Matrix: a new specification for federated realtime chat [LWN.net]

Matrix: a new specification for federated realtime chat

Posted Feb 16, 2015 9:16 UTC (Mon) by gmaxwell (guest, #30048)
In reply to: Matrix: a new specification for federated realtime chat by Arathorn
Parent article: Matrix: a new specification for federated realtime chat

I think building a new communications tool which doesn't integrate end to end encryption with the participants -- (even just 'authorized channel users', in the context of channels where participants may be ambiguously defined) is really unwise and maybe even arguably unethical.

> Obviously proper privacy guarantees are critical to Matrix's success

Glad to hear it, but that it isn't in there from day one suggests that you believe that other functionality is more critical. I hope to see improvement in this area.

to post comments

Matrix: a new specification for federated realtime chat

Posted Feb 16, 2015 9:28 UTC (Mon) by Arathorn (guest, #101018) [Link]

In the end it's a matter of pragmatism. We have designed the whole system to support e2e crypto (i.e. the servers never nake any assumptions about being able to read inside oayloads for routing/filtering/etc) . We just haven't got around to defining the implementation yet. (patches welcome!)

In the end, we want Matrix clients to be as trivial and tiny as possible - eg IoT connected devices talking trivial HTTP. That simply means not mandating HTTPS on the client/server API. Obviously one will be able to define rooms which are E2E only, and then you get best of both worlds.

I sympathise with the idea that "creating an unencrypted protocol in this day and age is unethical". But in the end I also like choice. If you as a user want to mandate crypto (once e2e has landed), you can. And if you as a user want to support lobotomised clients at the expense of privacy, you can too. Everybody wins.