@rootwyrm Last I checked the moderation tools were still nowhere near adequate, and that is a dealbreaker for me.
Discussion
Loading...
@mttaggart Huh, Stoat is that bad? It's the one I'm seeing people recommend.
@mttaggart You had me (discourse mangler/wrangler) at the opening meme.
Be more distracted.
@mttaggart FWIW, we've been using rocketchat for years at work with about 100 users and we haven't missed any of the paid features yet. The biggest downside is how hard they push you towards their "plans".
@mttaggart Nice! I thought about discord alternatives too!
@mttaggart what about the ones that don't have AI shoved down users' throats?
@admin I think you'll find the list refreshingly AI-free. While Discourse has plugins, they are optional and not default.
@mttaggart from rocket.chat's front page:
"AI-powered conversations
Automate the busywork, surface the right insights instantly, and keep your teams to drive
operational success."
@admin I would separate marketing hype from product reality. Again, optional modules and nothing doing in self-hosted.
@mttaggart A another knock against Matrix is the ordering of messages. I've been using it more recently, and I struggle to piece together a conversation because the messages are in the wrong order.
@mttaggart good list, but I don't think it's fair to Matrix today.
The CSAM attacks happened, but moderation tools have taken a big leap since. You can quite easily use a moderation bot that subscribes to public ban lists. This almost fully ends any generic spam.
Also you talk about matrix.org as "flagship server". Friends don't let friends use matrix.org. Use small/medium sized servers instead and you get better performance. Same applies to Mastodon - don't use mastodon.social, decentralize!
My main criticism would be the buggy mobile clients, and super slow migration from Element Classic to Element X. Element web/desktop are decent quality, but far from polished.
Oh and you don't even mention bridges. Other alternatives don't even try to support them. Bridges are a key feature.
The CSAM attacks happened, but moderation tools have taken a big leap since.
I would appreciate links to these new resources. Last I saw, Draupnir was still very much inadequate.
As for server choice, I think Mastodon itself is evidence of what a fussy server selection process can do to adoption.
This reply is written from the perspective of a computer enthusiast. Probably a volunteer sysadmin/self hoster—like me. We cannot be the target for a general alternative.
@mttaggart for example etke.cc offers a public draupnir instance: https://etke.cc/help/bots/draupnir/
That combined with good policy lists should be quite good against spam. Of course targeted attacks are harder to block.
Also I think I heard that in FOSDEM Element said that there will be some kind of server chooser at last.. IMO using matrix.org as default has been a bad choice. Of course a curated list of servers makes a handful of new problems.
Currently a list of open servers can be found at https://servers.joinmatrix.org/
you seem to be very knowledgeable and fair about all these, but I so want the answer to be #matrix cause it could also theoretically do all our messaging and video chat and even POTS eventually. I feel like if we want the less techy to embrace our world, it can't be just about switching apps yet again, but also must at least offer the possibility of eliminating the need for other apps. IDK.
@wjmaggos Matrix can be the answer! I was very optimistic, and I still think there's a lot to like. For private communities, I think it's wonderful. The problem arises in large public communities because of the lack of moderation tooling. Without that aspect of the platform, it's simply too dangerous to open the doors to the general internet.
@mttaggart this is fantastic!
I've had excellent experience with Discourse but haven't been part of one that has enabled chat. Have you had a chance to try it?
@shom I have. It's functional, but I wouldn't call it a first-class citizen yet. And as noted elsewhere E2EE is not a feature, so be aware of that.
@mttaggart the first company I worked for used Rocket.Chat for their IMs and it worked better than MS Teams or Google Chat, both of which I've used at later employers. Didn't look as flashy but it was far more stable. I really hope they stick with it for my old coworkers' sake.
@bretthaines It's very good! And their native federation protocol has entered general availability.
@32x33 I miss the CrankySec community, but I really don't miss Discord.
@mttaggart@infosec.exchange
Technically though Matrix is a more functional equivalent than Discourse.
@gme I'm not sure what criteria you're using, but for public communities it absolutely is not. The utter lack of moderation capability makes it unsafe for that use case. Private comms? Fine. But that's not really Discord's primary purpose.
@mttaggart@infosec.exchange When's the last time you used Matrix or Element? Because I'm staring at a user in one of my rooms and these look like moderation controls to me (as the room's owner/ creator):
@gme That is not what I'm talking about. When you run a community, moderation is per room, which doesn't scale in the least. The automation via bots like Draupnir is rudimentary at best, and incredibly hamfisted (especially for E2EE). Yes, I can take action on individual users. I cannot prevent attacks usefully at scale. And setting all of the additional tooling up for what does exist is the kind of sysadmin nightmare that Discord successfully abstracted away.
Meanwhile, Discourse has these tools out of the box. They serve different purposes, but I contend that for community building, one is far superior.
@mttaggart@infosec.exchange
> Meanwhile, Discourse has these tools out of the box. They serve different purposes, but I contend that for community building, one is far superior.
Couldn't agree with you more. I love Discourse (self-hosting) but the reality is for 99.9999% of Discord (not Discourse) users, Matrix is an open, private, and secure alternative.
To be fair, Discourse doesn't have E2EE either.
@gme Ah, but what has a community profited to gain E2EE, only to lose trust and safety? As always, "it depends," but IME a public Matrix server is just courting disaster.
@mttaggart I'll just go back to IRC. Wait I never left...
@mttaggart Stoat has actually moved SHOCKINGLY quickly and I would say it is easily 85%+ parity for the majority of users at this point. The biggest sticking point would probably be servers with >100 custom emojis or highly dependent on bots (which are relatively easy to port.)
@rootwyrm Last I checked the moderation tools were still nowhere near adequate, and that is a dealbreaker for me.
@mttaggart ah yeah if you manage big communities that might be a problem. For my 25 friends it doesn't really matter.
I tried it when it was still revolt and really liked it, but never actually made the move
@mttaggart most of Discord's power user moderation tools are reliant on third-party bots or demonstrably ineffective. Baseline moderation tools are at this point, 1:1 or better. Channel visibility can be set per-role, you can include a reason along with a ban. The UI could use some polish, but it's there.
most of Discord's power user moderation tools are reliant on third-party bots or demonstrably ineffective.
As an admin of a 3000+ user server, I strongly disagree. AutoMod is a lifesaver and I can't imagine running a public space without something equivalent.
@mttaggart I also admin on rather large servers. If Discord makes one more claim their 'automod' actually stops the hacked account spamming, I will stab that employee in the face.
It absolutely does not. Literally 99% of the 'moderation' I do, is cleaning up after spammers posting obvious phishing links in every single channel that their 'suspected spam' block continuously lets through.
@rootwyrm That's true, but the ability to create useful blocklists of terms limits the attacks to one per technique. The lists I have block the vast majority of attempts. If Stoat has that capacity, great.
@mttaggart uh oh what did they do now
@joenash Paternalism as a service: https://discord.com/press-releases/discord-launches-teen-by-default-settings-globally
Since I wrote this, many have introduced me to movim, and it's pretty slick! I'm still experimenting, but I like a lot of what I see. Still missing moderation tools for groups, though.
@mttaggart that actually looks like one of the best options you posted so far, have to look into that one!
@mttaggart Have you tried the streaming functionality? I have a small Discord community that uses the streaming features pretty often, and it'll be a hard to convince people to ditch Discord if streaming isn't very good.
@tehfishman I haven't, but I'm keen to.
Let me add that I am keenly aware of the cryptographic issues you are about to bring up about any of these options. I read and deeply respect the work of @soatok and others, and understand the concerns around OMEMO for XMPP, Matrix, etc.
Security is a balance between risk and value. I cannot decide for you what the right balance is, but I know from hard-won experience that building a community is about more than "perfect" security.