This might not be the right place to ask but I've been looking into matrix and am I right that if you don't want to rely on a central authority then you need to run your own homeserver, which at minimum requires a publicly accessibly HTTPS server?
Because while it's nice you can run your own instance those homeservers seem very public by default if you just want one for your personal use. Which makes it seem a bit risky if all you want is control over your username (well and optionally some bridges to replace e.g. signal and whatsapp but no way I'm connecting those to anything publicly accessible).
> This might not be the right place to ask but I've been looking into matrix and am I right that if you don't want to rely on a central authority then you need to run your own homeserver, which at minimum requires a publicly accessibly HTTPS server?
If you run your own homeserver you are completely independent and don't rely on anyone else.
If you want to join the federation and talk to people on other homeservers you do need a publicly accessible web server with a valid TLS certificate (which you can get for free from let's encrypt).
If you only want to chat with people on the same server you can choose not to join the federation, but this is not what matrix was designed for.
> those homeservers seem very public by default if you just want one for your personal use.
You can disallow public user creation in the homeserver config. Then only users you have created can access your homeserver. Of course anyon in the federation can invite your users to a room etc.
> Which makes it seem a bit risky
I don't think there is a very large risk to running your own homeserver (not more than running other services).
A matrix homeserver can require quite some resources depending on how many users you host and how large the rooms are. Also there is some normal administration required (updating, making sure the cert is valid, ...).
It seems like you ought to be able to run your homeserver on local equipment, and tunnel connections out to a public/shared (e.g. AWS) server somewhere that exposes ports, so that the public host does not know any important secrets, and stores no important data.
Because while it's nice you can run your own instance those homeservers seem very public by default if you just want one for your personal use. Which makes it seem a bit risky if all you want is control over your username (well and optionally some bridges to replace e.g. signal and whatsapp but no way I'm connecting those to anything publicly accessible).