You probably already know that its federated, so first step would be picking a server. I would pick one that is on your continent from this list. https://servers.joinmatrix.org/
I would not recommend using the matrix.org server but im too lazy right now to explain why. (basically the same as the arguments against pushing users to lemmy.world)
I would also not use a web based client long term. In the next step you will need to for registration, which is kind of stupid, but you can just log out of the web client after the registration is done.
===========================================
Im just gonna randomly pick the server https://gemeinsam.jetzt/ (Austria) from the earlier list. From the list it links you to https://element.gemeinsam.jetzt/ for registration. If you click on “Create Account” it will give you this prompt:
After you fill everything out (+ email confirmation) you will be logged in. Now you have an account that you can use to log into a proper client with an address that look like this @username:gemeinsam.jetzt
You can now log out of the web client as you dont need it anymore. (It might warn you that you are logging out of your last device/session but thats ok).
===========================================
Now you can pick a client (there are many but these are the most up to date ones).
So now you have an account on a server of your choosing and a client which means you just give the client your full address like @username:gemeinsam.jetzt to log in and the client will automatically figure out what server your account is on. Put in your password and you are logged in.
Every time you log into a new client, it creates a new session/device that will have its own independent set of message encryption keys unless verified by another existing device/session. That means to keep your keys synchronized (and messages readable) the client will always request you to verify new devices (other than the first one) upon login.
As you logged out of the only remaining session/device earlier, this newly created one should again be the first and only one of the account. You can verify this in the client settings by looking at the “Sessions” section.
Thats basically it for the initial setup. See following section for why you should have either multiple devices/sessions or set up a recovery key.
===========================================
Your messages are stored in your account data on your server, but they are encrypted, so if you lose access to all your devices, then all those messages are gone. To prevent that you can create a “recovery key” which is just a long password that is used to encrypt your encryption keys so they too can be stored safely on your server. This allows you to restore your messages even if all devices are lost by entering the recovery key after logging in from a new device.
If you want to use multiple devices just log in on that device and follow the prompt to “verify this session from another device”. (works by QR code or comparing some emojis) By verifying a session, you synchronize all your message encryption keys to that device/session. The easiest way to verify new devices is like this, by using an existing device.
Let me know if you get stuck anywhere and i will try to help you out :)
So, I just picked a server, and created a private space for me and a handful of friends (we have a Discord server that I’d like to move over). Do you recommend turning on encryption for our rooms, or is it enough that our space is private? Will I have to worry about my friends maintaining their keys, or is that handled pretty automatically by the various clients? etc… Thanks!
Nice, glad it worked out. The only time you dont use encryption would be large rooms (>100 users) because eventually joining the room will slow down a lot for new people due to all the key sync stuff. So i would turn it on in your case.
Unencrypted messages/media/rooms can be read by the server administrators of all the servers that have one of their users in your room. Matrix.org and other big servers have implemented server side scanning for unencrypted rooms, so if you dont like that turn it on.
As long as everyone verifies their own devices there shouldnt be any need to think about encryption key stuff. Server side key storage using the recovery key makes the key sync process much more reliable in my experience.
You can also verify other peoples identity (is this session im talking to really used by person X?) in person by scanning a QR code on their device but thats not functionally necessary.
(But more seriously, thank you for the info. This looks involved, so I may attempt it this weekend. Discord declined so rapidly I had to stop using it before finding an alternative.)
I just did this to test out the process for a client who has to replace skype in their workplace, and it wasn’t bad.
I looked up servers on the web, picked the privacy DIY server, installed Element app, registered in the app using a “token” from the server website, confirmed via email - web link, and done, about 15 minutes plus figuring out the token part (had to reread instructions).
Ah I guess that was confusingly written, no you just need to have an email address to register an account, and when you register you get a verification email at that address and click on the link in the email to verify. Like almost any other social media.
You probably already know that its federated, so first step would be picking a server. I would pick one that is on your continent from this list. https://servers.joinmatrix.org/
I would not recommend using the
matrix.orgserver but im too lazy right now to explain why. (basically the same as the arguments against pushing users to lemmy.world)I would also not use a web based client long term. In the next step you will need to for registration, which is kind of stupid, but you can just log out of the web client after the registration is done.
===========================================
Im just gonna randomly pick the server https://gemeinsam.jetzt/ (Austria) from the earlier list. From the list it links you to https://element.gemeinsam.jetzt/ for registration. If you click on “Create Account” it will give you this prompt:
After you fill everything out (+ email confirmation) you will be logged in. Now you have an account that you can use to log into a proper client with an address that look like this
@username:gemeinsam.jetztYou can now log out of the web client as you dont need it anymore. (It might warn you that you are logging out of your last device/session but thats ok).
===========================================
Now you can pick a client (there are many but these are the most up to date ones).
For desktop use: https://matrix.org/ecosystem/clients/element/
For mobile use the newer: https://matrix.org/ecosystem/clients/element-x/
So now you have an account on a server of your choosing and a client which means you just give the client your full address like
@username:gemeinsam.jetztto log in and the client will automatically figure out what server your account is on. Put in your password and you are logged in.Every time you log into a new client, it creates a new session/device that will have its own independent set of message encryption keys unless verified by another existing device/session. That means to keep your keys synchronized (and messages readable) the client will always request you to verify new devices (other than the first one) upon login.
As you logged out of the only remaining session/device earlier, this newly created one should again be the first and only one of the account. You can verify this in the client settings by looking at the “Sessions” section.
Thats basically it for the initial setup. See following section for why you should have either multiple devices/sessions or set up a recovery key.
===========================================
Your messages are stored in your account data on your server, but they are encrypted, so if you lose access to all your devices, then all those messages are gone. To prevent that you can create a “recovery key” which is just a long password that is used to encrypt your encryption keys so they too can be stored safely on your server. This allows you to restore your messages even if all devices are lost by entering the recovery key after logging in from a new device.
If you want to use multiple devices just log in on that device and follow the prompt to “verify this session from another device”. (works by QR code or comparing some emojis) By verifying a session, you synchronize all your message encryption keys to that device/session. The easiest way to verify new devices is like this, by using an existing device.
Let me know if you get stuck anywhere and i will try to help you out :)
This is awesome–thank you!
So, I just picked a server, and created a private space for me and a handful of friends (we have a Discord server that I’d like to move over). Do you recommend turning on encryption for our rooms, or is it enough that our space is private? Will I have to worry about my friends maintaining their keys, or is that handled pretty automatically by the various clients? etc… Thanks!
Nice, glad it worked out. The only time you dont use encryption would be large rooms (>100 users) because eventually joining the room will slow down a lot for new people due to all the key sync stuff. So i would turn it on in your case.
Unencrypted messages/media/rooms can be read by the server administrators of all the servers that have one of their users in your room. Matrix.org and other big servers have implemented server side scanning for unencrypted rooms, so if you dont like that turn it on.
As long as everyone verifies their own devices there shouldnt be any need to think about encryption key stuff. Server side key storage using the recovery key makes the key sync process much more reliable in my experience.
You can also verify other peoples identity (is this session im talking to really used by person X?) in person by scanning a QR code on their device but thats not functionally necessary.
Upvoted for visibility. Saved for later.
Forgotten in an instant.
(But more seriously, thank you for the info. This looks involved, so I may attempt it this weekend. Discord declined so rapidly I had to stop using it before finding an alternative.)
I just did this to test out the process for a client who has to replace skype in their workplace, and it wasn’t bad.
I looked up servers on the web, picked the privacy DIY server, installed Element app, registered in the app using a “token” from the server website, confirmed via email - web link, and done, about 15 minutes plus figuring out the token part (had to reread instructions).
Does this mean we need to be hosting an email server too? I should just go look at the docs lol, this news might push me over the edge.
Ah I guess that was confusingly written, no you just need to have an email address to register an account, and when you register you get a verification email at that address and click on the link in the email to verify. Like almost any other social media.