Isn’t matrix basically all that’s needed? It even has out-of-band verification of your friend’s keys.

If only the ecosystem had been built to use E2EE by default, always. They fucked up with the design allowing bridges and bots, left E2EE for later, and now they're in the vicious circle of downgrade attacks until all major clients switch to E2EE with no insecure fall-back option.

there aren't downgrade attacks. we turned on E2EE by default in May for private rooms, and there's no negotiation involved. if you're on a client that supports E2EE (i.e. almost all major ones, now) and you try to DM someone, they simply won't be able to read you unless they support E2EE. i.e. they can't downgrade the convo.

That's good. The last time I had a look at Matrix clients it was a mess. IIUC the E2EE isn't enabled by default for the old Riot client, only RiotX and Riot web have it.

What happens if someone with old Riot client creates a room and someone with e.g. RiotX joins it, will it force E2EE on? Or will it fall back to non-E2EE messaging?

The creator and admins of the room picks the encryption preferences, iiuc: if you have a client that doesn’t support E2EE, you might be able to create an encrypted room (?) but it would be pretty useless. The clients all clearly mark the encryption status of the room you’re in.

So if an ignorant/malicious user creates a room without E2EE and doesn't care to enable it even when requested, all users are forced to converse in effectively plaintext, and the solution is "clients tell users it's not E2EE".

IMO it should be the case that it's always E2EE, no other options. Until that's the case I think Matrix ecosystem isn't keeping up with centralized solutions like Signal.

E2EE is really annoying, in lots of ways: if the users in the room want encryption, I’d rather they just create a new room.

Yeah, I really like the ability to have an unencrypted channel: easy bots and bridges are one of the main advantages for me of matrix vs. IRC.

My only big issue is that the iOS client doesn’t support multiple simultaneous identities.

I should have said “easy bots and bridges are one of the main advantages for me of matrix as a successor to IRC”

I'm really intrigued by the Scuttlebutt protocol, but in practice it's super hard to get plugged into the community because, as a new user, nobody follows you. I haven't figured out how to just engage people in conversation -- I reply to their posts but nobody sees my replies.

If there are other applications that can run over the protocol, I'm interested in learning about them.

Yeah, that behaviour's designed to counter spam and unwanted bots, but it does mean newbies need to be invited into a community. Meanwhile it's lonely talking into the void.

You could connect to a pub — an automatically-friendly bot account; see a list at https://github.com/ssbc/ssb-server/wiki/Pub-Servers — scuttle.space seems to be active right now.

If you're happy posting your SSB ID publicly, I'll follow you, and that may help. Or you can use the #new-people tag if you want to introduce/announce yourself :)

The dealbreaker with Scuttlebutt for me was the inability to delete messages.