Matrix is Good
2021 August 24
I've decided I like Matrix now.
I'm currently using Synapse for the server and SchildiChat (which is Element with a nicer UI) for the client.
There are a lot of things that matter in a private/secure messaging platform, such as...
- software freedom
- cross-platform support
(Obviously, there's overlap between these categories, and they influence each other.)
Each "private messenger" makes tradeoffs. Signal does a fantastic job of pairing strong, deniable crypto with usability, but it does so at the expense of anonymity and decentralization. Session fixes Signal's issues by implementing anonymous sign-ups, metadata-resistant routing, and decentralized infrastructure, but it sacrifices the security and deniability benefits of Signal's crypto in the process. XMPP supports Signal's crypto (via OMEMO) and can be used in a decentralized and pseudonymous way, but it has usability issues on some operating systems, and most clients are not set up to be secure by default. Briar is fully distributed and has cool privacy and mesh networking features, but it only fully supports one operating system, and Apple would probably never allow an iOS version to exist.
To me, the appeal of Matrix is not that it's particularly good at anything on the list, but that it's good enough at all of them.
Matrix provides a reasonable degree of pseudonymity. You can sign up for Matrix without any personal information (except maybe an email address, which is easy to obtain anonymously). No phone number required!
Matrix is very server-oriented (contrasted with something like XMPP). Messages (and sometimes encrypted private keys and other such data) are stored on the server long-term, and there's no metadata protection.
However, Matrix also supports forward-secret encryption with deniable authentication (which major clients enable by default in private rooms), and it makes some good choices about how it works (which will be discussed in the security section).
Matrix provides a reasonable level of security. The Signal Protocol-based encryption protocol used in Matrix makes some sacrifices in security for scalability, but I think the end result is reasonable. Good enough.
Element pushes hard for users to use "Secure Backup", which allows them to back up their data, encrypted with a password or a key file. I wish it would chill and just let me say no, but I'm okay with Secure Backup being a thing. It's better than the user backing up their messages unencrypted to a surveillance company.
On a decidedly happy note, Matrix has some very good design choices with regards to key verification.
Don't like comparing long numbers? Worry not! In addition to the QR-code-scanning paradigm (if your devices have cameras), Matrix supports emoji verification which allows users to compare a sequence of 7 emoji. My hope is that having this convenient and fun way to do security will entice more users to do it.
With OMEMO, you have to either let default trust prevail (leaving yourself open to PITM attacks) or individually check every fingerprint of every device.
With Matrix, when Alice adds a new device, instead of having to re-verify with every single one of her contacts individually, she can just verify the new device from an old device. Anyone who trusts the old device can trust the new device by proxy.
Cross-signing in particular makes key verification actually usable. This is a fantastic design choice.
Most people who use Matrix just sign up on matrix.org, making it a big central hub. This is bad. Synapse being so inefficient doesn't help, as it provides a barrier to people who want to run their own servers.
However, Matrix is federated, and users can (at least in theory) run their own servers or choose from the other (smaller) servers which also support public registration.
It's more centralized than something like XMPP, but it's good enough.
Matrix generally runs on free software.
Mobile clients may use non-free push systems, but these can be avoided (on Android, at least), and Element and SchildiChat have fully free versions available on F-Droid.
I don't have much to say here, but I think the usability (of SchildiChat, for example) is good enough.
Features like emoji verification and cross-signing help a lot to make the cryptography usable.
My experience in the past has been that Synapse was horribly inefficient, just the worst. For that reason, I switched to Dendrite (which is in beta right now and missing features) a while back. I switched back to Synapse a few days ago (I'm on 1.40), and it's actually been an okay experience so far! I think it's come a long way.
(It also helps that I found out I can set limit_remote_rooms in my homeserver.yaml to prevent users from locking up my server by joining large rooms.)
FluffyChat, despite compiling to native code, has performance issues for me that make it unusable (though I think this is a problem that's somewhat specific to my circumstances), but Element/SchildiChat works okay. It's Electron, but whatever. Good enough.
SchildiChat supports all major platforms except iOS. Element supports all major platforms. FluffyChat doesn't support Windows or macOS, but it can run in the browser, and it supports Ubuntu Touch!
The biggest issue is probably iOS, where Element will only be accessible for you if you can read small text. (This has been an identified problem for over 5 years; I doubt it will get better anytime soon.) FluffyChat may be the only option for some iOS users. According to my one (1) contact who uses FluffyChat on iOS, it mostly works but has some issues.
In my opinion, both SchildiChat and FluffyChat generally have nice look-and-feel. I like using SchildiChat.
Matrix excels in its key verification features.
Other than that, I don't think it stands out among its peers in any category. However, unlike its peers, which all fall short in one important way or another, Matrix has an all-around solid foundation. It's a jack of all trades, master of none, and in a context like communication which requires one tool (or multiple compatible ones) meeting the various needs of many different people, a jack of all trades is what we need if we want all of our needs to be met.
I have hope for Matrix.