A tiny selfhosted federated messenger for the decentralized web. - GitHub - balzack/databag: A tiny selfhosted federated messenger for the decentralized web.
Just a hint for people searching a tiny selfhosted messenger with encryption and apps for iOS and android.
The point of federation means your content doesn’t only stay on your server. The person you’re talking too can be on a different one and their admin can see them too. Also, I wouldn’t want to be able to access content from any user - it’s a “no trust needed” thing.
with databag, the content only resides on the hosting node, or on the device of a topic participant. in the case of matrix.org, federation means your content will live on other servers, but that’s not the case for databag.
your point about the admin being able to see the content is valid. if the databag node is hosted by someone else, then they to would have access to the content if e2ee is not used.
The person you’re talking too can be on a different one and their admin can see them too.
That very much depends on the protocol and type of federation, but a good point indeed
Also, I wouldn’t want to be able to access content from any user - it’s a “no trust needed” thing.
Sure, but e2ee also comes with lots of trade-offs and strings attached, that almost only ever make sense in case of extreme centralization (i.e. in a non-federation, where trust in the faceless provider is not an option). PFS means that setting up a new device is a PITA because you can’t access your full messages history on new devices without off-band synchronization, no server-side search means that clients are either limited in this area or have to carry large histories and inefficiently search themselves, MITM/server-mediated attacks are only mitigated with verification (on top of encryption), which is a UX disaster for users non-versed into crypto (and this complexity is imposed upon such users no matter what), etc, etc.
Of course I’m not advocating against e2ee in the general case (and quite the opposite at that), but if you self host (topic of this community) for yourself and few family members, the downsides quickly outweigh the benefits and so I believe that e2ee should be left at the discretion of the users.
The point of federation means your content doesn’t only stay on your server. The person you’re talking too can be on a different one and their admin can see them too. Also, I wouldn’t want to be able to access content from any user - it’s a “no trust needed” thing.
with databag, the content only resides on the hosting node, or on the device of a topic participant. in the case of matrix.org, federation means your content will live on other servers, but that’s not the case for databag.
your point about the admin being able to see the content is valid. if the databag node is hosted by someone else, then they to would have access to the content if e2ee is not used.
That very much depends on the protocol and type of federation, but a good point indeed
Sure, but e2ee also comes with lots of trade-offs and strings attached, that almost only ever make sense in case of extreme centralization (i.e. in a non-federation, where trust in the faceless provider is not an option). PFS means that setting up a new device is a PITA because you can’t access your full messages history on new devices without off-band synchronization, no server-side search means that clients are either limited in this area or have to carry large histories and inefficiently search themselves, MITM/server-mediated attacks are only mitigated with verification (on top of encryption), which is a UX disaster for users non-versed into crypto (and this complexity is imposed upon such users no matter what), etc, etc.
Of course I’m not advocating against e2ee in the general case (and quite the opposite at that), but if you self host (topic of this community) for yourself and few family members, the downsides quickly outweigh the benefits and so I believe that e2ee should be left at the discretion of the users.