Bit of an odd intro: I'm a carpenter, 42 years at the bench. I'm the type who can't stand making the same thing everyone else makes, so I've always chased the technical side too - CNC, laser cutting, and lately building software to run my machines.
At some point I wanted to send my own designs to people without them leaking anywhere, and I went down the rabbit hole of how messaging actually works. What got me was realising how much of the "free" stuff is paid for with our privacy. That annoyed me enough that I decided to build my own messenger, mostly to learn. It grew from something simple into a real thing. I called it Sherlock.
Two things I cared about: proper encryption, and NOT tying it to a phone number - I built a different system for that.
I'm not going to pretend I reinvented cryptography. I'm a woodworker who got obsessed. So I'd rather hear it straight from people who actually know this stuff:
- How much does the "no phone number" approach really buy you if I get the rest wrong?
- For a small independent project, what's the bar before any of you would even consider trusting it - open source, audit, something else?
Genuinely here for the criticism, not the pats on the back.
I considered it, and the point stands. I came here offering advice - good advice, grounded in two decades of IT career, because nobody who cares about security rolls their own app with encryption unless they know what they're doing. There's too much risk of a bad implementation and leaving holes for bad actors to find.
They can just do what I do and use AI to set up their Matrix server. I set it up before AI was a thing too, but it's so much faster now. That uses a lot less tokens, too. But they don't seem particularly interested in actually taking advice onboard, so I'm not holding my breath.
edit: well that's refreshing, he listened! Don't get that on the internet too often these days.