I’m in the process of getting this going in my lab. I appreciate these efforts to find alternatives.
That being said, can I get some opinions so I can pare down the list?
Would be great to have E2EE and audio. Video bonus. I don’t think I’ve got much in the way of preferences beyond that.
My latest leaning is hosting the Matrix protocol.
Also the only friends I have that would be willing to move off the easy corporate software are tech literate, so I have the option to distribute VPN confs and the like. Has anyone hosted chat over their own VPN, or does that just become a mess because STUN/TURN needs to be “free”?
I quite like Nextcloud with Talk (spreed), but it’s a whole cloud suite. Nextcloud is E2EE, and NC Talk does text, voice, and video. The phone apps are nice too. The only problem is connecting more than 2-3 people in a voice/video call can be a bit much, so they recommend a high-performance backend (either a paid service, or annoying to set up yourself). It might be overkill if you don’t also use Nextcloud’s other applications, but I use a lot of them extensively, especially when feeding CalDav calendars etc into Home Assistant. Friends making an account on your nextcloud is pretty trivial, even for people who aren’t technical. I use the VM hooked to dedyn io for outside access, and it was all very easy to set up. I’ve had it running for about 6 years now, and only had a problem updating for a while, but it was resolved by the community forums.
It’s pretty straightforward, just run docker container, if you use a reverse proxy much sure the signaling server is properly configured on the reverse proxy and then modify the next cloud settings to point to the self hosted HPB.
Thanks, that’s good to know. I set up the hanssonit vm - it was very easy to start off with, but it does things differently to the AIO. The AIO didn’t exist when I started out, but I’ll look into migrating at some point. It’s a fairly large install, so slightly fretful.
TURN server doesn’t need to be free, you just need everyone to be able to access it.
The product I work on in my 9to5 would be perfect for your use case from the technical side of things but sadly the commercial side is a completely different story that makes it not even worth recommending.
OMEMO is better than nothing. Much better than OTR or PGP (looking at you DeltaChat), and the biggest problem seems to be the metadata and old versions used in some clients. The encryption (of message contents) at the very least is decent.
OMEMO is better than Matrix’s encryption, which the later doesnt offer proper forward secrecy and breaks all the time leaving messages inaccessible.
They still have a large metadata leak that to my understanding can’t be fixed until they introduce stuff like pseudo anonymous user handles and room handles.
Where did you read that Signal uses MLS? I could not find any claims of using MLS on Signal’s specs page or their GitHub repo. Also MLS doesn’t mean anything on its own, see Soatok’s blog on MLS.
Soatok is currently in the process of writing a blog post about another vulneribilty they found in Matrix’s encryption, and with Matrix’s history of numerous vulnerabilities, I would stay away from that shit. No matter how “good” the algorithm is in theory, it is all about implementation. Matrix also has very brittle encryption, often times many messages will become unrecoverable, which is terrible UX.
You’d be better off just selfhosting XMPP+OMEMO, with the caveat that it is also flawed and leaks plenty of metadata.
The best alternatives to Signal (but not Discord) are SimpleX and Briar. Both are significantly better than XMPP/Matrix for privacy and security.
You’re right, I was wrong about signal using MLS. I recall reading it somewhere but can’t find the source now.
As for my response, it was about forward secrecy which they do claim to have now. Yeah I wouldn’t rely on matrix E2EE right now, and until its been seriously audited and replaced with something security experts agree on.
For a discord replacement (with public not E2EE rooms) it seems to be the best replacement just because that’s where communities are right now. XMPP+OMEMO is not that interesting to me because I don’t know of any communities that are on there or other users to be a Discord replacement and its E2EE story is not as good as Signal to be a Signal replacement.
For a signal replacement I’m not sure SimpleX or Briar are there yet. SimpleX doesn’t have multi device support last time I checked which is annoying if you’re used to useing signal on your phone + desktop. Any Briar doesn’t work on IOS, so if you chat with anyone who has an iphone they are SOL.
The other problem with Matrix for me is that Element call (the protocol) is not present in most public instances and isn’t very straightforward to selfhost. The default is jitsi which is not E2EE. Pretty major IMO because if Matrix is supposed to be a Discord alternative and supposedly E2EE but VC isnt encrypted, pretty yikes.
Also they have claimed for years that they have forward secrecy. Has something actually changed recently?
I’ll preface saying I’m not a security expert but my understanding Is sometime in 2025 they changed the encryption scheme in matrix following a lot of disclosures of how it was broken to a new scheme that uses MLS and supports forward secrery. I haven’t seen a post yet from security experts discrediting it yet. It sounds like it still has issues from what you’re saying, about soatok disclosing some new problems with it.
On the call side they have element call instead of relying on a jisti widget (but only a few client support it). Afaik it supports encryption. They talked about it last year at the matrix conference https://cfp.2025.matrix.org/matrix-conf-2025/talk/BQZHAH/
I’m in the process of getting this going in my lab. I appreciate these efforts to find alternatives.
That being said, can I get some opinions so I can pare down the list?
Would be great to have E2EE and audio. Video bonus. I don’t think I’ve got much in the way of preferences beyond that.
My latest leaning is hosting the Matrix protocol.
Also the only friends I have that would be willing to move off the easy corporate software are tech literate, so I have the option to distribute VPN confs and the like. Has anyone hosted chat over their own VPN, or does that just become a mess because STUN/TURN needs to be “free”?
(Sorry I’m still learning a lot here)
I quite like Nextcloud with Talk (spreed), but it’s a whole cloud suite. Nextcloud is E2EE, and NC Talk does text, voice, and video. The phone apps are nice too. The only problem is connecting more than 2-3 people in a voice/video call can be a bit much, so they recommend a high-performance backend (either a paid service, or annoying to set up yourself). It might be overkill if you don’t also use Nextcloud’s other applications, but I use a lot of them extensively, especially when feeding CalDav calendars etc into Home Assistant. Friends making an account on your nextcloud is pretty trivial, even for people who aren’t technical. I use the VM hooked to dedyn io for outside access, and it was all very easy to set up. I’ve had it running for about 6 years now, and only had a problem updating for a while, but it was resolved by the community forums.
If you use the AIO it comes with the high performance backend already set up afaik.
I run nextcloud using the official release without the docket AIO image, but you can just run the high performance backend from docker. This is what I do on my nextcloud server. https://arnowelzel.de/en/nextcloud-talk-high-performance-backend-with-docker
It’s pretty straightforward, just run docker container, if you use a reverse proxy much sure the signaling server is properly configured on the reverse proxy and then modify the next cloud settings to point to the self hosted HPB.
Thanks, that’s good to know. I set up the hanssonit vm - it was very easy to start off with, but it does things differently to the AIO. The AIO didn’t exist when I started out, but I’ll look into migrating at some point. It’s a fairly large install, so slightly fretful.
This is so great to hear. I’m already using Nextcloud with several of its apps including Talk (what’s with the spreed nomenclature anyway?)
I thought using Talk for this effort was just quick and dirty until I figure out Matrix, but you’ve helped reassure me it’s legit.
TURN server doesn’t need to be free, you just need everyone to be able to access it.
The product I work on in my 9to5 would be perfect for your use case from the technical side of things but sadly the commercial side is a completely different story that makes it not even worth recommending.
Thanks so much!
snikket is pretty slick. omemo is worrisome though
OMEMO is better than nothing. Much better than OTR or PGP (looking at you DeltaChat), and the biggest problem seems to be the metadata and old versions used in some clients. The encryption (of message contents) at the very least is decent.
OMEMO is better than Matrix’s encryption, which the later doesnt offer proper forward secrecy and breaks all the time leaving messages inaccessible.
Does matrix have forward secrery now since the switch to MLS? (I.E. the same encryption scheme Singal uses) https://matrix.org/blog/2025/06/dispelling-myths/
They still have a large metadata leak that to my understanding can’t be fixed until they introduce stuff like pseudo anonymous user handles and room handles.
Where did you read that Signal uses MLS? I could not find any claims of using MLS on Signal’s specs page or their GitHub repo. Also MLS doesn’t mean anything on its own, see Soatok’s blog on MLS.
Soatok is currently in the process of writing a blog post about another vulneribilty they found in Matrix’s encryption, and with Matrix’s history of numerous vulnerabilities, I would stay away from that shit. No matter how “good” the algorithm is in theory, it is all about implementation. Matrix also has very brittle encryption, often times many messages will become unrecoverable, which is terrible UX.
You’d be better off just selfhosting XMPP+OMEMO, with the caveat that it is also flawed and leaks plenty of metadata.
The best alternatives to Signal (but not Discord) are SimpleX and Briar. Both are significantly better than XMPP/Matrix for privacy and security.
You’re right, I was wrong about signal using MLS. I recall reading it somewhere but can’t find the source now.
As for my response, it was about forward secrecy which they do claim to have now. Yeah I wouldn’t rely on matrix E2EE right now, and until its been seriously audited and replaced with something security experts agree on.
For a discord replacement (with public not E2EE rooms) it seems to be the best replacement just because that’s where communities are right now. XMPP+OMEMO is not that interesting to me because I don’t know of any communities that are on there or other users to be a Discord replacement and its E2EE story is not as good as Signal to be a Signal replacement.
For a signal replacement I’m not sure SimpleX or Briar are there yet. SimpleX doesn’t have multi device support last time I checked which is annoying if you’re used to useing signal on your phone + desktop. Any Briar doesn’t work on IOS, so if you chat with anyone who has an iphone they are SOL.
The other problem with Matrix for me is that Element call (the protocol) is not present in most public instances and isn’t very straightforward to selfhost. The default is jitsi which is not E2EE. Pretty major IMO because if Matrix is supposed to be a Discord alternative and supposedly E2EE but VC isnt encrypted, pretty yikes.
Also they have claimed for years that they have forward secrecy. Has something actually changed recently?
I’ll preface saying I’m not a security expert but my understanding Is sometime in 2025 they changed the encryption scheme in matrix following a lot of disclosures of how it was broken to a new scheme that uses MLS and supports forward secrery. I haven’t seen a post yet from security experts discrediting it yet. It sounds like it still has issues from what you’re saying, about soatok disclosing some new problems with it.
On the call side they have element call instead of relying on a jisti widget (but only a few client support it). Afaik it supports encryption. They talked about it last year at the matrix conference https://cfp.2025.matrix.org/matrix-conf-2025/talk/BQZHAH/
Late to the party, but have you seen this post? It addresses most of the criticism against DeltaChat (and its use of PGP)
https://blog.feld.me/posts/2025/03/deltachat-is-actually-good-though/
oh that makes me excited! i was worried my bugging the fam may have been a waste, or not as useful as id hoped
It still isnt great. Better than DeltaChat/Matrix but decently worse than Signal’s security.
oh that takes away that excitement that was previously restored
Lol