> It seems like a puppeted bridge requires me to send the messages to the Matrix server who then has a login to my FB Messenger to read/write messages there. I'm not going to run my own Matrix server so that requires me to trust a Matrix server with access to my Facebook.
This is kind of how it's done today but also not exactly. The bridge (which is what has access to your account and messages) is its own process and could in principle be run on a separate host (like your own device for a single-user bridge). However, most (all?) public homeservers access for connecting puppeting bridges (meaning "virtual" Matrix identities for each identity on the bridged network, rather than just having a single "botuser" for all conversations through the bridge) and the API for access is rather coarse.
Also, last time I checked most bridges do not implement E2EE and signing properly, which means that the homeserver it connects to both gets read-access to bridged messages and can impersonate. This is mostly a matter of implementation not being prioritized highly in bridge projects. Currently that can be worked around to get E2EE even for cleartext bridges by running a protocol-specific proxy called pantalaimon which sits between the bridge and the homeserver and terminates encryption.
There are tradeoffs that can be made, which can be seen in the different alternatives for IRC bridges. For example, matterbridge is more of a typical bot (supporting loads of protocols!) and can be run towards a remote homeserver as a normal user.
I am certain we will see better interfaces to allow people to run local personal IM bridges without the requirements and overhead involved today. Thinking out loud here, I could imagine a minimal per-user homeserver baked into a client, that only does bridging for that user and only federates with the homeserver of that users' accounts. That could tick all the boxes even before P2P matrix I think.
The benefit of this approach over pidgin or a purely local single-user homeserver (which are viable and it sounds like you kind of want) would be all the conveniences people have gotten used to with centralized platforms... E.g. if you have the bridged rooms on a remote homeserver, seamless retention of histories across all your devices, without needing to be simultaneously online. But you'd also only need to keep credentials local, and message content in cleartext would only ever be acessible on your client(s).
This is kind of how it's done today but also not exactly. The bridge (which is what has access to your account and messages) is its own process and could in principle be run on a separate host (like your own device for a single-user bridge). However, most (all?) public homeservers access for connecting puppeting bridges (meaning "virtual" Matrix identities for each identity on the bridged network, rather than just having a single "botuser" for all conversations through the bridge) and the API for access is rather coarse.
Also, last time I checked most bridges do not implement E2EE and signing properly, which means that the homeserver it connects to both gets read-access to bridged messages and can impersonate. This is mostly a matter of implementation not being prioritized highly in bridge projects. Currently that can be worked around to get E2EE even for cleartext bridges by running a protocol-specific proxy called pantalaimon which sits between the bridge and the homeserver and terminates encryption.
There are tradeoffs that can be made, which can be seen in the different alternatives for IRC bridges. For example, matterbridge is more of a typical bot (supporting loads of protocols!) and can be run towards a remote homeserver as a normal user.
https://github.com/hifi/heisenbridge#comparison
https://github.com/42wim/matterbridge/wiki/Section-Matrix-%2...
I am certain we will see better interfaces to allow people to run local personal IM bridges without the requirements and overhead involved today. Thinking out loud here, I could imagine a minimal per-user homeserver baked into a client, that only does bridging for that user and only federates with the homeserver of that users' accounts. That could tick all the boxes even before P2P matrix I think.
The benefit of this approach over pidgin or a purely local single-user homeserver (which are viable and it sounds like you kind of want) would be all the conveniences people have gotten used to with centralized platforms... E.g. if you have the bridged rooms on a remote homeserver, seamless retention of histories across all your devices, without needing to be simultaneously online. But you'd also only need to keep credentials local, and message content in cleartext would only ever be acessible on your client(s).