I’ll preface saying I’m not a security expert but my understanding Is sometime in 2025 they changed the encryption scheme in matrix following a lot of disclosures of how it was broken to a new scheme that uses MLS and supports forward secrery. I haven’t seen a post yet from security experts discrediting it yet. It sounds like it still has issues from what you’re saying, about soatok disclosing some new problems with it.

On the call side they have element call instead of relying on a jisti widget (but only a few client support it). Afaik it supports encryption. They talked about it last year at the matrix conference https://cfp.2025.matrix.org/matrix-conf-2025/talk/BQZHAH/

You’re right, I was wrong about signal using MLS. I recall reading it somewhere but can’t find the source now.

As for my response, it was about forward secrecy which they do claim to have now. Yeah I wouldn’t rely on matrix E2EE right now, and until its been seriously audited and replaced with something security experts agree on.

For a discord replacement (with public not E2EE rooms) it seems to be the best replacement just because that’s where communities are right now. XMPP+OMEMO is not that interesting to me because I don’t know of any communities that are on there or other users to be a Discord replacement and its E2EE story is not as good as Signal to be a Signal replacement.

For a signal replacement I’m not sure SimpleX or Briar are there yet. SimpleX doesn’t have multi device support last time I checked which is annoying if you’re used to useing signal on your phone + desktop. Any Briar doesn’t work on IOS, so if you chat with anyone who has an iphone they are SOL.

Does matrix have forward secrery now since the switch to MLS? (I.E. the same encryption scheme Singal uses) https://matrix.org/blog/2025/06/dispelling-myths/

They still have a large metadata leak that to my understanding can’t be fixed until they introduce stuff like pseudo anonymous user handles and room handles.

Not a good discord replacement but setting up nextcloud talk (simple p2p voice chat) and then the high performance backend (better supports video/voice calls between 3+ people) was relatively easy. We use it among my family now to have group calls instead of relying on facebook messenger.

If you use the AIO it comes with the high performance backend already set up afaik.

I run nextcloud using the official release without the docket AIO image, but you can just run the high performance backend from docker. This is what I do on my nextcloud server. https://arnowelzel.de/en/nextcloud-talk-high-performance-backend-with-docker

It’s pretty straightforward, just run docker container, if you use a reverse proxy much sure the signaling server is properly configured on the reverse proxy and then modify the next cloud settings to point to the self hosted HPB.

By desktop do you mean the jitsi call widget thing? Instead of the native call support that I believe element x uses?

Do the voice call and video features work with continuwuity?

How do you do it with x? I would be interested in looking at this.

I think in theory it could be done in Wayland if a compositor implements multi-seat support. There is a fork of wlroots & labwc in this repo that seems like it’s trying to do that https://github.com/garlett/multiseat

I’m not sure if you can do it without authenticating on the remote. Have you seen sshuttle? Maybe you can run that on the remote to connect to the local machine. If the issue is that the remote “can’t see” the local machine to ssh into it then you could try something like reverse tunnel the ssh port to the remote, and then use sshuttle to connect to the local port that is forwarding traffic.

Do you mean sending patches by email? The author for the article also despises them as suggest alternatives for collaboration where you do “pull request” by people giving you a link to their repo and branch name (like literally asking you to try pulling from their git repo), or sending git bundle files which get around a lot of the problems of trying to send patch files around.

I agree that having all the commentary in private by default is not ideal for open source. the email verification idea is interesting since it gives you the benefits of not having to create an account.

To me the article was interesting because it points out ways that git “just works” that people might not realize. Like that you can just create a bare repo and upload to that.