Matrix has pretty good government buy-in at this point, I just wish it was, well … nicely usable. It has been getting better, but is maybe about 80% there.
I keep preaching that it needs to be easier to build a client (encryption of course not being optional). The spec keeps changing (for the better, but the changes are often breaking), so the maintenance burden is high. This means only the biggest of libraries are really good picks. Highest on my wish list are currently JavaScript bindings for the Rust SDK.
I’m not entirely sure why it matters that silos of messaging data exist, if it’s encrypted like Signal and WhatsApp the centralized model is far superior to an arbitrary and unknown number of parties receiving metadata about messaging. It might have been an easier case to make if Matrix wasn’t an uphill battle in terms of usability and performance.
Signal and WhatsApp only address the personal messaging usecase, whereas the letter is also talking about wider chat services like Teams.
More to the point, even with e2ee, there is still communication metadata that is leaving your network for a third-party service. In a defense context, you would almost certainly prefer that the data does not leave your network unnecessarily.
The reason for the initial development of "the internet" as we know it, basically TCP/IP, was know as the Department of Defense (DoD) model because the research and development were funded by the United States Department of Defense through DARPA.
The idea was to build a network that --unlike pre-existing networks-- did not need centralization. The goal was to make the network resilient to parts not working, with obvious military benefits.
The same can be said for messaging systems. Centralization makes it easy to take the whole service out.
> It might have been an easier case to make if Matrix wasn’t an uphill battle in terms of usability and performance.
I expect TCP/IP to have been an uphill battle as well. But now we take it for granted. This likely will also happen to Matrix if it is used everywhere.
Now I hope the DoD makes some massive donations to Matrix. Money makes uphill battles more likely to have a good ending.
This is nothing to do with resilience in the face of things being destroyed in a war. That's what I'm saying: it's not the same sort of centralisation.
> In the comparison to TCP/IP this is quite similar. You can add to the network without needing approval of a central institution.
I can join WhatsApp without approval as well. But also - how like that is TCP/IP? All IP addresses have to be agreed and assigned, do they not?
But Matrix works fine if a hospital disconnects itself from the internet because of some DDoS or hacking attack. WhatsApp doesn't, because you can't host it on-prem. I am not sure about if governments have that use case, but we certainly have seen it in hospitals. (And even then, there are benefits of having patient data only on specific servers in specific environments, even if they are encrypted, because if you use WhatsApp to talk to your doctor, Meta will know about that. And I am pretty sure governments can appreciate such features as well.)
Obligatory reminder that the whole "Internet routes around censorship" like it routes around glassed data centres during nuclear war, etc. applies to layers 3-4 of ISO/OSI model. The problematic centralization of the Internet happens at layer 7.
> I’m not entirely sure why it matters that silos of messaging data exist
It doesn't matter until one day, something happens that does make it matter.
Imagine if a centralised model was used and a foreign state managed to sever connections to the internet that was used by that country/central server. It's more resilient to be able to route messages even if the network is under attack. This kind of thinking is behind the original design of the internet although we now seem to have centralised large portions of functionality.
The real principles have always been a US dominated and controlled internet. The only ones who ever understood that and didn't sign up to Pax Americana are the Chinese who are building their own internet.
Very difficult to take this article seriously when it characterizes WhatsApp and signal as “obvious honeypots” of “foreign nation states” (obviously in reference here to non western aligned countries).
Targeting, blackmailing, or extorting a Facebook engineer to insert a subtle backdoor into a closed-source app does seem like a hell of an investment for the Kremlin. Currently stating it's a honeypot is a touch hyperbolic, but I wouldn't be at all surprised to see it happen
And even to a Canadian like me, America is objectively a foreign nation state. Notably, a foreign nation with a "business-focused" incoming president-elect that has previously tried to buy Greenland, and just went "Ha-ha wouldn't it make sense for Canada to become the fifty-first state"
If there was ever a time to trust America less, I'd argue it's now.
Your reasoning it entirely fair. My point is that this is an article about the perspective of the US government, calling it an obvious honeypot of, say, Russia, is just farcical.
> The senators cite “a potentially more secure superior communications platform, known as Matrix, which is end-to-end encrypted by default, interoperable, not controlled by any one company, and widely used by multiple NATO allies.”
What's the current state of this open-ness?
Last I checked, it looked like Matrix was de facto mostly controlled by Element, even more than the Web browser is currently controlled by Google.
I'm not questioning intentions, and I'm aware that there are now a few other clients that support E2E. Just want an update on the reality. I don't want this to turn into a company with a Slack-like IPO, or an MS acquisition, and have the open-ness situation turn worse when we were waiting for it to turn better.
(Edit: Downvoters, did you think this is not an important question?)
The Matrix.org Foundation has been steadily increasing its independence, with the recent introduction of the Governing Board (https://matrix.org/blog/2024/06/election-results/) which includes a mix of representatives from commercial players, the community, as well as Spec Core Team members and Guardians. Also, there are nowadays several Spec Core Team members who are not employed or contracted by Element, including some who are working for (near-)competitors in the space.
In other words, people are actively thinking of and implementing measures to mitigate the risk of accidentally/unintentionally backsliding into a closed standard.
Currently it seems easy enough to write clients/servers using the protocol and the Synapse server can easily be forked (https://github.com/element-hq/synapse) if you find the need to do so. It does seem to be mainly worked on by Element, so there's always a risk that they might stop working on it and instead work on a closed source implementation. That does seem unlikely though as it goes against their goals and the idea of an open, secure communication standard.
There are a few others that's pretty usable now. The difference is mainly in some more advanced features, such as spaces, threads, or SSO, but many people don't use these anyway. The company also doesn't control the network, as it's not difficult for any organization to spin up their own server. With some government investment it's not hard to imagine building a good competing client to Element.
I think it’s an important question and the answer is a hurdle to adoption. The developers know this and are working on it, but like many things regarding Matrix it’s a slow and steady process.
As it stands, the protocol is essentially only being moved forward by Element, who implement features before they are standardized - an implementation existing being a prerequisite for standardization. It sometimes takes a long time for features to be standardized, essentially making Element’s implementation the de-facto standard. It really is a Chrome-type situation. I’ve heard from client developers that Element even occasionally deviates from the standard in some places.
I don’t have a super practical solution for this, as of course I’m happy that Element is putting in the work and currently nobody else seems capable of or willing to do it. But it sucks.
I would say it is complicated, but also that Matrix is certainly open.
Technically Matrix and Element are independent and the specification is controlled by the Matrix Foundation and the "Spec Core Team". However there is significant overlap between people on the SCT and the foundation and Element employees. This is mostly because of history. At the start Matrix and Element were in most aspects the same people. Element was a company founded to make money with selling Matrix based products to then support the development of the Matrix protocol (I might be getting some of the details wrong, but I think that is roughly right). This resulted also in Element being one of the few Matrix employers early on, so people who ended up on the SCT were often either from Element or later hired by Element, because those people also wanted to work on Matrix as their day job instead of just in their free time.
More recently new SCT members were added, that aren't employed by Element (and there was at least one before that, who was never employed by Element), so Element's involvement in the SCT is clearly reducing. Similarly the SCT is supposed to make decisions, that don't benefit a single company (but of course that is hard to guarantee, so you need to judge that for yourself). I personally do believe, that every SCT member is trying to follow that rule.
Additionally the Matrix Foundation is currently in the process of setting up a more neutral governing board (it was already controlled by 5 guardians before, of which 3 were not involved directly with Element). You can read more about that setup here: https://matrix.org/foundation/governing-board-elections/ But the gist of that is that different sponsors as well as ecosystem and individual members can vote on representatives for the governing board and the governing board is then supposed to take over most governance responsibilities aside from the specification.
(For disclosure, I am both elected one of the elected board members as well as an employee of a different Matrix based company, but I am not speaking for either here.)
So I think there is clearly progress to make Matrix more independent of Element. It is also a fact that the Matrix Spec proposal process has always been open for anyone to submit a proposal, even if the SCT then sets the priorities on what gets merged into the spec. In my experience most of the proposals are stuck in the "needs more work" stage, which is something Element has historically put a lot of effort into and other companies and individuals either didn't want to put it the same effort or especially regarding the individuals, simply didn't have the resources to do that. But even that is getting more diverse nowadays.
There are also plenty of alternative clients for Matrix and a few alternative servers. They might not have the same polish as Elements products, but they do have a significant share of users, that are happy with them.
So I think Element is still very present in the Matrix ecosystem and that will still be the case for a while. But there is clearly work being done to make Matrix more independent and I think with the historical background it also makes sense why. There was a pretty good talk about that at the Matrix conference from kitsune about the mitosis of organisational structures.
Also, I don't think that few clients in the Matrix ecosystem support E2EE. I think most of the more popular ones support it nowadays: NeoChat, FluffyChat, Nheko, Fractal, gomuks, Cinny, Tammy, etc. It is actually quite hard to find a client, that doesn't support E2EE: https://matrix.org/ecosystem/clients/ (use the feature filter at the bottom to filter by E2EE support)
You can also read more about the foundation and how it is supposed to function here: https://matrix.org/foundation/about/
But to repeat my initial statement, I do think Matrix is independent in most aspects from Element, will become independent in most of the remaining aspects and that Element is currently simply a very large contributor and employer in the Matrix space, with a history without which we wouldn't have Matrix today.
I keep preaching that it needs to be easier to build a client (encryption of course not being optional). The spec keeps changing (for the better, but the changes are often breaking), so the maintenance burden is high. This means only the biggest of libraries are really good picks. Highest on my wish list are currently JavaScript bindings for the Rust SDK.