• Viktorian@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      It is just closer to WhatsApp. What Matrix does, especially with regards to enabling true multi-device support, is quite complex overall and sometimes causes issues with keys for decrypting messages not arriving on all devices. Signal is more limited but it just works a lot better. Small but important extra: Signal supports fully encrypted voice and video chats.

      Full disclosure: I personally also prefer Matrix because I use it with multiple devices. I don’t want to install desktop apps for these services and Element runs in the browser while Signal does not.

      • Communist@beehaw.org
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        Ah, so, what it really seems to come down to is that since it’s centralized, it’s easier to make it work for everyone, no?

        • Viktorian@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Being centralized isn’t the only reason, but basically yes. The concept behind the protocol is simpler because your decryption keys only ever live on one device. You don’t really have the entire trust (and key sharing) model for devices that Matrix has. Signal’s desktop app works very similarly to WhatsApp where your single main device needs to be connected at least intermittently for “guest” sessions to be able to send and receive messages. I haven’t used Signal desktop though, that was just the impression I got from it. Would make sense though because WhatsApp is allegedly borrowing from Signal’s protocol quite a bit.

    • MarionWheeler@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Well for one thing matrix clients on mobile are…not the best. Element X is looking promising, but it’s currently still in beta. Element misorders messages and crashes often, and most other clients are not as feature complete. Whereas in my experience Signal tends to just work. Plus for the average person it makes for a dead simple drop in replacement to WhatsApp or iMessage. Yes, the phone number requirement has led to issues with governments just blocking the sign up SMSes, but that is a tradeoff they make for convenience.

      Matrix also leaks more metadata in comparison to Signal (this is just how decentralization works). Not to mention that the recent vulnerabilities seem to suggest (in my opinion at least) that matrix cryptography is not as battle tested as the Signal protocol.

      Besides the observed implementation and specification errors, these vulnerabilities highlight a lack of a unified and formal approach to security guarantees in Matrix. Rather, the specification and its implementations seem to have grown “organically” with new sub-protocols adding new functionalities and thus inadvertently subverting the security guarantees of the core protocol. This suggests that, besides fixing the specific vulnerabilities reported here, the Matrix/Megolm specification will need to receive a formal security analysis to establish confidence in the design.

      Real world example: The university I study at promoted matrix as a way for students to chat at the start of the semester, and pushed them to use Element. Practically no one uses it, but I’ve met a few people who do chat with Signal.