Introducing Matrix 1.0 and the Matrix.org Foundation

[Posted June 11, 2019 by ris]

The Matrix team has announced the first stable release of the Matrix protocol and specification across all APIs. The Synapse 1.0 reference implementation, which implements the full Matrix 1.0 API surface, has also been released. "Now, before you get too excited, it’s critical to understand that Matrix 1.0 is all about providing a stable, self-consistent, self-contained and secure version of the standard which anyone should be able to use to independently implement production-grade Matrix clients, servers, bots and bridges etc. It does not mean that all planned or possible features in Matrix are now specified and implemented, but that the most important core of the protocol is a well-defined stable platform for everyone to build on. On the Synapse side, our focus has been exclusively on ensuring that Synapse correctly implements Matrix 1.0, to provide a stable and secure basis for participating in Matrix without risk of room corruption or other nastinesses." The announcement also covers the launch of the Matrix.org Foundation.

"Matrix"? "Synapse"?

Posted Jun 11, 2019 21:27 UTC (Tue) by nickbp (guest, #63605) [Link] (17 responses)

If anyone else was wondering what this thing actually is, here's the closest thing I found to a succinct description:

Matrix gives you simple HTTP APIs and SDKs (iOS, Android, Web) to create chatrooms, direct chats and chat bots, complete with end-to-end encryption, file transfer, synchronised conversation history, formatted messages, read receipts and more.

"Matrix"? "Synapse"?

Posted Jun 11, 2019 23:39 UTC (Tue) by JohnVonNeumann (guest, #131609) [Link]

To add to this comment, Matrix are basically tackling the current issues faced by centralised chat services hoarding your chat logs and doing other things that you may/may not be happy with.

"Matrix"? "Synapse"?

Posted Jun 12, 2019 2:18 UTC (Wed) by cyphar (subscriber, #110703) [Link]

Most importantly, it's a federated system very reminiscent of email. Each user has a "homeserver", and within a given Matrix room, only the homeservers of users involved in the conversation will have a copy of the events in that room (messages and so on). So you own your data -- with all homeservers having a fully copy of everything. You can also create siloed homerservers for internal usage (the French government has recently set up federated Matrix homeservers within their state departments, but they do not federate with the outside world).

I've been using Matrix for years and I'm really hoping it starts gaining more momentum so it's no longer this super-nerdy thing that I use to chat with my friends and family.

"Matrix"? "Synapse"?

Posted Jun 12, 2019 2:31 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link] (8 responses)

Nice! Matrix is what XMPP should have been from the start.

"Matrix"? "Synapse"?

Posted Jun 12, 2019 17:58 UTC (Wed) by flussence (guest, #85566) [Link] (7 responses)

It *is* what XMPP has been from the start, except XMPP servers typically don't also function as DDoS tools.

At least now it's finally caught up to XEP-0387.

"Matrix"? "Synapse"?

Posted Jun 12, 2019 18:32 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link] (5 responses)

No. Matrix and XMPP are on totally different levels.

XMPP is basically something like SMTP, but only even more braindead. The original XMPP used an infinite XML document that required a custom hacked parser to read - that's how braindead it is.

A lot of stuff was bolted on later on XMPP, but it has never worked properly. Most XEPs remained implemented at most once, with popular clients EVEN NOW not supporting basic features like message archive synchronization or search. Message encryption is also an afterthought in XMPP and is barely supported. I bet NSA loved it!

Matrix is from the start designed on the model of synchronizing state machines. Encryption (including for group chats!) is baked in from the start. Archiving is the core part of the protocol as is search.

"Matrix"? "Synapse"?

Posted Jun 13, 2019 13:36 UTC (Thu) by jkingweb (subscriber, #113039) [Link] (4 responses)

> A lot of stuff was bolted on later on XMPP, but it has never worked properly. Most XEPs remained implemented at most once, with popular clients EVEN NOW not supporting basic features like message archive synchronization or search.

Archive searching isn't implemented much (or even at all?), but synchronization is pretty common these days. Of the four clients I use (Conversations, Converse, Dino, Gajim), three do so, and the fourth may for all I know just be misconfigured. All four support message carbons, file uploads, and end-to-end encryption (though I don't use it), and I believe three of them support message correction. I wouldn't claim XMPP doesn't show its age sometimes and will always been a niche, but it's not as dire as you seem to think.

"Matrix"? "Synapse"?

Posted Jun 13, 2019 15:38 UTC (Thu) by pizza (subscriber, #46) [Link] (3 responses)

It's not just the clients; with synchronization/archiving, the server has to support it too.

"Matrix"? "Synapse"?

Posted Jun 13, 2019 17:27 UTC (Thu) by jkingweb (subscriber, #113039) [Link] (2 responses)

Sure. The three major server implementations support all these things. Granted, it's up to each individual deployment to configure the server such that they are enabled, but last I checked PEP, message archiving and carbons were all enabled by default in Prosody, ejabberd, and OpenFire.

File uploads admittedly take some effort, though, especially if you want to support Web-based clients who are hamstrung by the same-origin policy.

"Matrix"? "Synapse"?

Posted Jun 13, 2019 17:32 UTC (Thu) by pizza (subscriber, #46) [Link] (1 responses)

Don't forget jabberd, which doesn't support either. :/

"Matrix"? "Synapse"?

Posted Jun 13, 2019 17:43 UTC (Thu) by jkingweb (subscriber, #113039) [Link]

For what it's worth, jabberd2 appears to be dead. The source code repository has been archived.

"Matrix"? "Synapse"?

Posted Jun 15, 2019 18:36 UTC (Sat) by Arathorn (guest, #101018) [Link]

If anyone is wondering what this DDoS reference is, i assume it’s the idea that you can spin up a Matrix server on a throwaway hostname and join a busy room, and then point the DNS to some victim and watch as all the Matrix servers in the room try to send it data.

As such, it is *precisely* the same attack you could also do with SMTP, SIP, XMPP etc.

In practice, what happens with Matrix is that the servers in the room back off exponentially until they’re retrying once every 24h. The biggest rooms in Matrix typically have ~1000 participating servers, so I’m not convinced it counts as a serious DDoS attack.

(It’s worth noting that we did have a bug in the retry schedule code that got fixed in synapse 1.0, but even then it wasn’t so aggressive to count as an attack. There was also a presence bug which caused presence to be more chatty than it should be which got fixed.)

"Matrix"? "Synapse"?

Posted Jun 12, 2019 2:52 UTC (Wed) by ncm (guest, #165) [Link] (5 responses)

I guess this thing could give us the equivalent of Signal private messenger, without depending on Google services or being tied to a phone number.

Anyway Purism says that's why they don't feel much urgency to port Signal to their phone. I think.

"Matrix"? "Synapse"?

Posted Jun 12, 2019 8:27 UTC (Wed) by shiftee (subscriber, #110711) [Link] (4 responses)

Riot (the reference Matrix client) is available in FDroid and in the Play Store.

The Play Store version uses Google's Messaging notification thingy, FDroid obviously doesn't.

A phone number or email address can be used but is not required.

Signal is great but it's just another silo.
Even Whatsapp hasn't got everyone, Signal never will either and they're not interested in federating.

You don't talk about Briar?

Posted Jun 12, 2019 18:55 UTC (Wed) by Herve5 (subscriber, #115399) [Link]

Within this nice comparison I thought Briar may have had its chance, as (if I understand correctly) the only one featuring the impossibility for anyone to find who you are connecting to?
But I'm quite the newbie here, so the above may be wrong : please correct me!

"Matrix"? "Synapse"?

Posted Jun 12, 2019 21:36 UTC (Wed) by grothesque (guest, #130832) [Link] (2 responses)

Unfortunately, the F-Droid version seems barely usable because of high battery consumption. Since it doesn't use Google's "push service", it constantly keeps polling the server or so which ruins battery life. This problem has been known for a long time. The XMPP client "conversations" (also on F-Droid, also not using any external "push services") demonstrates a solution to this problem.

"Matrix"? "Synapse"?

Posted Jun 13, 2019 8:13 UTC (Thu) by shiftee (subscriber, #110711) [Link] (1 responses)

"barely usable" is a bit much to describe an app which i've been using for the last year or 2 without even noticing any battery issues

"Matrix"? "Synapse"?

Posted Jun 13, 2019 13:24 UTC (Thu) by jkingweb (subscriber, #113039) [Link]

I agree. I've used both Conversations and Riot on non-Googled Android devices, and while Conversations usually had better battery life (and no ever-present notification), Riot wasn't much worse.

Introducing Matrix 1.0 and the Matrix.org Foundation

Posted Jun 12, 2019 21:34 UTC (Wed) by debacle (subscriber, #7114) [Link]

Congratulations! Matrix is a wonderful thing, almost as good as XMPP!

Introducing Matrix 1.0 and the Matrix.org Foundation

Posted Jun 13, 2019 13:05 UTC (Thu) by callegar (guest, #16148) [Link] (2 responses)

I wonder if anyone with knowledge on matrix would be so kind to share some detail on the "identity" aspect.

I see that matrix uses a two-tier identity system with hidden Matrix user IDs (tied to the server one is upon) and public Third-party IDs (3PIDs) with identity servers mapping across them.

Does this mean that in this federated server one can move from a home server to another one while preserving his/her identity and all that comes with it (such as the ability for other people to find you and your ability not to loose all the past history of interaction with others)?

Having a single system of identities tied to the home server appeared to me as an item blocking most chances of success of other projects aiming at federation (e.g. mastodon). The idea of federation should be about having many smaller servers, that is no centralization, but as a previous lwn piece noticed (https://lwn.net/Articles/781205/), even systems meant for federation often "succumb to the centralised black hole". I got the impression that having a single identity system using the server name as part of the identity can be a major cause for this. I guess that no one would like to use a casual server/instance if having that server/instance going away means loosing your identity and having to start with a new one.

Introducing Matrix 1.0 and the Matrix.org Foundation

Posted Jun 15, 2019 18:27 UTC (Sat) by Arathorn (guest, #101018) [Link] (1 responses)

Matrix’s ID system is still evolving. Currently you have internal mxids of form @user:domain, and then the concept of identity servers which map third party IDs (3PIDs: email addresses and phone numbers) to mxids. Technically you can use 3PIDs to migrate accounts between homeservers, but as they are optional people tend not to rely on it.

We are about to launch a mission post-1.0 to replace mxids with public keys however, as per https://github.com/matrix-org/matrix-doc/pull/1228. This then paves the way to decentralised accounts: any server which hosts the private key of that user would be eligible to host that user’s data. It’s at least a few months off though.

Introducing Matrix 1.0 and the Matrix.org Foundation

Posted Jun 16, 2019 22:59 UTC (Sun) by callegar (guest, #16148) [Link]

Thanks for the explanation and the good news!