What I’m looking for ultimately is a universal chat type app like Beeper that can handle Signal and SMS, however, reading this about it gives me pause. It would be nice if I could get all my peeps on matrix, but since it was so hard to get them on to Signal, I think the best I can hope for is something than can handle matrix, signal, and sms. Which brings me back to the title, how exactly do Matrix bridges work and are they secure?

EDIT: SMS is insecure by its very nature, yes?

  • wxboss@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    1 year ago

    This is a great point that you bring up. I subscribe to an IRC channel that has bridges to both Telegram and Matrix. My feelings at this point, is that the weakest link is going to be of the most concern. But how all this technology interoperate with each other and how they actually handle privacy/security together is a question I cannot answer.

    • pitninja@lemmy.pit.ninja
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      E2EE only exists up to the bridge, not the whole way to your client

      I just want to clarify that most bridges can be set up to have E2EE between the Matrix client and the bridge (regardless of whether the bridge supports encrypted chats on the bridged service because not all do, e.g. Facebook), but it is true that the bridge itself has to decrypt and translate between Matrix and the 3rd party chat service, so as you mentioned trusting who hosts bridges or doing it yourself is really important.

    • jarfil@beehaw.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      most bridges are open source and you can host them yourself, the risk that unauthorised parties can gain access to the data is fairly low

      …as long as you keep them up to date and follow some basic security practices. There is nothing stopping you from self-hosting an outdated vulnerable version exposed to the public.

      Third parties are a risk of unauthorized access, but may be more likely to follow security practices in order to avoid getting fined (according to the legislation of wherever they’re hosted).

    • hedge@beehaw.orgOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Oh boy. I think I’m really out of my depth here. I just downloaded Element and was fiddling with it a bit and found it to be kind of confusing. Maybe I oughta just stick with Signal despite centralization and signalcoin. Would be nice to be able to get SMS on the desktop tho, so I don’t have to go hunting for my phone everytime I have to do 2FA (which, admittedly, is not that often). In any event, thanks to @wxboss@lemmy.sdf.org & @GlowingLantern@feddit.de.

      • iamak@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        What did you find confusing about Element? The most confusing part for most people is the federation but since you’re on Lemmy, I assume that’s not the case for you.

        • hedge@beehaw.orgOP
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          I’m gettin’ old, and it’s an “old dog new tricks” type thing. However, I’ve still got it installed and probably just need to fiddle around with it some more. Getting Mrs. Hedge and my peeps to switch is going to be tough tho, hence me asking about the Signal bridge . . . Are “rooms” the same as “groups”?

          • iamak@infosec.pub
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Why do you want them to switch from Signal? Federation? Other than that Signal’s great. Idk specifically about Signal bridge but I’m in a room with Telegram and IRC bridged and both bridges work pretty well. The room was bridged to XMPP as well but XMPP bridge was weird (resent random messages sometimes) so we removed it. Give it a try though and if possible tell me how it works? I’m curious :p

      • jarfil@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        so I don’t have to go hunting for my phone everytime I have to do 2FA

        Automatically forwarding the SMS to the desktop, could turn that 2FA into 1FA.