Move from the cloud to k8s hosted on their own metal. The Signal server is simplistic (a compliment), it’s the bandwidth that you’re going to get raked over the coals for at cloud providers. Burst to the cloud for outlier events.
If I'm not mistaken, signal is specifically hosted on AWS to so that governments can't just blacklist their IPs without blacklisting all of AWS. So moving to bare metal isn't really an option.
You can't win every fight. In this case, they're (intentionally or not) making a trade-off between being easier for governments to censor, and easier for Amazon to censor. I guess in their case, the many governments in the world are a bigger threat than Amazon specifically.
They actually get around SNI blocks (or did, I'm not sure if anymore) with a technique called "domain fronting". If I recall correctly, AWS wasn't so happy about it when it was bought to their attention and they were asked to stop. There was even some discussion on HN about it. Not exactly sure what the current state is.
> Governments can easily block AWS as well and they have. Even simpler, they just go for the kill-switch and kill internet.
They can, but the collateral damage of doing that is high, which is a deterrent. The only regimes where that's realistically an option are ones where they've consciously developed an independent tech ecosystem (e.g. China) or where their power is so secure they couldn't care less about the damage.
Unless you are talking about very stable countries(where this is not even an issue to begin with), we have already seen a few(russia, india etc) doing this without a second thought, not just china. The damage can be attributed to someone else when you own the communication channels.
> we have already seen a few(russia, india etc) doing this without a second thought, not just china. The damage can be attributed to someone else when you own the communication channels.
Russia might fall under the category of "regimes...where their power is so secure they couldn't care less about the damage," and it appears they did in fact see a lot of collateral damage during the attempt. India's blocks look to be localized an temporary.
Key parts of the server (eg attestation that the running server code matches the public release) run in the CPU's secure enclave, which makes it non trivial to run on your own bare metal k8s. Also, I think Azure is the only cloud provider whose kubernetes implementation supports this. I know they open sourced their implementation but I don't know how hard it is to do on your own environment.
How many users does matrix have? I tried it last fall on 2 different servers. (Hosting an own server is not possible on a small root server you can get for 5 EUR/USD a month, it requires signifcant resources.) My experience was a bit disappointing. It seems pretty overloaded already, especially the irc bridge. And we are talking of thousands of users. I'm pretty convinced that with millions signing up it would collapse completely.
Yes, I'd hope federation of many servers is the way to go. But it seems so resource demanding that not many free servers are available and even running your own one is not cheap or easy. No idea whether it will ever scale.
It's difficult to say, as the French government [0], German armed forces [1], and several thousand independent users/corporations/groups run their own servers. What we can determine is that matrix.org on its own has >10 million accounts [2] (search for "global visible accounts" in the link).
> Hosting an own server is not possible on a small root server you can get for 5 EUR/USD a month, it requires signifcant [sic] resources
A direct example of setting up Matrix is shown here [3], using a $20USD/month Digital Ocean droplet. It's a reasonable approximation, though inexact, as we don't know how many users this server will be supporting. This example is thrown further off, as it's the Matrix project lead setting up the server. He's likely in many rooms with high user counts and, as high user counts dramatically increase resource needs, likely needs more RAM and CPU than someone setting up a server for a group of friends.
I think it's gotten much easier to stand up a matrix-synapse server than when you last tried, and suspect you left with a bad taste after joining popular rooms that (due to how many users they have) lag much more than you'd typically experience. Perhaps I'm wrong and you did everything right just last week and still don't like it, but I'd encourage more people to see for themselves :)
> It's difficult to say, as the French government [0], German armed forces [1]
I'd say those don't really count here because they run their own closed groups. Even if they technically could federate with everybody else, I don't think they do. I guess they are even heavily firewalled. And they don't care having to run beefy servers, they have budget for that.
> What we can determine is that matrix.org on its own has >10 million accounts [2] (search for "global visible accounts" in the link).
How many of them active every day?
They also claim 20.000 active servers, but I could not find more than 2 or 3 open for public registration. And they seemed all pretty loaded and were like suggesting if you can go elsewhere, please do.
> I think it's gotten much easier to stand up a matrix-synapse server than when you last tried, and suspect you left with a bad taste after joining popular rooms
Exactly that's the problem: If you join a popular room your server will need more resources than the 5 USD/month server typically has. I haven't tried whether 20 USD/month would be enough, but honestly that's a bit more than I am willing to spend for playing around.
But running something with the limitation you cannot join popular rooms didn't seem worth trying either.
I honestly don't know how many users matrix has. I think others have already given references to estimates. Though, I believe it is vastly more than just "thousands of users"...but much like email (another federated protocol), i suppose we can never truly know that absolute number, just like we can never know with absolute certainty how many smtp servers and associated mailboxes there are out there.
I'm no longer hosting my own homeserver (can;t spare admin time for it), but when i did, it was running nicely on a $10 USD/month on digital Ocean...and this was circa 2019...I'm not an expert but as i understand it, both synapse (the python-based reference homeserver), and the vastly more performant (though beta) Dendrite have significantly improved since back then. There is certainly something to be said if you're high profile folks (like @Arathorn) who are members of tons of rooms...one can imagine that it would require more resources to support such vastly high interactions (for room data history sync, etc.)...But, hey, its early days, if the experience is too raw for you, you can wait a little while until this becomes more mainstream; no harm, no foul. :-)
Hosting it on cheap vps is fine if you have private only instance.
What nobody talks about is that when you start to federate this becomes huge issue. One of your users join some old and active room on matrix original instance... it will kill your instance.
So yeah the idea of federation is nice but right now Matrix is no replacement to Signal for personal messaging. Its great for replacing slack and private community servers though. I use it for that a lot.
Matrix is not ready for the general public. I am a user who can (mostly) deal with the horrible user experience of pgp. With matrix I immediately run into trouble that some of my chats could not decrypted the second day any more. The documentation is confusing, the spec has been changed less than a year ago IIRC and different clients a at different stages of implementation. Nothing that a random user could handle.
Not sure when you had your experience, but they improved on e2ee a lot and as long as you backup your recovery key you should never see "unable to decrypt message" warnings.
> Not sure when you had your experience, but they improved on e2ee a lot
As I said last fall, so maybe October 2020.
I got the impression that the big improvement happened early 2020 and maybe the Web client I used first did not support it.
But if they say that the system has been running since 2014 and the improvement that makes it usable came in 2020 I would not yet call it a mature and proven system.
> you should never see "unable to decrypt message" warnings
Warning is an understatement here :) I could not at all decrypt the new messages other people were sending me and I had to communicate with them by an independent channel. One of them was an experienced Matrix evangelist running his own servers and he could not solve the problem and not tell what I might have done wrong.
I guess part of the problem was that I started with a Web client and later moved to my own element client installation.
The element client looked easier to use, although it still remained unclear to me what exactly is the secret key, what is stored locally inside the client (and not available once I switch clients or machines), what is in the server and what I have as a backup.
If I with some practical cryptography experience cannot understand the usage in 1 hour (and I was searching around for more than an hour in various sources) it's not ready for widespread use by people who have no idea what they are doing.
I keep advocating for a solution where the passphrase is not separate from the password (like what ProtonMail did). Otherwise it’s untenable for most users.
I'm sorry that your matrix-related experience was less than ideal. I have heard of smaller numbers of people encountering issues (no denying that), but yet a greater number are still active...so i don;t know what to say...and it certainly isn't my job to try and convince or convert to towards it if you're not really interested.
> ...documentation is confusing, the spec has been changed less than a year ago IIRC and different clients a at different stages of implementation.
An opinion on confusion around documentation is too subjective for me to comment on, and i'm not sure if you're referring to user doc or developer doc or sys admin doc. Regardless, many folks seem to be building plenty of clients, bots, bridges, services, etc. using the documentation. So i'd at least say the dev. docs seem to be sufficient for many devs. While i do wish there were many more examples used in the dev docs, i have found them to be quite helpful and informative...but again, this is subjective. As to the spec being changed, actually i believe there is quite some acceleration around this, and i feel that is good in these early days...I feel like we might want a dynamic spec at least to get things as best as possible...and then years later, slow things down to avoid breakage - but maybe that's just me. Finally as far as the numerous clients, i think this is a good thing too. Let there be plenty of creative attempts at "getting this right", i say! Diversity is a good thing, and for apps/clients too! ...and much like the presence of numerous email clients, many users might just have different preferences, so its great that the underlying protocol (and associated specs) allow (if not encourage) that. Yes, eventually, after dust settles we might all congregate aroiund a small number of clients that are the "best"...but until then, it is still early days! I for one am enjoying my journey in the matrix world! (Caveat: I am not at all affiliated with any matrix project nor corporate entity, nor client dev. team, etc...I'm really just some random fan boy of matrix.)
It's called Matrix and it already exists. The most popular client is element, you can host your own instance, it has e2e encryption on by default and it doesn't require identifying data like phone numbers.
