Re GDPR, Matrix shouldn’t be directly compared to IRC or XMPP but email. A matrix home server is kindof like an IMAP server. Once the message has been sent out to recipients, they have their own copies.
Some of these notes are directed at matrix the protocol, some at synapse the implementation. Many solutions are on the roadmap but not being worked on yet.
Here’s an evaluation of Matrix vs. the GDPR by an actual lawyer (German): https://www.cr-online.de/blog/2022/06/02/ein-fehler-in-der-matrix/ – I was unsure if this is on-topic on lobste.rs, so I refrained from posting it as a story, but it does fit in here. Feel free to submit it as a story if you want. The article specifically addresses the e-mail comparison point.
I still think the comparison is valid in some senses, though — it’s reasonable to want your instant messages to not live forever in the same way that emails do. (Of course, from a legal standpoint, you might have to use the email comparison to get around GDPR, which is a different thing.)
insanely detailed post, i have administrated the matrix homeserver for cyberia.club + maintained the matrix marketplace app on DO for quite awhile, and i just learned a ton about the ecosystem. thanks a lot for writing this!
it really does feel like matrix, and the folks who develop it, are severely stunted by how many projects they have going. the golang SDK, the rust SDK, dendrite, synapse, mjolnir, element (web, android, iphone), hydrogen, etc. in my opinion, they ought to focus on a few things (acknowledging their pitfalls) and work on the speed of the darn thing - matrix still feels laggy and slow compared to any modern chat app, and especially compared to IRC. read receipts and online detection cause a ton of CPU usage out of the box on synapse, and imho they should be turned off / deprecated entirely.
in short, i feel like there’s way too much cruft in matrix right now, it’s hard to see a future where the weight of their projects doesn’t simply crush them. i hope for their sake that i’m wrong!
If they can manage to do just these two things, the community would handle all the rest. That’s how IRC worked and that’s how XMPP kinda worked. Buut I’m guessing they also wanna make some money so they have to branch out a bit.
Not only that, but it’s always felt to me like it’s being pushed into too many directions, many of which seem to conflict with each other. On the one hand, they want full decentralization and federation. Anyone can run a matrix server, even one they wrote themselves. But on the other hand, they want strong privacy. And on the third hand, moderation controls. I applaud them for trying to tackle all of these at once but I have my doubts that it’s even possible.
At least with IRC, the implications are clear. Servers do not typically store messages (but they could!), and once your message hits the client of everyone in the channel, there’s no way to redact it. You have to assume that anyone could be logging anything you say, even in private messages. All technical measures to enforce the ability to redact messages and cancel users would be theatrics at best because at the end of the day, anyone can make a screenshot.
I don’t think of Matrix as trying to be a new IRC, I think of it as trying to be a free software Slack or Discord. Matrix succeeds when random cryptocurrency projects or open-source projects or groups of friends have a Matrix room for talking about things. It fails whenever a free software project has a link to their official Discord on their website.
One of my main concerns with Matrix is data retention, which is a key part of security in a threat model where (for example) an hostile state actor wants to surveil your communications and can seize your devices.
On IRC, servers don’t actually keep messages all that long: they pass them along to other servers and clients as fast as they can, only keep them in memory, and move on to the next message. There are no concerns about data retention on messages (and their metadata) other than the network layer.
People who chat using Slack and Discord definitely care about being able to access old messages posted in a room (Slack even charges for this feature - if you use the free plan you are limited to the past 10,000 lines only, which they would only do if some people were willing to pay them real money for more than 10,000 lines of scrollback). It’s arguably a misfeature of IRC that it lacks scrollback. There are some real privacy benefits associated with the norm that IRC servers and clients don’t log messages, but it’s important to remember that this is only a norm, not a guarantee. Nothing stops anyone from logging IRC messages, plenty of people do log IRC messages (I have personally-stored chatlogs going back years in some IRC channels I’ve been in for a long time), and if nothing else you can’t prevent someone else from taking a screenshot of your message on their own screen if you say something noteworthy.
Also keep in mind that, in the brave new peer-to-peer world that Matrix is heading towards, the boundary between server and client is likely to be fuzzier, which would make applying the GDPR even more difficult.
GDPR concerns in Matrix aren’t very interesting to me. I’m not a citizen of the EU and I likely wouldn’t have supported the law if I was. I care way more about peer-to-peer chat being feasible, so I can effectively chat with people without having to have an account that specifically the Discord corporation or specifically Slack approves of (perhaps I want to chat with someone who has visited Iran - which is not actually a hypothetical, I regularly chat online with more than one Iranian person)
As an aside, I also appreciate that Matrix.org has a fairly decent code of conduct, based on the TODO CoC which checks all the boxes in the geekfeminism wiki.
This is not great - codes of conduct are inherently political documents and geekfeminism is a political ideology, and it should be possible to use Matrix as a platform to criticize them, including in ways that would constitute a violation of a code of conduct as judged by geek feminists. The Matrix.org code of conduct however only applies to the official Matrix project discussion rooms, and not to people simply with an account on matrix.org, let anyone anyone running a Matrix server themselves. I have personally used encrypted Matrix to communicate messages that would likely violate a geekfeminism code of conduct and no one at the project was able to prevent me from doing so.
Registration is also less obvious: in Signal, the app confirms your phone number automatically. It’s friction-less and quick. In Matrix, you need to learn about home servers, pick one, register (with a password! aargh!), and then setup encryption keys (not default), etc. It’s a lot more friction.
And look, I understand: giving away your phone number is a huge trade-off. I don’t like it either. But it solves a real problem and makes encryption accessible to a ton more people.
Being able to chat without either providing a real government-linked piece of identification or getting a burner phone number is an absolute dealbreaker. I use Signal myself, but crucially only with people who I know IRL and who already know my phone number. If I can’t use Matrix to chat with people who I wouldn’t give a phone number to, it’s completely worthless.
A lot of the complaints listed here about Matrix’s sluggishness and latency issues and general UX issues are very valid. I wish they were better, and I wish the matrix developers would focus more on fixing them. I would rather that video chat on Matrix be reliable than have a bot that can hook up to gitlab, for instance, even if the reason that gitlab bot exists is because it’s a much easier problem.
At the end of the day, I’m personally in a number of Discord groups I don’t want to be in, because Discord is the platform that the people I want to chat with use, and I have no choice but to use Discord if I want to talk to them. I would like to see the Matrix people be laser-focused on building a software project that will make this no longer the case.
I wonder if GDPR even applies to “any yahoo who fires up a home server and joins a room”. Article 2 sounds like it might not. From what I find it’s aimed at the private and public sectors. Not a lawyer and not sure what personal implies, but I read stuff like not for money or an institution, when I look for how to interpret this.
Of course that doesn’t mean it shouldn’t be solved and be privacy conserving.
Re GDPR, Matrix shouldn’t be directly compared to IRC or XMPP but email. A matrix home server is kindof like an IMAP server. Once the message has been sent out to recipients, they have their own copies.
Some of these notes are directed at matrix the protocol, some at synapse the implementation. Many solutions are on the roadmap but not being worked on yet.
Here’s an evaluation of Matrix vs. the GDPR by an actual lawyer (German): https://www.cr-online.de/blog/2022/06/02/ein-fehler-in-der-matrix/ – I was unsure if this is on-topic on lobste.rs, so I refrained from posting it as a story, but it does fit in here. Feel free to submit it as a story if you want. The article specifically addresses the e-mail comparison point.
tl;dr: It’s not compliant.
I still think the comparison is valid in some senses, though — it’s reasonable to want your instant messages to not live forever in the same way that emails do. (Of course, from a legal standpoint, you might have to use the email comparison to get around GDPR, which is a different thing.)
Eh, well, it’s also reasonable to be able to search your history to find that thing from 4 years ago that you suddenly remembered…
also all of the IRC channels I frequent have logging bots..
insanely detailed post, i have administrated the matrix homeserver for cyberia.club + maintained the matrix marketplace app on DO for quite awhile, and i just learned a ton about the ecosystem. thanks a lot for writing this!
it really does feel like matrix, and the folks who develop it, are severely stunted by how many projects they have going. the golang SDK, the rust SDK, dendrite, synapse, mjolnir, element (web, android, iphone), hydrogen, etc. in my opinion, they ought to focus on a few things (acknowledging their pitfalls) and work on the speed of the darn thing - matrix still feels laggy and slow compared to any modern chat app, and especially compared to IRC. read receipts and online detection cause a ton of CPU usage out of the box on synapse, and imho they should be turned off / deprecated entirely.
in short, i feel like there’s way too much cruft in matrix right now, it’s hard to see a future where the weight of their projects doesn’t simply crush them. i hope for their sake that i’m wrong!
And those few things include these two:
If they can manage to do just these two things, the community would handle all the rest. That’s how IRC worked and that’s how XMPP kinda worked. Buut I’m guessing they also wanna make some money so they have to branch out a bit.
Not only that, but it’s always felt to me like it’s being pushed into too many directions, many of which seem to conflict with each other. On the one hand, they want full decentralization and federation. Anyone can run a matrix server, even one they wrote themselves. But on the other hand, they want strong privacy. And on the third hand, moderation controls. I applaud them for trying to tackle all of these at once but I have my doubts that it’s even possible.
At least with IRC, the implications are clear. Servers do not typically store messages (but they could!), and once your message hits the client of everyone in the channel, there’s no way to redact it. You have to assume that anyone could be logging anything you say, even in private messages. All technical measures to enforce the ability to redact messages and cancel users would be theatrics at best because at the end of the day, anyone can make a screenshot.
Even IRC is moving in the direction where matrix is going. Check out IRCcloud and IRCv3
That implies IRC is moving - IRCv3 features never got much adoption in servers and clients outside of IRCcloud.
I don’t think of Matrix as trying to be a new IRC, I think of it as trying to be a free software Slack or Discord. Matrix succeeds when random cryptocurrency projects or open-source projects or groups of friends have a Matrix room for talking about things. It fails whenever a free software project has a link to their official Discord on their website.
People who chat using Slack and Discord definitely care about being able to access old messages posted in a room (Slack even charges for this feature - if you use the free plan you are limited to the past 10,000 lines only, which they would only do if some people were willing to pay them real money for more than 10,000 lines of scrollback). It’s arguably a misfeature of IRC that it lacks scrollback. There are some real privacy benefits associated with the norm that IRC servers and clients don’t log messages, but it’s important to remember that this is only a norm, not a guarantee. Nothing stops anyone from logging IRC messages, plenty of people do log IRC messages (I have personally-stored chatlogs going back years in some IRC channels I’ve been in for a long time), and if nothing else you can’t prevent someone else from taking a screenshot of your message on their own screen if you say something noteworthy.
GDPR concerns in Matrix aren’t very interesting to me. I’m not a citizen of the EU and I likely wouldn’t have supported the law if I was. I care way more about peer-to-peer chat being feasible, so I can effectively chat with people without having to have an account that specifically the Discord corporation or specifically Slack approves of (perhaps I want to chat with someone who has visited Iran - which is not actually a hypothetical, I regularly chat online with more than one Iranian person)
This is not great - codes of conduct are inherently political documents and geekfeminism is a political ideology, and it should be possible to use Matrix as a platform to criticize them, including in ways that would constitute a violation of a code of conduct as judged by geek feminists. The Matrix.org code of conduct however only applies to the official Matrix project discussion rooms, and not to people simply with an account on matrix.org, let anyone anyone running a Matrix server themselves. I have personally used encrypted Matrix to communicate messages that would likely violate a geekfeminism code of conduct and no one at the project was able to prevent me from doing so.
Being able to chat without either providing a real government-linked piece of identification or getting a burner phone number is an absolute dealbreaker. I use Signal myself, but crucially only with people who I know IRL and who already know my phone number. If I can’t use Matrix to chat with people who I wouldn’t give a phone number to, it’s completely worthless.
A lot of the complaints listed here about Matrix’s sluggishness and latency issues and general UX issues are very valid. I wish they were better, and I wish the matrix developers would focus more on fixing them. I would rather that video chat on Matrix be reliable than have a bot that can hook up to gitlab, for instance, even if the reason that gitlab bot exists is because it’s a much easier problem.
At the end of the day, I’m personally in a number of Discord groups I don’t want to be in, because Discord is the platform that the people I want to chat with use, and I have no choice but to use Discord if I want to talk to them. I would like to see the Matrix people be laser-focused on building a software project that will make this no longer the case.
I wonder if GDPR even applies to “any yahoo who fires up a home server and joins a room”. Article 2 sounds like it might not. From what I find it’s aimed at the private and public sectors. Not a lawyer and not sure what personal implies, but I read stuff like not for money or an institution, when I look for how to interpret this.
Of course that doesn’t mean it shouldn’t be solved and be privacy conserving.