My laptop is getting old and i can’t have Element eat up half of my RAM. There are many more clients out there but which one is good? aka "the best? ;-)
My requirements: lightweight, encryption 100% supported, active development/community. runs neatly 24/7 in the background.
Should also support the latest features, let me customize when to get notifications: priorities / muted chatrooms. And ideally also look clean and run on the Pinephone. But that’s optional.
I don’t care which desktop environment or cli.
What do you use?
Interesting. Thanks for the info. I turned off the listening notification. Hopefully this is the one you meant. I hadn’t thought about settings for the device itself.
I don’t entirely understand the verification notice and all. I don’t understand the context of verification. I generally avoid making any external internet connections (finger printing) between my phone and other hardware. They are on separate VPNs and firewalls. I get the message about no verification every time I open element. I don’t know what it is trying to verify exactly. I imagine it is a copy of the keys and hashes, but like, I don’t want to connect social across devices and I am given no options or context details. I don’t mind backing up or storing keys, but I’m not installing the software on my workstation or punching holes in that firewall.
Yeah. That’s the correct one. You can also do that with other apps that rely on a background connection to some server. I also don’t use google and their cloud messaging. So that’s the way around it.
Regarding the verification: It’s an additional layer of security for you. To make sure all the devices logged in into your account actually belong to you. Otherwise someone with access to your computer or password (or matrix-server(?)) could in theory read your messages. To prevent that, they make you verify it’s actually you who registered that additional device. I think Element has an option to not sync encryption keys with unverified devices. So you could end up with malfunctioning encryption. But in case it’s working fine for you, you can skip the verification. You’re just missing out on the extra security this way.
Anyone with access to your homeserver can change your password and log into your account. That’s why by default, when someone logs into account, their session is unverified and doesn’t have access to encryption keys. To verify it and sync encryption keys, you have to mark it as trusted from another device you own (which sends the encryption keys from the old device), or if it’s the first session it becomes the only trusted device (and generates new encryption keys).
Note that the homeserver owner can always reset all of your sessions and encryption keys, then log in as the first session. They won’t be able to read your past encrypted messages obviously, but they will be able to impersonate you. To prevent that, you can additionally perform the same verification process for the devices of those you chat with - that way they will also know which devices you marked as trusted.