@anthropy I'd have been such a simple fix UI-wise even... Or just ignore e2ee verification entirely for users who won't understand the need or purpose for such a feature. Just go for blind trust and have verification be optional - the chance they actually got MITMd is kinda low anyway.

So... key syncing is a client-specific thing? There's no main protocol for it? I'll admit, the notion of sending something like decryption keys over the network is a very spicy notion, but I'm also getting the impression it may be unavoidable.

@anthropy An "reattempt to fetch keys" button would work, then?

So how does that work? There's an encrypted store on the server that stores the receiving keys for e2ee messages? And the clients sync the keys through there? What the client is missing is it not trying to sync older keys when it should?

As for security UX, I mean... It could've just said: "If you have another way to reach this user, you may send them this string (of emojis, even?) and ask them to check if it's the same on their side. This way you know you are speaking to the same person. This is most secure if done in-person."

There. That'd have solved my issue at the time, instead of pushing me to do some mystery thing that doesn't work

@anthropy My first experience with Matrix was Element very strongly pushing you to "verify" your connection.

The client fundamentally did not explain that that had to be done out-of-band. I did not, at the time, understand the very concept of verifying an e2ee connection.

And like... how does an overloaded server prevent a message from being decrypted? If it can't serve up the keys immediately that's fine, I can wait, but like... There's no guarantee in the protocol that it'll happen eventually?

@anthropy There's XEPs for message carbons and message archiving - those are a thing. If there's no hosted history, I as a user hadn't noticed yet. It's just... always an endless list of janky XEPs for every feature.

It'd be a fundamental advantage, I think, if there's an effort to pull as much functionality as possible in larger core feature sets as opposed to being stuck in hundreds of tiny modules that sometimes compete.

Funding will probably happen now that there's even some government services and companies adopting Matrix for internal communication (haha... ha... makes it more likely, at least.)

Governance... I guess you could semi-realistically maintain a fork? You'd be building off of a solid foundation instead of a blank slate, and could have some good cross-talk between the fork and the official one for compatibility? Maybe pulling features from one into the other?

I find it funny that the issues you cite are very much not the ones I've heard about

@anthropy Hosted history is an essential core feature to me.

XMPP has that... to an extent... But it's janky, and it seems every modern feature is stuck in XEP hell

@anthropy I guess my question is... Are the issues that it has inherent to fundamental decisions in the protocol?

Or are they, like, fixable? And we need to just suck it up and put in the work?

@anthropy The big, big critique I keep hearing about Matrix is that its protocol is just so complex, stemming mainly from its data model being an eventually-consistent event-sourced sequence of message synced across the home servers of all participants... That correct?

(That and all the custom crypto that such a set-up involves.)

@anthropy Like... it really seems Matrix is "the one" in terms of the momentum it has behind it.

I cannot currently think of any federated messaging system that has as much momentum behind it as Matrix - except maybe XMPP and SMTP at the moment.

@anthropy I must admit I just don't really know Matrix well enough to properly critique it.

Solution: use Matrix more.

@anthropy Because they’re not looking for federation or privacy, really

They just want Discord without it being Discord, but it doesn’t have people on it, so really they just want Discord

I’d personally see video calls and presence features in Forum-like software - but I’ve already been told in no uncertain terms that people just really don’t wanna use forums anymore.

What problem are we actually trying to solve, here?

@anthropy I wonder what'd happen if I said "I'm only hosting these RPG games in Mumble now"

...I'd probably get no more RPG players.

...I totally should play online TTRPGs through Fedi shouldn't I.

...ok that sounds fun.

@anthropy Ugh. Socially invested way too deep into Discord... Leaving it means saying goodbye to friends, I fear.

@anthropy Right, that does sound like a DMA and interoperability thing.

@anthropy Yeah I kinda need the financial stuff... Gosh, why is our tech landscape such a disaster that you have to get all cozy with Google just to do banking in ways entirely unrelated to that company.

I guess I'll just swallow it for now and accept that FairPhone is still a relatively good compromise - but if a bank came along that did accept people actually having some control over their devices, I should maybe switch.

@anthropy "some things" possibly including banking apps?

Huh, that's fascinating, that if you get it pre-installed the special snowflake apps get less fussy about it. Does the manufacturer have some kinda signing key to do that that consumers don't?

...

...also I can totally 3D-print stuff for this thing can't I.

@anthropy So you like the hardware.. That's usually the big'ol sticking point with older FairPhones. Huh. I might actually get one - my current iPhone is really on its last legs at the moment.

/e/-os comes with it standard?

@anthropy Also, how are you liking the FP6?

@anthropy Holy crap, the Google stuff really eats up that much?