Poll: Switching from WhatsApp

1004 points by ColinWright ↗ HN
So many choices, so much discussion. Looking for the "Wisdom of the Crowd" from the HN community. Other options in the comments would be welcome

971 comments

[ 3.0 ms ] story [ 386 ms ] thread
zom?
Telegram is a downgrade in terms of both security and privacy. Just leaving the comment for people who consider it. It's an excellent platform and a joy to use but I personally refuse to use it.
how? I thought they where the first ones to implement e2e encryption?
It is not default option there. End users need to always remember that they need to use „Secret chats“
(comment deleted)
- Weird hand-rolled crypto protocol of questionable quality (MTProto). Probably fine in practice, but leaves a bad taste in your mouth, and their marketing to prove it made it worse. It has been through a few revisions since initial scrutiny.

- Only Secret Chats are E2EE. Normal use is just subject to transport encryption. However, this is true for any platform with server-side chat history.

"leaves a bad taste in your mouth" - May be you should not try to eat a protocol ?
I'm unsure if you're unfamiliar with this phrasing or are simply trolling.

If the latter, well played.

Their e2e encryption only applies to 1-to-1 communication in the form of Secret Chats, which can be opened from a menu multiple clicks away. Default chats and group chats are not e2e encrypted and contents are fully visible to Telegram. This however enables lot of the features Telegram has that Whatsapp/Signal do not (seamless use with multiple clients, powerful search, history is retained after switching phones etc..)
They lied. Or are technically incompetent. Or both.
Downgrade in terms of privacy from WhatsApp? Some explanation is needed for such a bold statement.
Much worse protocol, but much better company.
... but still a company that you have to "trust". I'd rather have a protocol that will allow me to not trust anyone and still be secure/private by default.
Then use neither. No protocol allows you to not trust the implementor, and WhatsApp has shown signs of accessing keys.
I think they’re referring to the encryption. Group chats can’t be encrypted end-to-end, direct messages aren’t by default, and the direct messages that are encrypted (”secret chats”) aren’t available on the desktop client.
I'm referring to two things(although really just one) here - WhatsApp claims to store messages only as long as they are undelivered, after which they are purged from their servers. Even if they are retained, they are e2e encrypted. Telegram on the other hand, from what I can see, store all messages in plaintext or in an encrypted-at-rest form where they control and have access to the keys. It comes down to whether I trust them, and I have no reason to.

- Tying back into the encryption point, in the event of a breach or an MITM, whoever intercepts or accesses WhatsApp messages will get encrypted dumps, while my Telegram messages are pretty much going to be in plaintext.

Also adding to this, there is certainly more nuance to it and WhatsApp is certainly far from perfect in that you still trust them to implement E2EE correctly without incompetence or malice, and then there's the whole other issue of their cloud backups being entirely unencrypted by design. Thankfully the latter can be turned off for now.
> they are e2e encrypted

Only if you trust Facebook with their proprietary software.

And on Telegram you can easily export your history at any time and delete from the servers.

Covered your first point in my other comment here: https://news.ycombinator.com/item?id=25670543. Not copy-pasting because I don't want to come off as spammy.

Isn't MTProto proprietary as well?

Also, the option to delete on a periodic basis is not an alternative to not having things stored in the first place. That said, there is no way you can verify that copies are not retained on the servers in either case (WhatsApp or Telegram) so there's not much to argue there.

> Isn't MTProto proprietary as well?

Clients are open-source, so you can see the code for e2e encryption.

> That said, there is no way you can verify that copies are not retained on the servers in either case (WhatsApp or Telegram) so there's not much to argue there.

This is exactly true, so I actually prefer Matrix.

> Clients are open-source, so you can see the code for e2e encryption.

Cool. Unfortunately the cases where it's applicable are too limited for my liking.

> Matrix.

Matrix is great, I just wish I had more luck onboarding my network onto it. I really enjoy using Element.

IMO Telegram is more similar to Facebook Messenger than WhatsApp from a security and privacy standpoint. Both do not use end-to-end encryption by default (but both have a separate end-to-end encrypted private chat mode).
If it's good enough for organised criminals and to anger various governments, it's good enough for me
Don't forget Apple pressured Telegram to remove rooms or be banned.

This type of pressure on centralized systems is exactly why it is unethical as technologists to suggest people centralize the internet.

When you choose to send friends to centralized systems you are voting for the internet to have all the problems and advantages of dictatorships.

When you support open decentralized protocols you get the problems and advantages of a democracy.

Dictatorships can move fast and make sweeping changes. Look at China.

Signal, Telegram, WhatsApp, iMessage are all examples of centralized walled gardens, aka dictatorships. They are all doomed to be co-opted into doing something you don't like at some point and you will have no recourse.

Meanwhile we have decentralized systems like like HTTP, SMTP, and Matrix. Yes they move slower, are more fragmented, need long periods of carefully discussed and rolled out protocol changes and many implementations and servers to all agree on those to function. Decentralized control is messy, and good UX takes longer to materialize, but that is how the internet was built, and how we kept it from being controlled by a single ISP/Browser like AOL.

If you want a modern e2e chat protocol that lets you use any client, server, operating system, or architecture you want and take your social graph with you when you change your mind on any of those things, where no one single entity can change the rules of the network for profit or other reasons... you are looking for Matrix.

> Don't forget Apple pressured Telegram to remove rooms or be banned.

Apple pressured Telegram to remove specific posts. There was no way to stop spamming the posts, so they removed the whole channel because it was a lot easier.

It's not really "good enough" for them. Some criminals seem to use it but it's just a matter of reputation. It doesn't offer any extra privacy over whatsapp.
That's your threat model and that's fair enough.
> Telegram is a downgrade in terms of both security and privacy

Care to elaborate? Haven't heard/read anything that points in that direction. Except for the "nearby people" feature but that its up to you to enable.

Some people are annoyed that the end-to-end encryption isnt on by default. You have to enable it yourself if you want to use it.

I agree its a downgrade in security. But I dont agree with it being a downgrade in privacy.

By default anyone at telegram can read your messages. By default, nobody at Facebook can read your WhatsApp messages. Telegram is a privacy downgrade here.
Can/Will is a difference. Especially when Facebook will definitely be using all the information it can get to sell profiles of me to others.

Another point is to compartmentalize information shared.

Id rather share my whole profile in parts to 100 different companies who all arent allowed to share it with each other, than all of it to one company.

Facebook could push an update tomorrow that subtly modifies the RNG in a very difficult to detect way that allows them to easily brute force all messages.

No published source code or alternative implementations so it may take months of RE to notice if it is ever noticed at all.

If only a single party with no accountability controls your encryption keys with binaries they compiled from code they wrote that no one else can practically review with an undocumented protocol they can silently change or backdoor at any time, it is not end to end encryption. It is marketing.

I hate and refuse to use Telegram like all centralized chat services and feel it is hostile to freedom, privacy, and security but unlike Signal, WhatsApp, iMessage and others Telegram at -least- lets independent third parties like F-droid compile and distribute binaries offering accountability for their E2E claims.

Or the can partner with Google and Apple and get those backups from them, like the government does.
I trust Bruce Schneier on this stuff and he advises against telegram: https://www.schneier.com/blog/archives/2016/06/comparing_mes...

Also in the comments on that "article" some people link against a cryptoanalysis of telegram, which can be found here: http://cs.au.dk/~jakjak/master-thesis.pdf

Someone else also mentions that telegram stores message logs on their server, if that's true it is definitely a big no no.

It's strange, because I would say Telegram is an upgrade both security and privacy.

a. It doesn't require a cellphone always on (most important point for me)

b. It's not run by Facebook, or any other FAANG

c. It's not based in the USA

d. It has a great UX.

I miss matrix in the options. It's the only modern network that still really cares about federation
I've tried many, many times to figure out how to use Matrix, and every time I can't make headway. I haven't included it in the options because after trying every six months or so to figure out how to talk one of my colleagues through it I've just given up.

Maybe it's time to try again, but all the docs seem to be written by people who assume the wrong things about their readers.

Edit: OK, I've added it.

What do you mean? What kind of problems are you running into? Elements has a trivial 2 taps flow to get to "new direct message", so I'm curious what could go wrong.
Sill on the open federated XMPP network, like always.
What's next ? What happens when Signal is bought by Microsoft and Discord is bought by Google ?
Signal can't be bought. They're a non-profit org
When they run out of money to pay for servers they can sell assets as they please to whomever they please.
Maybe not? "Signal is an independent nonprofit. We're not tied to any major tech companies, and we can never be acquired by one either."
And yet you need to be in the Google or Apple ecosystems to connect to their network.
Which app is immune to this?
Moxie doesn't care about sellout money. As I understand it he wants to run signal as a lifestyle business, and he has private donors keeping everything afloat. I'm not sure if it'll stay independant if Moxie ever leaves, but hopefully there's a stable org structure. Source: The JRE podcast he did a couple months back.

Also if they ever sell out, the server & clients are completely opensource. It wouldn't take much for someone else to fork the whole thing and run a competing service if we ever need to.

One not implemented as a centralized service. Nobody can buy email, Jabber or Matrix.
Brian Acton, WhatsApp co-founder, one who left Facebook post-acquisition, infused 50M USD into Signal. And, Signal is community-supported through donations. I hope that Signal remains here for a long time.
It is strange he moved from seeing a centralized messenger project he founded be morphed into a monster, only to double down and invest in yet another privacy hostile centralized messaging system hoping for a different result.

Anything not decentralized is going to get abused eventually. The US government could seize the client signing keys, release s backdoored client, and dump the SGX keys and gag order everything in the name of national security. We have seen similar play out in China. Even the mighty Apple gave up HSM keys and caved to CCP censorship demands. It is only a matter of time.

I fear they are well meaning but woefully naive.

We need censorship resistant standard protocols anyone can implement and help host so there is no SPOF.

There are many things that can happen to a non-profit that can change the way they provide software or a service. Apart from a sale being possible (albeit with regulator approval), a non-profit could split (see MozillaCorp), or simply act against its own stated interest due to internal politics (see PIR).

Or the change could be smaller such as the non-profit changing focus and transferring one of it's products to another entity. e.g. Signal could hypothetically pivot to focus on crypto lib dev/maintenance and transfer the messaging service maintenance to another org.

If that can't happen, companies are better off forking Signal's code and making their own variant.
Signal can not be bought by someone unless the regulators approve it. WhatsApp was bought only after an explicit approval by regulators.
Why wouldn't they approve it? How is it different from any other acquisitions in the area?
Discord doesn’t need to be bought by Google to be a huge privacy concern. No end-to-end encryption or even claims to not read direct messages, closed source, third-party clients are banned…
Discord is already hosted by Google.
+ XMPP + IRC

Please also mention if there are any client/servers FLOSS

iMessage?
When switching from WhatsApp you likely don't want to get stuck in an apple-only environment.
nobody in my network uses any of the above how are we supposed to switch? by being the weirdo that only wants to use certain platforms?
Email? Text messages? Phone calls?

Those are the only alternatives with enough penetration to rival WhatsApp (that I know of).

I know that they are not secure, but neither is WhatsApp.

Email and phone calls are not a replacement for an instant messenger. That would be like getting rid of WhatsApp not replacing it.

Once RCS gets established though, text messaging may be a reasonable alternative. (As long as telcos don't try to use stupid pricing)

Yes, I don't see what the problem with text messaging is.

Android now has some compatibility with iMessage, and SMS is standard and supported on most mobile devices, even really old phones.

Why lock-in to WA or any of these options in the poll?

I'd understand if it were vendor-neutral and decentralized, but I don't see that.

I spent a lot of time testing Signal and it’s come a long way.

One great advantage over WhatsApp is emoji reactions on messages like Slack does to avoid the dreaded “haha” taking up threads.

Signal seems to support all media I threw at it, and has an awesome MacOS desktop client.

Downsides were no web search for group icons (a great feature of WhatsApp) and live location sharing.

Overall I am happy to have nearly all of my conversations migrated to Signal over the preview few weeks.

> Signal seems to support all media I threw at it, and has an awesome MacOS desktop client.

Which one are you referring to? Signal Desktop is just an Electron application AFAICT.

Sadly the inertia of WhatsApp is something hard to escape. I would/do choose Signal with a few of my tech savvy friends. But the majority of people I know use WhatsApp, and consequently so do I.
That's been like that for a long time, several times a month I receive a notification that someone I know comes into Telegram, and even my close family is going into Signal bit by bit.

But yeah, here whatsapp is the biggest one still and too many people are using it.

I know various people who are not tech savvy, and use Signal. It doesn't require a lot of skill to use Signal; on the contrary. IMO, if you can use WhatsApp, you can use Signal. Some features like Axolotl and 2FA even overlap. That's why I decided to switch away from WhatsApp to Signal. Whoever doesn't follow can send me SMS or e-mail.
I don't mean to say you have to be tech savvy to use Signal but it's mostly tech savvy people that want to use it.
Have been investigating matrix/element.io over the last few months so will probably move to that
I have been using matrix mostly as an IRC/Gitter client but also for a small number of non-technical friends. It is making excellent progress but has a long way to come. However I do think it is the right investment due to the direction and funding it has.

Some weak points (based on using element.io clients which has some features that aren't core matrix):

- Cross-session signing is not natural to set up for users, however this likely isn't much of an issue as most of these will just use it on their phone. However this can also be an issue if they want to switch device but lost their keys.

- e2e verification is a bit awkward. No great TOFU option which makes initial setup a bit awkward, you can do it but the UI doesn't encourage it. It would also be interesting to have the option to "share" your verification. So if friend X says they trust these keys for friend Y I can import Y without further verification.

- Occasionally new devices don't want to send messages to the remote user's session. So the user just gets a "Message encrypted" notification with no indication to me that I sent a message not encrypted to all of the user's sessions.

- Voice + Video is super basic for 1:1 calls. For >2 users it uses Jitsi which is fantastic but this different UX between the two is also confusing. I'm hoping that when Jitsi launches e2e encrypted calls it can just be used for everything.

- Visually the app is cluttered and not perfectly clear. For 1:1 calls "bubbles" such as used by most chat apps are super clear. Matrix uses a design better for many user chats but can be less clear. Especially replies look a bit odd in Element.

- URL previews are only supported on web and need to be turned on per-chat (if encrypted). This is for legitimate privacy reasons but is a sacrifice of UX.

Overall once you get it set up it just works and has all of the features that a user would expect. However I'm looking forward to a lot of the polish landing which will make it compelling on UX grounds alone, whereas now it just seems like the best compromise when you consider the privacy and decentralization features.

I'm gonna stay on WhatsApp. Can't beat convenience. Also good luck getting granny and grandpa to move to some weird ass app that barely works or has weird onboarding or unintuitive UX.
I have been using Signal since before it was even called Signal (TextSecure and RedPhone), and I must say it has really refined itself over the years. It's pretty easy to set up these days, and I have more non tech oriented friends switching over seamlessly. I use Signal's voice and video calling features as well without any issues.
Been using mostly Telegram over the last year. About 80-90% of my regular contacts were using it already, got a few more to use it today.

2-3 People are using other contact options like Discord or SMS. Which is fine with me.

Since we can't possibly include all available options, how about adding an "Other" option?
Why not came back to plain old email? The email delivery system is decentralized and can support p2p encryption. You can have "chat-like" user experience with apps like Mailtime (https://mailtime.com/)
The same features are just not available. And messages may arrive sometime between 2 second and 2 days with no indication what happened. (Yes, highly skewed towards 2s, until you get graylisted)
People keep saying email has encryption, but in the rare cases when email is encrypted with pgp, only the contents of the messages get encrypted. Not the metadata. And apparently the metadata is the most valuable data for government snoops. They don't care as much what you've been saying, but knowing that you've been emailing back and forth weekly with some person of interest over the last 5 years is what they're really after.

Also pgp doesn't support any of signal's key ratcheting or deniability. And the web of trust leaks information publicly about who your contacts are! (And its vulnerable to Sybil attacks.)

Don't get be wrong, I love email and think its great. But it doesn't hold a candle to Signal when it comes to secure communication.

Been using Telegram for a long time. I don't trust it any more than I do with WhatsApp (therefore, Facebook), however it is well done and thought out, has a real desktop client with a real desktop UI toolkit and enough of my contacts are on it already, therefore it's the best compromise to me. I greatly dislike Signal's UI when I tried it out and I've read about some weird decisions lately (that "using a PIN? uploading to cloud" debacle some time ago). I also believe it shouldn't require a phone number if its focus is privacy and security. Matrix would be my go to in concept, but its userbase is even smaller. At the same time, alas, I am forced to keep using WhatsApp because "everyone" is on it, and if you aren't, you're going to miss out, be it parents school chats, work groups, less tech-savvy friends, parents..
Signal requires phone number in order not to store your contact list on their servers. Instead of id's/email addresses/nicknames they are using your phone contact list. IMHO that's better for privacy.
That depends on what you want with privacy. If you'd want to chat anonymously, having to use your real phone number is a bummer. At least in my country, it's getting harder and harder to get a SIM-card that is not tied to your name.

The alternative is getting a burner SIM-card. Though, that will become harder once more prepaid providers require your ID.

If you got a friend in Colombia they can hook you up with unlimited SIM cards for like $3 a pop.
Columbia? It's racked with rioting and civil unrest right now according to the world news. Hardly a stable place to get my telecoms supplies from.

Or if you did mean Colombia, why would the average HNer have friends there?

Unlimited what exactly?
That's very reasonable then. It's not a deal breaking issue especially so moving from or compared to less trustworthy entities already having your phone number (e.g. WhatsApp), but it had left me wondering, I thought it was used in the most part for authentication.
Signal appear to have been making efforts to switch unique identifier to an arbitrary ID, I believe this is a move towards removing the phone number requirement. I can't say for sure.

I know their infra codebase pretty well as I've worked on it for projects unrelated to Signal/Open Whisper Systems. Unfortunately their public Github is usually ~3 months behind their running infra and often released much later than the equivalent functionality in the clients hits the public.

> Signal appear to have been making efforts to switch unique identifier to an arbitrary ID, I believe this is a move towards removing the phone number requirement. I can't say for sure.

It is: https://mobile.twitter.com/moxie/status/1281353119369097217

> Our goal with PINs is to enable non-phone # based addressing. Since that will mean your Signal contacts can't live in your address book anymore, they're Signal's responsibility. Every other messenger does this by storing them in plaintext, but that's not private, so we built SVR.

Thanks for that. I had a quick look through their blog but couldn't find anything to reference.

It's been a few months since I worked with their codebase but at the time it relied on Intel SGX for the contact storage Enclave, which is now considered compromised[0]. Additionally, if you wanted to run your own, the requirements to get licensed to use the Enclave are non-trivial.

Opinions are my own, I represent no one, etc, etc.

[0]https://arstechnica.com/information-technology/2020/03/hacke...

Yeah I think that's still true. That said, as I understand it, the enclave is used as "proof" that they're running the server-side code they say they do (which should be protecting the data), not the data itself. I could definitely be wrong there though.
Yes, that's how I understand it to work; TEE (Trusted Execution Environment).
Asking for a real-world identifier is breaking privacy from the get-go...
> Signal requires phone number in order not to store your contact list on their servers.

That does not make sense. There is no relation between 'using phone number as id' and 'storing contact list on servers'. E-mail and same other communication protocols also do not use phone numbers and do not store contact list on servers.

Yes but do they offer the same experience? Signal figured out that you probably have a list of contacts that you want to talk to. If they use mobile numbers as identifiers then they don't have to keep the contact list - it's already there on your phone. IMHO it's a good compromise.

I'm not an advocate for Signal, but I totally get this approach.

For people that are not aware: There's a Telegram FOSS [1] fork which contains all kinds of fixes; and additionally is Google Services and tracking free, which means it will run on AOSP and LineageOS without any burden of push services.

You can verify this yourself with AppWarden [2].

[1] https://github.com/Telegram-FOSS-Team/Telegram-FOSS

[2] https://gitlab.com/AuroraOSS/AppWarden

being FOSS just in the client side, IMO changes little in comparsion with WhatsApp.
At least you know what your device is doing. But walled garden is definitely bad.
> being FOSS just in the client side, IMO changes little in comparsion with WhatsApp.

There are efforts implementing mtproto servers that are compatible with the Telegram codebase like telegramd [1] or madelineproto [2] in case you want to host your own server.

But, if decentralization is your main focus (interpreting your statement); you probably want to switch to a Matrix-based client anyways.

[1] https://github.com/nebula-chat/telegramd

[2] https://github.com/danog/MadelineProto

I would love to have my own telegram infrastructure. I will check those projects, thank you!
I like Telegram FOSS because it doesn't rely on google's infrastructure to run. That's good enough for me given I already made the questionable decision to run a chat client with a home-baked security protocol ;)
Note that normal Telegram chats are not end to end encrypted. You have to start a “secret chat” for that.
And you cannot use e2e chats at all on desktop or GNU/Linux phones.
Telegram gets a lot of flak for this, but if what they're saying here is true, I believe that it's a pretty sane architecture: https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by...

Definitely a better alternative to WhatsApp in any case.

Good read, thanks for that link.
That page starts by claiming that Signal doesn't do backups which is false.
That page, is also an article from 2017 :-)
The backup feature is not new.
The article is from 2017 and Signal added backups in 2018.
My Signal message history goes back further than that but maybe the feature was added midway before I switched phones.
Signal's backup is different than what Telegram provides, based on what I read on their webiste: https://support.signal.org/hc/en-us/articles/360007059752-Ba...

On Telegram, login on a new device and you can see your all messages automatically. On Signal, you seems to need to perform it manually, and your history will lost forever if you phone are lost or broken.

I think the first kind of "backup" is what most people would expect, because it is convenient. But to provide this convenience, it can't be full E2E, so Telegram supports secret chat when you need max security if you are willing to sacrifice convenience.

You can get the same convenience with the Signal/Whatsapp E2E type of app. All you need additionally is to keep a passphrase stored somewhere. As long as you do that you can have automatic backups that allow you to setup a new device without access to the old one and get all your history back, without losing the E2E encryption benefits by having unencrypted backups on a server somewhere. Signal UX for this is poor though.
Nothing prevents Telegram from not implementing that architecture and reading every single group message and non-secret chat. Telegram is sketchy in many ways, I wouldn't trust that easily.
Genuinely curious to know why you think Telegram is sketchy in many ways?
Because the founder is Russian and Russophobia is very strong in the USA and Western Europe.

People find other reasons for this (“they made their own crypto”, “marketing says secure but it isn’t by default”) but the core of the argument is that Pavel Durov is Russian and he’s not trusted. If it had been Elon Musk who had created it- I have little doubt that it would be the hottest thing on the market.

I'm facing the same problems. All the people in my (real life) social circle are using WhatsApp. All of my friends are calling me crazy that I don't have Instagram, so talking about alternative messaging apps is probably not going to work. I think this is true for most people in the western culture. I value my privacy, but the struggle is to big for me.

Maybe an open-source protocol, like how e-mail works, could be a solution for this problem. That you can choose your messaging apps and that they can interfere with each other, like email clients.

I'm really shocked that people these days don't even ask for phone numbers. They ask for Instagram. I don't have it and do feel like I'm "missing out" on updates from friends. But then it reminds me how much I hated Facebook before I quit. These days my WhatsApp bio says "text me on Telegram" and usually my WhatsApp is not running on the background.
There already are IM protocols. The problem is that companies prefer to create walled gardens. Even if a protocol were to take off, what usually happens is that one company leverages the protocol to gain traction, spends enough resources to build a really great user experience, and once they’ve amassed a big enough percentage of users, they toss the protocol and use something proprietary. You’d need the protocol to have at least two popular clients so that the user base is split between them. That might prevent one from dropping support for the protocol.
Thanks for your comment. I quickly searched for the IM protocols and there are plenty of open-source projects with promising functionalities.

I think that the mindset of the majority of the people is the source of this problem. Most of the people I speak to don't care about their privacy. They say that they have nothing to hide and that's a valid statement. The problem is that we don't get to choose. If someone wants to share all of their personal information it's their choice, but to not share your personal information seems almost impossible. Social standards expect that you have WhatsApp and LinkedIn and such.

(comment deleted)
Is Matrix a good alternative to Signal? I'm currently using Signal, but I'm not entirely satisfied. My major issues are that I don't like their stance on a couple of issues: third party clients are not allowed, mobile first and desktop is only synced, phone number required, and distribution only over the app stores. Also we frequently get "encryption errors" and everybody ignores them, this is worse than with SSH key errors :-).
There is more metadata with Matrix but the privacy and security of message content is good. I find the UX a bit clunky because it's kind of trying to combine bits of a instant messenger with something like slack.
matrix-synapse(server) suffers from performance issues[1], dendrite[2], the replacement should be resolving that but is currently in beta.

Apart from that it integrates fairly well with other networks through bridges.[3]

It can be self hosted and it federates, which is a pro. Not too sure about audits and security, it has improved much, when I started using it (2019) they didn't have login throttling[4] and shortly after that were breached.[5] Much has improved since.

[1] https://github.com/matrix-org/synapse/issues?q=is%3Aissue+is...

[2] https://matrix.org/docs/projects/server/dendrite

[3] https://matrix.org/bridges/

[4] https://github.com/matrix-org/synapse/issues/1452

[5] https://securityaffairs.co/wordpress/83751/data-breach/matri...

Your first link lists a lot of tickets than actual performance issues.

Searching on an issue tracker for the word 'performance' is not a good source for claiming there are performance issues.

Synapse used to have scaling issues. Those are pretty much fixed.[1]

[1] https://matrix.org/blog/2020/11/03/how-we-fixed-synapses-sca...

Speaking as a Matrix user: it definitely still has performance issues. I'm regularly running into sudden lag spikes that have no clear justifiable reason to exist.

More details about my specific case are found here: https://github.com/matrix-org/synapse/issues/8612 - and occasionally other performance issues pop up for other people too.

I'm sure this will eventually be fixed, and honestly the performance is probably good enough for most people, but Synapse is definitely not as performant yet as a homeserver should be.

I like matrix, and the chat feature is pretty rock solid. However for calls and sending files it's currently not as good as Signal. I quite often have an issue with calls connecting (need several tries) while I hardly ever see this with signal. Similarly, sometimes I get failed sending of files (especially if they are big) and they somehow stay as a failed message in your chat afterwards, which is really annoying.
I would personally have a hard time convincing people to switch to Matrix when the Elements UX is so bad and I haven't found any good alternatives.
The clients are Matrix’s limiter right now. I’ve tried multiple and none are polished.

Fluffy chat may be the best, but still needs lots of love.

Yeah. I'd love to love Matrix but the clients are getting in the way.

I did find a native macOS Matrix client and quite honestly I'd love to be able to use a native client since all platforms really only have Electron apps. But the macOS client only gets me so far since I also want to use it on my phone.

> Is Matrix a good alternative to Signal?

To a certain degree I'd say this is apples vs oranges.

Before you shoot me down, let me explain. The reason I say that is because of the core focus of the different platforms.

Signal's priority-one use-case is clearly person-to-person IM and communication. The UI, setup-process and entire architecture is optimized for this one use-case, with all other use-cases being shoehorned in to fit whatever was built for that.

I'd say Matrix (for the moment disregarding a key feature, bridging) has as its primary use-case to be a discord/slack/IRC alternative, to handle "channels", long term group chats and basically persistent online collaboration workspaces.

Sure. Technically speaking, Matrix has a full support for E2E encrypted person-to-person IM and communications (even phone-calls and audio!), and you can use it for that. But this was clearly not the primary use-case Matrix was designed to solve.

Therefore IMO Matrix person-to-person chat has this slightly shoehorned-in feeling, so you may have a somewhat lesser user-experience when using Matrix to do these things than other platforms which had this as their primary goal.

Disclaimer: Happy Matrix-user, running own server, bridging both FB, WhatsApp and Signal into the matrix-verse.

Are you suggesting to use a separate app for every different use case?
Not at all.

I’m just saying that if you try to suggest Matrix as a “drop in” replacement for WhatsApp or other dedicated IM platforms, it may not immediately give you that “at home” feeling right now.

It’s much more capable, but different. For better and worse.

As far as I know, the Matrix protocol shouldn't be limiting when it comes to one-to-one chats.

There are already Matrix mobile clients focusing on this use case, aiming at being a WhatsApp replacement. Examples are: Ditto Chat[1], Nio[2], and FluffyChat[3].

Before trying to solve the network-effect issue (i.e. all people using WhatsApp), we should make one of the mentioned clients at least as good as WhatsApp, or else users won't switch.

[1] https://dittochat.org

[2] https://nio.chat

[3] https://fluffychat.im

Tried a few of those. Fluffychat looks promising so keeping that for now!
Signal for Android is also distributed via their website.
I like wire (https://wire.com/en/) but no one I know uses it :-/
I use it as well. It has some quirks but generally does what I want it to do.
Wire is pretty popular in my social circles, less so lately, unfortunately.

The "always on" encryption is great, and it's always been more stable, and had a more complete feature set than Signal, even at launch. Most importantly, migration between devices with Wire is super smooth.

It definitely should be in the poll.