Can you guys suggest some reliable and secure selfhosted IM service? I’m kinda in a very bad spot right now, so any centralized messaging wouldn’t really work. And yeah, state sponsored mass surveillance is a question of concern. Sorry for odd phrasing, just really at a loss.

I heard of matrix, XMPP (heard good things about snikket.org), SimpleX and even some IRC wizardry over TOR. And I actually tried matrix (synapse server), but found it not reliable enough - sometimes skips a notification, periodic troubles with logging in, weird lack of voice calls on mobile client, and some other irritating, tiny hiccups. I’m open to any suggestion, really, even open to trying matrix once again. Just, please, describe why you think one option is better than the other.

And just FYI, use case is simply texting with friends and family, while avoiding state monitoring. Nothing nefarious

  • DaGeek247@fedia.io
    131·
    6 hours ago

    And just FYI, use case is simply texting with friends and family, while avoiding state monitoring.

    Signal. There’s nothing better for security, ease of use, and features. It’s a drop in replacement for texts and imessage and facetime.

    • N0cT4rtle@lemmy.zipOPEnglish
      3·
      6 hours ago

      Thanks for reply. Unfortunately, we can’t use it, should be exclusively selfhosted service :( I do like Signal, tho, great app

      • DaGeek247@fedia.io
        21·
        5 hours ago

        That’s rough. Signal is the only app that can actually be trusted to resist state monitoring because it has a successful history of it.

        I guess another option to throw into the pool is https://docs.cwtch.im/ then. It’s new though, and not as easy to use.

        • non_burglar@lemmy.worldEnglish
          12·
          5 hours ago

          Be aware that the Signal Foundation still runs servers for the signal service. If a state actor compromises them, e2ee is no longer guaranteed.

          • Jul (they/she)@piefed.blahaj.zoneEnglish
            11·
            3 hours ago

            It’s unlikely encryption would be compromised since the keys never leave the device. The user’s device would have to be compromised for that. Decrypting messages on Signal servers without the keys takes too many resources to be feasible en masse, even for a state actor. And the current app has no method to transfer those private/decryption keys.

            But Signal is not private. It is only secure. Two totally different things. A bad actor could uniquely identify a user and what users they have communicated with and how often, just not the content of the messages. That metadata is stored on the Signal servers and the company has access. That is the tradeoff for ease of use and keeping malicious accounts to a minimum vs an anonymous IM app.

            • non_burglar@lemmy.worldEnglish
              2·
              39 minutes ago

              Op specifically asked about a self-hosted option. I think it was fair to comment that Signal wouldn’t satisfy this requirement.