Meanwhile in the last 2 years the Foundation has evolved a lot, in particular with the election of its Governing Board (https://matrix.org/foundation/governing-board/) representing all stakeholders of its ecosystem, and which has an advisory role to ensure the independence of the Foundation. The Governing Board has also set-up several Committees which are hosts to Working Groups which help run the various activities of the Foundation (https://matrix.org/foundation/working-groups/). You will note in particular the existence of the Governance Committee (https://matrix.org/foundation/governing-board/committees/#go...) and its corresponding Working Group which “exists to determine how The Matrix Foundation should be structured. It determines why the Foundation is structured the way it is, or look for alternatives when the Foundation has visible flaws.”.
In terms of the Foundation developing its own software: it has been a deliberate choice to not have any development (beyond moderation tools) within the Foundation. The reasons for it include the fact that the Foundation is already running at loss and can’t afford to pay a team of developers big enough to develop and maintain all the bricks of a Matrix stack. If the Foundation decided to develop everything itself it would need to set up revenue lines which would probably compete with the various vendors in the Matrix ecosystem, so the Foundation would rather support an active ecosystem than cannibalise it. That said, it may change in the future if that is the best choice for the project; or a Matrix vendor may choose to donate the code of their stack, like Element was donating Synapse until freeriders destroyed its business and forced them to fire half their employees to stay alive.
In terms of Synapse’s efficiency, it has improved lately despite losing some of the team, and thanks to having stopped dispersing the resources across two server implementations in parallel, and focused on one. As you say Continuwuity is an alternative implementation to look at if you are unhappy with Synapse.
You can disable e2e on your server if you wish so. The option already exists in Synapse and it is part of Element Matrix Services customers.
For those who are legally required to be on record, there are other ways to keep track of the conversations for audit purposes without compromising the e2e encryption. For example, every room could have an audit bot invited by default, visible by the users, and which would record everything being said. Then you can setup the access to the logs from the audit bot to only be unencrypted in certain conditions, e.g. if the 2 halves of a key giving access to the account are put together. It's secure, clear for the users and legally compliant.
Your comment reinforces my initial point: "A broader solution is almost always less efficient for a specific constrained sub-problem."
It all sounds very complicated compared to paying a bit of money and toggling a setting. For example, googling for "elements/riot/matrix audit bot" results in no pertinent results from what I can tell. Being possible is not the same thing as being easy to use.
edit: Also companies don't care about being clear to users except as legally required or beneficial to the company. Employees not being constantly aware that they're being watched all the time is a positive and not a negative.
Yup planning to get it on in the coming months. As a data point e2e by default is on for the French government deployment and we haven't seen huge drama, so we're mostly waiting to get the UX out. We'll be sharing our work for insights this week.
We're still aiming for a full redesign of Riot.im to be out before end of the year, there should be things to look at at the end of the month, all crafted for the non-techy friends, so watch de the space!
And yes, the backend is not helping neither, although we've also done good progress on perf improvement there in the last months and still rolling new ones (e.g. Py3 being deployed as we speak and reducing server RAM by 3). Switching away from matrix.org can help, and agreed that a directory of public servers à la Mastodon could be interesting (although we would need to find a non-scary way to do so, lots of non-tech people would run away from it: they just want one click onboarding without having to understand what's happening behind the scenes).
We've also soft launched a paid hosted offering, for 50-100 people teams who could do with their own DNS and faster servers at http://modular.im
The spec only states the use of JSON over HTTP as a baseline so anyone is welcome to implement more efficient transports like CBOR/COAP or MQTT or whatever :)
But yes the goal of the reference implementations was to showcase the simplest transport: one PUT to send and one GET to retrieve it.
Meanwhile we’re working on improving the performance of the servers with some rather nice breakthroughs on the horizon.
As I said, the potential is there, the current implementations just aren’t there yet. In a few years it might be entirely different.
And I’m not sure PUT and GET are the simplest solution, I’d think a simple socket over which messages are transmitted in both directions would be simpler than implementing an entire HTTP stack.
Being able to implement a client that runs in a browser (and can thus only deal in terms of HTTP) is very valuable, and one reason to claim that the simplest solution is HTTP PUT and GET.
And that is precisely why it is an idiotic design decision. HTTP is extremely complex (well, and Matrix doesn't actually use HTTP, they just claim they do, but as usual noone reads the specs, everyone just builds crap based on what they think the spec says, because the spec is too complicated), and as such is an absolute dead end if your goal supposedly is to build something secure.
Within Riot, polishing e2e is already top of our priority list, but yes it definitely doesn’t harm having high profile entities like this expecting it.
Because Signal is centralized. With Matrix they can deploy different servers across the gouvernement which interoperate. And potentially open it to the wider Matrix ecosystem
Signal, the service is centralized, but there's no reason that Signal, the protocol can't be. In fact before Moxie went on his silly "only I can do security right" rampage, Signal was federated with a server hosted by CyanogenMod.
The E2EE in matrix is actually based on the double ratchet from the Signal protocol. So you could think of the E2E in matrix as just a federated version of Signal. :)
A point in moxie's favor is that the e2ee ux in matrix is currently extremely painful. I'm willing to use it on a couple rooms that consist entirely of geeks, but don't want to subject non-geeks to the whole verification process.
Not only UX, but there seem to be some subtle timing (in non-crypto/non-security meaning) issues.
I ran Synapse on a resource-limited machine, so it had sort of "lagged behind" (or something like that) a little bit now and then. And I saw a number of "error decrypting image" and similar issues. It had self-resolved somehow after a while (saw the message decrypted the next day) but that's still a problem.
Haven't reported this because I have no idea how to collect any useful information.
I suppose "only I can do security right" is perhaps overly harsh, but my take away was that he considered a walled garden that could be iterated on by his team preferable to allowing even forks of his team's own client to communicate with users on the OWS network.
>Nothing about any of the protocols we’ve developed requires centralization; it’s entirely possible to build a federated Signal Protocol-based messenger, but I no longer believe that it is possible to build a competitive federated messenger at all.
Moxie is probably annoyed by the slow pace in which federated protocols move. Having it centralized he can move it a lot faster.
Fortunately there are solutions that incentivize modern features in federated protocols too, like SSLLabs HTTPS checker or https://conversations.im/compliance/ for XMPP.
Meanwhile in the last 2 years the Foundation has evolved a lot, in particular with the election of its Governing Board (https://matrix.org/foundation/governing-board/) representing all stakeholders of its ecosystem, and which has an advisory role to ensure the independence of the Foundation. The Governing Board has also set-up several Committees which are hosts to Working Groups which help run the various activities of the Foundation (https://matrix.org/foundation/working-groups/). You will note in particular the existence of the Governance Committee (https://matrix.org/foundation/governing-board/committees/#go...) and its corresponding Working Group which “exists to determine how The Matrix Foundation should be structured. It determines why the Foundation is structured the way it is, or look for alternatives when the Foundation has visible flaws.”.
In terms of the Foundation developing its own software: it has been a deliberate choice to not have any development (beyond moderation tools) within the Foundation. The reasons for it include the fact that the Foundation is already running at loss and can’t afford to pay a team of developers big enough to develop and maintain all the bricks of a Matrix stack. If the Foundation decided to develop everything itself it would need to set up revenue lines which would probably compete with the various vendors in the Matrix ecosystem, so the Foundation would rather support an active ecosystem than cannibalise it. That said, it may change in the future if that is the best choice for the project; or a Matrix vendor may choose to donate the code of their stack, like Element was donating Synapse until freeriders destroyed its business and forced them to fire half their employees to stay alive.
In terms of Synapse’s efficiency, it has improved lately despite losing some of the team, and thanks to having stopped dispersing the resources across two server implementations in parallel, and focused on one. As you say Continuwuity is an alternative implementation to look at if you are unhappy with Synapse.