About matrix and riot

That worries me a little, as this would mean giving my other IM identities (and any E2E encryption keys?) I want to bridge to my Matrix server (which in many cases would be either Riot.im or a new Purism server), or am I misunderstanding something?

@cgelinek you could host your own Matrix server.

@Handle yes, I could, potentially. What I was referring to is that the vast majority of Librem 5 end users, including myself, probably wouldn’t. I am a regular XMPP user but thanks to the E2E encryption support there, I didn’t feel the need to do so… for now.

Having non-power-user friendly Matrix clients is very high on our todo list. Whatever the Librem5 ends up with should feel as simple as Signal or Silence in the end.

4 Likes

You’re right that most of the things I mentioned that Matrix can do (but telepathy can’t) are also doable with XMPP. However, architecturally/ideologically the protocols couldn’t be more different. In Matrix, conversations are always shared over all the participating servers - this is really important from a data sovereignty perspective. A given conversation should never be anchored on a single logical server. In Matrix, conversation history is a first-class citizen: in fact, Matrix is only about synchronising conversation history between devices. It doesn’t even have a way to do simple store-and-forward messaging like traditional XMPP. Similarly, E2E encryption is a first-class citizen, baked into the core protocol (albeit still in its final stages of development), rather than an afterthought extension like OMEMO. As a result, the entire protocol revolves around supporting E2E-by-default (eventually). Finally, the model of the Matrix spec is a single consistent monolithic spec published by the project, rather than the cloud of XEPs which characterises XMPP. This has advantages and disadvantages, but provides a completely opposite approach for those who want it. This is what Matrix brings to the table :slight_smile:

3 Likes

As I said, conceptually the bridge may run serverside. And yes, you’d have to give it your login or e2e keys etc to work, and it ‘breaks’ the E2E of services like telegram by decrypting/reencrypting for Matrix on the bridge. However, you could run a bridge yourself (as @Handle said), or in future we’re looking at ways to run a bridge (and homeserver for that matter) locally on the client. So you’d have the option to either have a lightweight thin-client or a much heavier one which actually federates directly with Matrix (effectively acting as a server), which could likewise run bridging locally. Finally there may also be a halfway house in future where you can run a local bridge which puppets your local client to synchronise it with the remote protocol. We do this today in some places with SMS, where the local client effectively acts to bridge SMS in/out of Matrix.

4 Likes

hi metthew, its a little off-topic here but as you are so actively and competently answering about matrix here, i would like to know how the local home server concept should work. for know i can have an id at the matrix home server as username@matrix.org which is easy to resolve as there is a server with the matrix domain name. But how should this work with a local home server at any librem5 phone? would any user need a domain for his phone which also would be in need to be update as the ip is dynamic, especially with mobile networks? am i missing some thing?
i just installed riot the last days an like the idea of local home servers which could handle the bridges to other networks but doesn’t get it.

To be clear: the “local homeserver” idea is 100% vapourware scifi at this point, but still an interesting thought experiment about where things could go in future. It comes originally from https://matrix.org/~matthew/2016-12-22%20Matrix%20Balancing%20Interop%20and%20Privacy.pdf, but the idea is basically: “if we supported a p2p protocol for federation, then you could run a homeserver on the client. This would both help preserve metadata privacy, as well as let you run local bridges”. It’s something we want to investigate over the next year or two. The user IDs would almost certainly end up looking like public key fingerprints (which isn’t a problem, given in practice the idea in Matrix is to invite people by email or phone number rather than their user ID).

Separately, there’s also the idea of having a ‘headless matrix daemon’ for an OS like PureOS which isn’t a full-blown homeserver, but acts as an ‘always on’ matrix client in the background, which other apps on the OS could connect to. This could also support running local bridges (which would act as a local app which ‘puppets’ the daemon to sync it with other protocols). This is also sci-fi atm, but something we’re actively discussing with Purism as a way to handle Matrix on the Librem5.

4 Likes

Thanks. i Like the ideas. Nice thing with the tor layer in between.

2 Likes

@matthew any roadmap/timeline for the matrix server privacy policy change?

It’s hard to predict because our top priority is getting New Vector (the new company that employs the core Matrix team) fully incorporated and funded. There is at least a month or two of work remaining there. Once that is done, we’ll then be in position to work on other legal stuff like rewriting the privacy policy to be less scary (although in turn we have to balance that with time spent improving Matrix as a whole). So, “several months” unless something forces us to address it sooner.

5 Likes

i understand, there is no hurry, the important things is to do it as the best as you can, better to have a good privacy policy, something similar the one i wrote, in one year than a bad one in 3 months, and if there is something you have to because of UK law, if is possible should be clever to start the new company in another country like swiss or a privacy friendly one

thank you for your reply and your time

2 Likes

i’ve found no option on riot to automatic delete after a period a conversation on a room, for example to autodelete conversations older than a week, i’ve made a internet research and i also found if everyone leave a chat room the conversation still exist
any change of this in your roadmap, this option looks as huge lack of control of my conversation to me

“Matrix is only about synchronising conversation history” so removing the history is against Matrix core concept :wink:

Depend on purpose user should always have the control, if my need is to comunicate but to not store older conversation i whould like to have an options like other IM

that’s the difference. Matrix is not about communication, communication is a side effect. You cannot remove the history of conversation because in conversation (except some corner cases) there are more than one party. So in this case “removal” is effectively a blacklisting of your own access to your history. do you really want it?

i wanna choose, maybe in some room is better to hold everything, and maybe in other room is better to delete

in my uses is better to delete older entry because to me matrix should be a sostitute of whatsapp/signal
i take care of security and privacy, as i think almost everyone there, i just need to communicate with others without store everything i say like the google brother

I hear you and completely understand your use case. Just try to hear me. You can choose what you store on your device. You can choose whether server stores messages at your personal store. You cannot choose though what other side chooses to do. Now, server has tow possibilities - store a copy of the message at multiple buckets (personal stores). Or it may just store everything once and then partition personal-store-like access by filter/access matrix. So when you drop your store - you just filter yourself out of the central store.
I’m not saying this is how matrix works. i’m just telling you hypothetical implementation scenario. However I wouldn’t be surprised if matrix chosen this implementation strategy. I’ve chosen it to implement XMPP MAM.

i got your point and i really like to be able to make my own server, and i searched for it on the web but is completly out of my understanding

that’s why i’m asking for a new kind of setting, i’m not asking to change their way, just to add a new one, where people can completly control of their data

and that’s what i call creepy, i think something like that is about facebook/google where you give to them your data and when you delete it, you just can’t see it anymore, but they can

my though is about privacy minded people and business model, i think to be one of the privacy minded people, like almost everyone there, and purism and matrix crew are the business company, a business company goal is to make money with their mission, when your business mission is to be a privacy friendly company you should also try to give something others do not have, and when you do it, you have success, just see the librem 5 campaign, i disagree with you when you write

matrix in my opinion is a communication app, and actual as i know there is no communication app completly open source who completly respect privacy with a good privacy policy, and which allow user to completly control your data, i know the exception is matrix itself if you have your own server, but is not easy for normal user, and as normal user i’m there trying to explain a point of view that is not just mine, but also real friends and people i talk with on the web, and that’s the matrix opportunity to be different from other services, not just about be federated, as everyone know have a better technology do not give you the first price, you have to be unique from normal user prospective, for example it should be really easier to use and configure, i saw the project leader wrote somewhere they know and they will work on it, and as i already wrote should be more privacy friendly with privacy policy server and give more option to user to customize their room as they wish
there is still no communication app who give to you the total control of your communication, and i really hope matrix will be that one

Suppose Alice sends a message to Bob by way of Steve (server). Steve can’t decrypt the message. Neither Alice nor Bob can delete the message without the other’s cooperation. Alice can delete her own copy, but Bob can keep a copy. Bob might keep a copy with Steve and might also keep a copy at home and perhaps he has stored a copy with his friend Tom (server 2). Alice can ask Bob to delete it but it is impossible for her to be sure. Maybe Bob photographed the message, or simply has a very good memory. How can Alice possibly verify Bob can no longer produce a copy of the message? Alice can ask Steve to delete Bob’s copy of the message, but if Steve complied this would be a betrayal of Bob, and in any case it is pointless because only someone possessing Bob’s private key can read the message and also because Bob could have made many other copies.

Why is this situation “creepy”? I think it would be creepy if Steve could be asked by either Alice or Bob to delete the other’s copy of the message. Bob might be relying on Steve for keeping a copy.