooms. Also there are publicly available moderation bots available which are quite good. Spam still happens, but much less than few months ago.
Matrix.org is big but not as big you think. For example my bot reports:
I'm seeing 10338 users in 79 rooms. Top ten homeservers (out of 616): hacklab.fi (2746 users, 26.6%), t2bot.io (2733 users, 26.4%), matrix.org (2436 users, 23.6%), irc.snt.utwente.nl (1025 users, 9.9%), pikaviestin.fi (310 users, 3.0%), ..
Of course it's impossible to do reliable statistics in decentralized network.
@cos Regarding encryption: https://infosec.exchange/@mttaggart/115498318612677739
As for moderation, I strongly disagree that what's available is "quite good," especially compared to alternatives.
As for the size of Matrix.org, I dunno: the size of their database alone speaks to some degree of scale.
@mttaggart Major correction for Matrix: if you upload attachments into an encrypted room then the attachment is encrypted. If you forward an attachment from an unencrypted room to an encrypted one then it depends on client behaviour (Element only encrypts the message and reuse the unencrypted attachment, while some other clients will encrypt and reupload the attachment). URL previews are requested by clients on the fly; only the URL is sent to the server and it is not linked to messages.
@austin Sorry, that's not accurate. I have direct evidence from my own Matrix server that I can view images from encrypted rooms, not forwarded, on my server.
@mttaggart @austin if this is the case one or more of the following is broken:
- someone's client
- the room state
- your server
i operate a public server and when i view media from encrypted rooms it's all well... encrypted
@mttaggart @austin that sounds like a client bug that you should probably report to security@matrix.org or the client's relevant security policy. Rather than report to the public internet
@austin Per the documentation, it's the client that does the encryption. So, anyone using a client that doesn't could result in what I've observed: being able to view images from encrypted rooms. https://matrix.org/docs/matrix-concepts/end-to-end-encryption/#encrypted-attachments
@mttaggart You'll have to show the evidence, because if I view source on an encrypted message and try to construct the download link from the MXC URI then it does give me an encrypted copy of the attachment.
@austin Try accessing from the media_store directly on the server. That's what I did. The server is down and I'm not interested in spinning up another one just for you.
@mttaggart On one hand there is nothing preventing any user sending unencrypted anything (or encrypted message with unencrypted attachment like how Element handles forwards or thumbnail bots) into an encrypted room because it's not the homeserver's job to enforce it; on the other hand you're trying to present an edge case, that you do not know how to reproduce, as standard behaviour, per your blog post. So it is on you to prove it one way or the other, with all due respect.
@austin As I mentioned elsewhere, I was under the impression this was known behavior. I didn't think I was claiming anything new. If I have time I will attempt to reproduce it later. But "it's not the homeserver's job" doesn't really make a strong argument for the security of Matrix, based on the established criteria. And if Element is the only trustworthy client, it also doesn't really improve decentralization.
Again, I will attempt to reproduce this issue when I can. But the bigger point about weird Matrix gotchas (and the complete lack of useful moderation/T&S tools) remains valid, I think.
2 more replies (not shown)
@mttaggart If you like discourse, the you'll definitely like @luceos 's #flarum
I would rather use fanzine lettercols using hand cut stencils and take them down to the post office for a weekly mailing.
@mttaggart What features do you miss in Revolt... I mean Stoat? Last time I tried it, it was pretty much on par with Discord. It was actually *very* much a UI clone of Discord. Did something change?
@collectifission @billseitz Literally all moderation features. Gotta think like an admin, not a user.
@mttaggart Ah, that's a fair point. I never delved too deep into that.
@mttaggart Man, I really love discourses slow and steady rise. My hot take is that forums are going to come back in a big way as a backlash to the current culture around chat apps and hyper centralized social media groups
bonfire.cafe
A space for Bonfire maintainers and contributors to communicate
Automatic federation enabled