he’s gone off the rails in the last 6-12 months - complaining about needing more linux devs

It’s also ironic in light of his history of loudly bashing linux and linux game development.

I can’t think of anything good to say about Tim Sweeney.

I might give Backpack Battles a try. It doesn’t look like my usual style, but I heard there’s some good strategy under the surface, and I like that it’s made with Godot.

This is misleading. Matrix respects the e2ee setting that you choose when creating a room, and it’s enabled by default.

Whether to use encryption is a per-room setting, not per-server. It’s controlled by the person who creates the room, not the server admin. It’s on by default, and cannot be switched off later.

Rooms can be created without it because that makes sense for large public rooms, like those migrating from IRC, where privacy would defeat the purpose.

Keybase was popular with some Hacker News users for a while, but now that it’s owned by Zoom, anyone concerned about privacy ought to think twice before using it.

XMPP might be worth considering if you’re hosting for yourself and all your contacts. I suggest avoiding it for public use, mainly because features are piecemeal and coordinating them across everyone’s clients and servers is a bit complicated. (Also, I don’t know if there’s a good XEP for encrypted search.)

Back when encrypted search was being developed for the Electron app, I think someone had it working in a standalone browser as well. Perhaps that was with the help of a browser add-on; I don’t remember for sure. I suspect github.com/t3chguy would know, as he seems to be active in discussions of that feature. It might be worth asking him about it.

Does it have feature parity with Element yet?

Not yet. It’s in beta.

https://element.io/labs/element-x

EDIT: Nheko is NOT a mobile client.

If you specifically meant mobile, you could have said so. Your statement was, “every other client has even more drawbacks when it comes to E2EE.” Nheko disproves that statement. It also suggests that some alternative mobile clients might handle E2EE at least as well as it does. You might want to try them.

By the way, text search with end-to-end encryption happens to be tricky to implement, and Matrix projects aren’t funded by corporations with deep pockets. Tempering your expectations regarding development speed is probably worthwhile here.

Correcting some misconceptions…

Element for Android doesn’t support searching in encrypted channels

That’s true of regular Element for Android, but it’s being replaced with Element X (which is built with Rust). I would expect search to be added there if it isn’t already.

and I think you can’t use E2EE in the browser at all(?)

I have done it in Firefox, so that’s false. Perhaps you had trouble with a specific browser?

plus basically every other client has even more drawbacks when it comes to E2EE.

Nheko handles E2EE just fine, so that would seem to be false as well.

Since you’re looking for recommendations, it would help if you said which clients you tried and what problems you had with them.

In case you haven’t seen it, you can set a Features: E2EE filter on this list:
https://matrix.org/ecosystem/clients/

Not really an answer to your question, but just to make you aware of some options:

Have you considered using subkeys for each of your machines, signing things with those, and keeping their master key someplace safe? That would limit your exposure if one of those machines is compromised, since you could revoke only that machine’s key while the others remain useful (and the signatures they have issued remain valid).

Are you setting expiration dates on your keys? That can bring some peace of mind when you lose your key/revocation data.

So with normal use it should be fine for a few decades.

Considering that “normal use” can be so very different among different people/applications/climates, I don’t put a lot of stock in assessments like that, but it is at least one prediction to compare against when we see what happens in practice. Time will tell.

I’m curious how long the current gen OLED consoles will be in use before they develop screen burn-in.

Or by people formerly paying for their internet service with money that should have been going toward food or heat.

Losing the $30 monthly discount could force families to choose between broadband and other necessities,

Exactly.

It’s also important to note that some ISPs created a low-cost service plan specifically for ACP. (It’s reasonable to assume this was possible in part because ACP handled income verification and eliminated the costs of individual billing and credit card payments.) That plan will likely disappear if ACP goes away, leaving poor people stuck paying a bill much higher than the program ever paid.

I don’t think regular users have access to that info on lemmy. (Maybe you’re thinking of a kbin feature?)

Depends on the particulars, and on the needs of the individual.

That’s not really how things like security works.

If that were true, threat modeling wouldn’t exist. ;)

I think some people just go crazy for something that’s not big tech, and then quit looking at the particulars.

I expect that’s probably true. It’s safe to assume I’m not one of them, though. Cheers.

So it could still be considered less secure than N.

It could be, or it could not be. Depends on the particulars, and on the needs of the individual.

Mind, I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing. I’m just stating what’s a good fit for me.

N + 1 > N

I use it because, contrary to what that scare piece you linked would have the reader believe, it’s better for my needs than the alternatives.

(I’m no stranger to software development and security, by the way. I understand the pros and cons.)

You’ll have to trust an additional party when getting your apps, and updates are often a couple days behind.

I know how it works, and in this case, that’s fine with me.

F-Droid has an excellent track record; better than many developers have. And I’m not addicted to having the latest versions of everything on the day they’re released. In fact, not immediately jumping on the latest versions has saved me from nasty bugs more than once.

Part of what I value in F-Droid is the additional layer in the build/release process, because it makes tampering more likely to be detected.

It’s still nice to know a tool like obtanium exists, though. Thanks for the link.

If new versions don’t make it to F-Droid, they might as well not exist for me. There are only a couple of apps that I find important enough that I’ll spend time manually building/pulling/installing, and a Lemmy reader isn’t one of them. Thanks for the tip, though.