January 30, 2021


Why am I using it?

I have been concerned about security since I can think, because it is fun to be a bit paranoid. That is the reason why I use OpenBSD, riseup for my mails, combined or not with tor, why I encrypt my drive and rely on OpenBSD general security features. This is also the reason why this page is under the OpenBSD menu of my home page.

People trust signal because people tell you to trust signal. People use whatsapp because people use whatsapp. I do not trust whatsapp, obviously, and I do not trust signal either, because they refuse to put a binary on F-Droid. Why would you do that? Read here and here. In any case I will not download their source code, compile it and create an installable apk every time they release a new version. This is why I am using telegram, because you can be as secure as signal (claims) is, if you know how to do it.

An interesting alternative, which offers a LOT of security is element. Moreover, element has an excellent quality of audio and video. However, finding a user is sometimes difficult if you are not used to it. In these few screenshots I show you how to do it.

A few technicalities, should you care

element is using the Matrix and, as they say, it is an open network for secure, decentralized communication. That means that the Matrix makes real-time communication work between different service providers. The same way you can have a googlemail account (why would you do that?) and send an e-mail to a friend using, say, a yahoo account, the Matrix allows you to communicate with different service providers including online chat, voice over IP, and video conferences.
Since May 2020 Matrix enabled end-to-end encryption by default for private conversations. Moreover, and this is an copy and paste from the wikipedia page,

the Olm library provides for optional end-to-end encryption on a room-by-room basis via a Double Ratchet Algorithm implementation.[1] It can ensure that conversation data at rest is only readable by the room participants. With it configured, data transmitted over Matrix is only visible as ciphertext to the Matrix servers, and can be decrypted only by authorized participants in the room. The Olm and Megolm (an expansion of Olm to better suit the need for bigger rooms) libraries have been subject of a cryptographic review by NCC Group, whose findings are publicly available,[42] and have been addressed by the Matrix team.[43] The review was sponsored by the Open Technology Fund.

This makes the Matrix very appealing, because you can use it with other services. Taken also from the wikipedia page, bridges for the following notable applications are maintained by the community:

Installation and web

There’s no need for you to install anything. You can run it on the web, as I am doing with OpenBSD.

  • Should you want to have the application on your phone, you can install from F-Droid for android (don’t use google play, please) or Apple Store for an iPhone.
  • There’re desktop applications for gnu/linux, windows and apple.

For gnu/linux the binaries are only ready for debian-based systems, and you need to do this

$ sudo apt install -y wget apt-transport-https

$ sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg https://packages.riot.im/debian/riot-im-archive-keyring.gpg

$ echo "deb [signed-by=/usr/share/keyrings/riot-im-archive-keyring.gpg] https://packages.riot.im/debian/ default main" | sudo tee /etc/apt/sources.list.d/riot-im.list

$ sudo apt update

$ sudo apt install element-desktop

Else, if you feel “brave enough” (I keep writing my own /dev), you could compile it from the source code, which is available here.

Enable encryption for your individual chats and calls

Encryption is NOT enable by default. You can do this in each conversation with a user by clicking on the avatar of the person (their icon) and checking for the encryption option.

Finding a user

First distinguish between people and rooms. People are people, and rooms are rooms (aka groups). Look for a user if you want to find a user, not a room. In the next screenshot I show you where to do this: On the left People ... and “Start chat”.

Then type in the dialogue the correct syntax to find the user. There are ways to make you more easily visible and to find (via your email address, phone number etc), but I would stick to the defaults, because it is also more secure.

Write the username following this scheme: @USERNAME:matrix.org

The matrix.org part is the server you are using. There are others but, if you created your account on element.io, it is very likely that you are using the matrix.

After that, you are ready to talk with that user.

Connecting from a different device

If you created your account on device A (smartphone, for instance) and you want to use device B (laptop, say), element will ask you to verify it is you. If you care about security, you want to use encryption for your conversations in element, which is NOT enabled by default, and encryption will not be allowed unless you have verified it is you from device A.

From device B go to https://element.io/, click on Try Element if you are using the browser, or install the desktop application (available for usual OSs).

You will get this screen.

Choose Sign in in the next screen,

You will notice that the default server is the matrix. You can sign in with your username, email or phone. I would recommend username, which is your USERNAME without the arrow and “:matrix.org”

It will ask you to verify the login. Do it.

For that you will have to go to device A, and you will see a dialogue similar to this one

After clicking, you will see this

From device A you will see this screen

and from device B this one

The thing with the emojis is not silly. What element is doing is to verify that device B belongs to you, that it was you who logged in on A, and that it is you wanting to log on in device B. It is a hash verification for the general public, let’s say.

Element will display emojis. On device A you will see something like this

and you have to make sure that they are the same emojis displayed on device B. In my case, they are

Take it seriously and check that they do match. Element will wait until you confirm in device A, which is the one it trusts.

Then it will recognise device B as trustworthy,

Backup copy and passphrase

Element has the feature of allowing you to create a backup of encrypted chats. For that you will need a passphrase and it will produce a security key (a string of 12 groups of 4 characters each). Store both of them somewhere safe. I have an encrypted file on my encrypted drive managed by OpenBSD, so that I deem it to be safe enough.