About matrix and riot

Thanks also from me for the thorough responses, this is very valuable information. I am still very new to Matrix and trying to understand how it differs from other protocols I am somewhat more familiar with, especially XMPP.

So please allow me go through your list of things Telepathy (which I don’t know) doesn’t do and compare them to what I know about XMPP and with what I understand about the privacy implications:

  • Infinite scrollback serverside history
  • Synced history across multiple devices
  • Server side search
    • I cannot think of a way that server-side searching (of messages) would work at all with E2E encryption, which means the server has to be able to read the messages, what am I missing?
  • Server side notification settings
    • This sounds like something that could easily be implemented via XMPP’s various storage XEPs, summarised e.g.here.
  • Read receipts
    • XMPP can already do this.
  • Read-up-to markers
    • XMPP can already do this.
  • Multiway voip
    • Not sure about XMPP support for multiway, but I have done 1:1 video calls successfully.
  • Promoting 1:1s to group chats and vice versa
    • This sounds like a UI thing, if XMPP would start 1:1 chats automatically as “group chats”, this is done.
  • Native end-to-end encryption (verifying keys, devices, sharing keys, etc)
    • XMPP does this via OMEMO which supports both group and 1:1 chats.
  • Encrypted file transfers
  • Redacted msgs
    • What exactly do you mean by that?
  • Reactions / upvotes / downvotes
    • Sounds like it could easily be implemented on top of XMPP (similar to message receipts and read pointers), but I’m not aware of any out-of-the-box XEPs to support that
  • Editable msgs
    • This sounds like a thing the UI would be responsible for - the XMPP app Conversations e.g. allows editing of the last message
  • Pinned messages
    • Again, a UI thing
  • Threading
    • What exactly do you mean by that?

For those who don’t know XMPP, it supports (IMHO similar to Matrix) a federation system which allows anyone to install a “home server” and which works with IDs that look exactly like email addresses, which I think makes this relatively easy for beginners as all they need to know is that ID if they want to contact someone new.

So please forgive me that I still don’t quite understand what new things Matrix brings to the table that XMPP can’t do already. I understand the current XMPP landscape is so fragmented because most client apps and too many servers don’t support various subsets of these XEPs (or do so poorly), but to counter that the Librem 5 could e.g. enforce minimum requirements on the servers people want to sign up to. Once that is under control, the rest appear to be mainly UX choices and development.

3 Likes

That worries me a little, as this would mean giving my other IM identities (and any E2E encryption keys?) I want to bridge to my Matrix server (which in many cases would be either Riot.im or a new Purism server), or am I misunderstanding something?

@cgelinek you could host your own Matrix server.

@Handle yes, I could, potentially. What I was referring to is that the vast majority of Librem 5 end users, including myself, probably wouldn’t. I am a regular XMPP user but thanks to the E2E encryption support there, I didn’t feel the need to do so… for now.

Having non-power-user friendly Matrix clients is very high on our todo list. Whatever the Librem5 ends up with should feel as simple as Signal or Silence in the end.

4 Likes

You’re right that most of the things I mentioned that Matrix can do (but telepathy can’t) are also doable with XMPP. However, architecturally/ideologically the protocols couldn’t be more different. In Matrix, conversations are always shared over all the participating servers - this is really important from a data sovereignty perspective. A given conversation should never be anchored on a single logical server. In Matrix, conversation history is a first-class citizen: in fact, Matrix is only about synchronising conversation history between devices. It doesn’t even have a way to do simple store-and-forward messaging like traditional XMPP. Similarly, E2E encryption is a first-class citizen, baked into the core protocol (albeit still in its final stages of development), rather than an afterthought extension like OMEMO. As a result, the entire protocol revolves around supporting E2E-by-default (eventually). Finally, the model of the Matrix spec is a single consistent monolithic spec published by the project, rather than the cloud of XEPs which characterises XMPP. This has advantages and disadvantages, but provides a completely opposite approach for those who want it. This is what Matrix brings to the table :slight_smile:

3 Likes

As I said, conceptually the bridge may run serverside. And yes, you’d have to give it your login or e2e keys etc to work, and it ‘breaks’ the E2E of services like telegram by decrypting/reencrypting for Matrix on the bridge. However, you could run a bridge yourself (as @Handle said), or in future we’re looking at ways to run a bridge (and homeserver for that matter) locally on the client. So you’d have the option to either have a lightweight thin-client or a much heavier one which actually federates directly with Matrix (effectively acting as a server), which could likewise run bridging locally. Finally there may also be a halfway house in future where you can run a local bridge which puppets your local client to synchronise it with the remote protocol. We do this today in some places with SMS, where the local client effectively acts to bridge SMS in/out of Matrix.

4 Likes

hi metthew, its a little off-topic here but as you are so actively and competently answering about matrix here, i would like to know how the local home server concept should work. for know i can have an id at the matrix home server as username@matrix.org which is easy to resolve as there is a server with the matrix domain name. But how should this work with a local home server at any librem5 phone? would any user need a domain for his phone which also would be in need to be update as the ip is dynamic, especially with mobile networks? am i missing some thing?
i just installed riot the last days an like the idea of local home servers which could handle the bridges to other networks but doesn’t get it.

To be clear: the “local homeserver” idea is 100% vapourware scifi at this point, but still an interesting thought experiment about where things could go in future. It comes originally from https://matrix.org/~matthew/2016-12-22%20Matrix%20Balancing%20Interop%20and%20Privacy.pdf, but the idea is basically: “if we supported a p2p protocol for federation, then you could run a homeserver on the client. This would both help preserve metadata privacy, as well as let you run local bridges”. It’s something we want to investigate over the next year or two. The user IDs would almost certainly end up looking like public key fingerprints (which isn’t a problem, given in practice the idea in Matrix is to invite people by email or phone number rather than their user ID).

Separately, there’s also the idea of having a ‘headless matrix daemon’ for an OS like PureOS which isn’t a full-blown homeserver, but acts as an ‘always on’ matrix client in the background, which other apps on the OS could connect to. This could also support running local bridges (which would act as a local app which ‘puppets’ the daemon to sync it with other protocols). This is also sci-fi atm, but something we’re actively discussing with Purism as a way to handle Matrix on the Librem5.

4 Likes

Thanks. i Like the ideas. Nice thing with the tor layer in between.

2 Likes

@matthew any roadmap/timeline for the matrix server privacy policy change?

It’s hard to predict because our top priority is getting New Vector (the new company that employs the core Matrix team) fully incorporated and funded. There is at least a month or two of work remaining there. Once that is done, we’ll then be in position to work on other legal stuff like rewriting the privacy policy to be less scary (although in turn we have to balance that with time spent improving Matrix as a whole). So, “several months” unless something forces us to address it sooner.

5 Likes

i understand, there is no hurry, the important things is to do it as the best as you can, better to have a good privacy policy, something similar the one i wrote, in one year than a bad one in 3 months, and if there is something you have to because of UK law, if is possible should be clever to start the new company in another country like swiss or a privacy friendly one

thank you for your reply and your time

2 Likes

i’ve found no option on riot to automatic delete after a period a conversation on a room, for example to autodelete conversations older than a week, i’ve made a internet research and i also found if everyone leave a chat room the conversation still exist
any change of this in your roadmap, this option looks as huge lack of control of my conversation to me

“Matrix is only about synchronising conversation history” so removing the history is against Matrix core concept :wink:

Depend on purpose user should always have the control, if my need is to comunicate but to not store older conversation i whould like to have an options like other IM

that’s the difference. Matrix is not about communication, communication is a side effect. You cannot remove the history of conversation because in conversation (except some corner cases) there are more than one party. So in this case “removal” is effectively a blacklisting of your own access to your history. do you really want it?

i wanna choose, maybe in some room is better to hold everything, and maybe in other room is better to delete

in my uses is better to delete older entry because to me matrix should be a sostitute of whatsapp/signal
i take care of security and privacy, as i think almost everyone there, i just need to communicate with others without store everything i say like the google brother

I hear you and completely understand your use case. Just try to hear me. You can choose what you store on your device. You can choose whether server stores messages at your personal store. You cannot choose though what other side chooses to do. Now, server has tow possibilities - store a copy of the message at multiple buckets (personal stores). Or it may just store everything once and then partition personal-store-like access by filter/access matrix. So when you drop your store - you just filter yourself out of the central store.
I’m not saying this is how matrix works. i’m just telling you hypothetical implementation scenario. However I wouldn’t be surprised if matrix chosen this implementation strategy. I’ve chosen it to implement XMPP MAM.

i got your point and i really like to be able to make my own server, and i searched for it on the web but is completly out of my understanding

that’s why i’m asking for a new kind of setting, i’m not asking to change their way, just to add a new one, where people can completly control of their data

and that’s what i call creepy, i think something like that is about facebook/google where you give to them your data and when you delete it, you just can’t see it anymore, but they can

my though is about privacy minded people and business model, i think to be one of the privacy minded people, like almost everyone there, and purism and matrix crew are the business company, a business company goal is to make money with their mission, when your business mission is to be a privacy friendly company you should also try to give something others do not have, and when you do it, you have success, just see the librem 5 campaign, i disagree with you when you write

matrix in my opinion is a communication app, and actual as i know there is no communication app completly open source who completly respect privacy with a good privacy policy, and which allow user to completly control your data, i know the exception is matrix itself if you have your own server, but is not easy for normal user, and as normal user i’m there trying to explain a point of view that is not just mine, but also real friends and people i talk with on the web, and that’s the matrix opportunity to be different from other services, not just about be federated, as everyone know have a better technology do not give you the first price, you have to be unique from normal user prospective, for example it should be really easier to use and configure, i saw the project leader wrote somewhere they know and they will work on it, and as i already wrote should be more privacy friendly with privacy policy server and give more option to user to customize their room as they wish
there is still no communication app who give to you the total control of your communication, and i really hope matrix will be that one