..on Tue, Jun 25, 2019 at 04:42:41PM +0100, Rory Byrne wrote: > FWIW, we experimented about a year ago with getting a three of our civil > society organisations running internally on Matrix (via Riot.im) vs > Mattermost. The main feedback against Matrix/Riot was UI/UX issues. A lot > of users just felt overwhelmed with the options around things like security > (of course personally I love that). So all of the orgs ended up going with > Mattermost. Which is still a decent system but obviously still lacks e2e > encryption at the moment I think.
Yes it does lack it. You need to trust the sysadmin (it's not a 'zero-knowledge'/trustless platform in that sense) and ensure there's solid on-disk encryption (say, AES-XTS block/cipher, 512bit key length). At-rest encryption at the database is an option, also. However, as Mattermost makes a mass migration from Slack so painless, and as being so easy to pick-up and use, it's more likely that folk will make use of it, rather than defaulting back to pro-surveillance corporate platforms. Cheers, Julian > > On Tue, 25 Jun 2019 at 15:37, Yonatan Miller <[email protected]> wrote: > > > What are your thoughts in terms of usability between setting up mattermost > > and riot for developer and non developer audiences? > > > > On Mon, Jun 24, 2019 at 10:12 PM Julian Oliver <[email protected]> > > wrote: > > > >> ..on Mon, Jun 24, 2019 at 12:28:26PM -0700, Yosem Companys wrote: > >> > Internet Freedom Festival uses Mattermost: > >> > > >> > > >> https://medium.com/iff-community-stories/were-not-a-conference-9cf252199652 > >> > >> > >> Definitely go with self-hosted Mattermost or RocketChat or RiotIM. The > >> former > >> FLOSS 'team edition' is *astonishingly* performant. I installed and > >> sysadmin a > >> server with many thousands of members (at risk groups) spanning over 160 > >> teams. > >> It's extra-ordinarily fast - barely expresses any load on the system, and > >> is > >> used heavily day in and out. > >> > >> Discord has among the worst privacy ToS in the chat space, openly > >> presenting > >> their service as a data harvest for downstream buyers. > >> > >> "By uploading, distributing, transmitting or otherwise using Your Content > >> with > >> the Service, you grant to us a perpetual, nonexclusive, transferable, > >> royalty-free, sublicensable, and worldwide license to use, host, > >> reproduce, > >> modify, adapt, publish, translate, create derivative works from, > >> distribute, > >> perform, and display Your Content in connection with operating and > >> providing the > >> Service." > >> > >> https://discordapp.com/terms > >> > >> Discord are actually even worse than Slack as regards our basic rights > >> online, > >> which is itself quite an achievement. Not sure I can think of a worse > >> partner > >> for mass team chat! > >> > >> Cheers, > >> > >> Julian > >> > >> > > >> > > >> > On Mon, Jun 24, 2019 at 12:14 PM Petter Ericson <[email protected]> > >> wrote: > >> > > >> > > On 24 juni, 2019 - axel simon wrote: > >> > > > >> > > > On Sun, Jun 23, 2019 at 10:17:02PM -0700, Yosem Companys wrote: > >> > > > > Discord: what Facebook is trying to become. > >> > > > > > >> > > > >> https://www.theatlantic.com/technology/archive/2019/03/how-discord-went-mainstream-influencers/584671/ > >> > > > > > >> > > > > Why to switch from Google Chrome to Mozilla Firefox. > >> > > > > > >> > > > >> https://www.siliconvalley.com/2019/06/21/google-chrome-has-become-surveillance-software-its-time-to-switch/ > >> > > > > > >> > > > > >> > > > Hi, > >> > > > Discord is interesting in that it's popular and offers people the > >> > > possibility to have their own community (which they call "server", I > >> > > believe), but there's nothing free and open source about it. > >> > > > >> > > As of this writing, Discord has, as if to prove this point, been > >> globally > >> > > unavailable due to Cloudflare issues. > >> > > > >> > > > Matrix, and its main client Riot, are much more interesting to me > >> > > currently, as they are (ambitiously) trying to solve multiple > >> problems at > >> > > once: a modern chat system, with voice and video and file sharing, > >> with > >> > > end-to-end cryptography, while maintaining a decentralised network > >> > > architecture so that anyone can run their own instance, join and > >> federate > >> > > with the rest. > >> > > > >> > > Well, to harp on about long lost battles - XMPP did it first. I firmly > >> > > believe that if all the effort spent on Matrix clients had instead > >> been put > >> > > into improving XMPP, then it would far surpass the current standards > >> of > >> > > both. Even so, XMPP is the protocol with several independent and > >> mutually > >> > > compatible server _and_ client implementations, as well a > >> well-established > >> > > protocol (and protocol extension process). > >> > > > >> > > > Current versions of Riot might not be entirely as slick as Discord, > >> but > >> > > they are getting better and they are very usable. > >> > > > Incidently, Matrix has bridges to connect to other chat network (and > >> > > ideally, bridge them together, hence the name), and can bridge to > >> Discord. > >> > > So there's a possibility of getting everyone to play nice with each > >> other. > >> > > > >> > > Bridging has, time and again, shown itself to be a Much Harder Problem > >> > > than may be apparent, with massive amounts of boring corner cases and > >> > > exceptions. We'll see. > >> > > > > >> > > > Regarding Firefox vs. Chrome, Firefox has been the only browser > >> (with > >> > > any relevant market share) that isn't the product of a for profit > >> company > >> > > for a while. While Mozilla have made questionable descisions at time > >> (and > >> > > outright mistakes at others), that alone should be a strong argument > >> to > >> > > consider where one gets their browser from. I recall reading a > >> statement in > >> > > an article around Chrome's release about 10 years ago by then-CEO Eric > >> > > Schmidt explaining that at the end of the day, if you want to be able > >> to > >> > > really control and see what users are doing, you need your own > >> browser. > >> > > This was when people couldn't quite understand why Google would build > >> its > >> > > own browser when Firefox had manage to end the Internet Explorer dead > >> lock > >> > > and they had a good relationship. > >> > > > That passage really stayed with me (and if anyone were to find it, > >> I'd > >> > > be very greatful, I can't seem to do so). > >> > > > > >> > > > So yes, it's not that surprising that, when push comes to shove, the > >> > > engineering teams working on Chrome have to bow to the business > >> priorities > >> > > of Google, the world's (more or less) biggest advertisement company. > >> > > > >> > > I'm in complete agreement. > >> > > > >> > > > Cheers, > >> > > > > >> > > > axel > >> > > > > >> > > > -- > >> > > > axel simon > >> > > > mail/matrix: [email protected] > >> > > > twitter: @axelsimon > >> > > > > >> > > > -- > >> > > > Liberationtech is public & archives are searchable from any major > >> > > commercial search engine. Violations of list guidelines will get you > >> > > moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, > >> > > change to digest mode, or change password by emailing > >> > > [email protected]. > >> > > > >> > > -- > >> > > Petter Ericson ([email protected]) > >> > > > >> > > -- > >> > > Liberationtech is public & archives are searchable from any major > >> > > commercial search engine. Violations of list guidelines will get you > >> > > moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, > >> > > change to digest mode, or change password by emailing > >> > > [email protected]. > >> > >> > -- > >> > Liberationtech is public & archives are searchable from any major > >> commercial search engine. Violations of list guidelines will get you > >> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, > >> change to digest mode, or change password by emailing > >> [email protected]. > >> > >> > >> -- > >> Julian Oliver > >> https://julianoliver.com > >> https://criticalengineering.org > >> PGP https://julianoliver.com/key.asc > >> Beware the auto-complete life > >> > >> > >> -- > >> Liberationtech is public & archives are searchable from any major > >> commercial search engine. Violations of list guidelines will get you > >> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, > >> change to digest mode, or change password by emailing > >> [email protected]. > > > > -- > > Liberationtech is public & archives are searchable from any major > > commercial search engine. Violations of list guidelines will get you > > moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, > > change to digest mode, or change password by emailing > > [email protected]. > > > > -- > Rory Byrne > CEO & Co-Founder, > Security First. > > Checkout our new, free online digital security training courses at: > https://advocacyassembly.org/en/partners/securityfirst/ > > Download Umbrella App on Android from: > Google Play Store: > https://play.google.com/store/apps/details?id=org.secfirst.umbrella > > Amazon App Store: > https://www.amazon.com/Security-First-Umbrella-made-easy/dp/B01AKN9M1Y > > F-Droid Repo: > https://secfirst.org/fdroid/repo > F-Droid Fingerprint: > 39EB57052F8D684514176819D1645F6A0A7BD943DBC31AB101949006AC0BC228 > > Github Repo: > https://github.com/securityfirst > > Mobile: +44 (0) 79 80489841 > [email protected] > Skype: rorymbyrne > Twitter: @_SecurityFirst > Facebook.com/secfirst.org > Keybase.io/rorybyrne > Peerio: rorybyrne > PGP: 2C1D3B4D (3354 4E0E 69FB 21A1 1D66 1763 FFB9 B5BE 2C1D 3B4D) > XMPP: [email protected] <[email protected]> > OTR: (9CBC6FA9 BA4F508D DAD41939 E549A481 BACA2F70) > > ---------------------------- > Global Security First Ltd. Company Number: 08737382. > Registered Office: Ground Floor, 2 Woodberry Grove, London, N12 0DR, UK. > > ***** Email confidentiality notice ***** > This e-mail and any files and attachments transmitted with it are > confidential and/or privileged. They are intended solely for the use of the > intended recipient. If you are not the intended recipient, please note that > any review, dissemination, disclosure, alteration, printing, circulation or > transmission of this e-mail and/or any file or attachment transmitted with > it, is prohibited and may be unlawful. Please contact the sender and/or > [email protected] if you believe you have received this email in error - > then delete the email. Global Security First Ltd may monitor email traffic > data and also the content of this email for the purposes of security. > > Please consider the security of the information and the environment before > printing this email. > -- > Liberationtech is public & archives are searchable from any major commercial > search engine. Violations of list guidelines will get you moderated: > https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest > mode, or change password by emailing [email protected]. -- Julian Oliver https://julianoliver.com https://criticalengineering.org PGP https://julianoliver.com/key.asc Beware the auto-complete life -- Liberationtech is public & archives are searchable from any major commercial search engine. Violations of list guidelines will get you moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest mode, or change password by emailing [email protected].
