Matrix, for those unfamiliar (hint hint, nudge nudge) is an instant messaging protocol created as a spiritual successor to IRC with the main selling points being federation, an easily extendable event-based timeline, and being based upon HTTP. Over the years however Matrix has matured into less of an IRC successor and more of a Slack or Discord competitor with the introduction of Presences, Pinned messages, Edits, User statuses and more recently Reactions. This article will go through a brief look at the various developments of the protocol, detail some issues surrounding it, and also the company behind Matrix: New Vector
Matrix is developed as an open standard by the Matrix Foundation, a group ostensibly separate from Vector until you look at its board of directors, which includes several current or former Vector IM employees. Due to the influence Vector has over the Matrix Foundation, they may as well be the same entity.
How Matrix Works
Matrix (The platform) is a decentralized platform powered by federated "homeservers," and has a very similar network model to email, where users from different providers can freely message one another. Just like email, you'll have your "big boys" as well as smaller, more niche providers. The main difference between the networking models is that Matrix rooms are "mirrored" between homeservers and room coordination can be unaffected even if the original homeserver is unavailable or the room has been shutdown by the original homeserver.
Matrix rooms (or channels), are a collection of events, such as messages, and metadata, such as the name of the room and settings about the room. Matrix, the protocol, has no real concept of what a "message" is aside from it being a type of event with a rough schema that is to be followed. Events that aren't defined in the standard are to be stored as-is and left for clients to deal with. For development, specifically rapid development, this is great as you are able to send arbitrary events that a Matrix server does not need to have a concept of in order to expand the functionality of the protocol. This has been done several times and is how user statuses and reactions are implemented in Riot, through the
m.reaction event types respectively. Events that a client does not know how to handle are often hidden or not rendered. A side effect of this behavior is that the security model of Matrix content will entirely depend on clients to validate events in the timeline. Expanding upon this, a user could create a denial of service against a room simply by sending large numbers of meaningless, hidden events. The most popular Matrix client, Riot will choke when loading large numbers of them and will essentially lock Riot users from being able to scroll through chat history. This is due to how Riot handles infinite scrolling. This exploit has yet to be publicly deployed, at least to my knowledge. However, it is a significant issue that has been left unaddressed.
If you are familiar with the security of internet services the words "arbitrary" and "validate client-side" may make you concerned and the potential issues with this approach are likely racing through your mind. Sadly this is an issue that matrix consistently bumps into in regards to security.
Matrix rooms have the ability to be "tombstoned," forever locking the room and pointing to a new one. Tombstoning a room essentially archives the old room and creates a pointer to a successor room, although tombstoning rooms has a purpose to exist, in the process of tombstoning a room the admin who tombstones the room gains full control over the new room. Tombstoning a room can be done either through the API or through sending the
m.room.tombstone event (which yes, can be done arbitrarily), even though this event can only be sent by room admins that doesn't leave it free from brewing drama.
A good example of tombstoning gone wrong is #offtopic:matrix.org where the previous owner transferred ownership to an infamous ponyfag who tombstoned the room and began being a jannie. The room has now become a ghost-town with only bots inflating the engagement metrics, in a similar fashion to rooms ran by another infamous matrix.org user named mmjd.
Formerly Vector IM, and commonly referred to as Jew Vector by it's detractors, is the main governing body behind the biggest Matrix homeserver, matrix.org, as well as the most influential entity in the Matrix Foundation.
Matrix has an ever-expanding history of ACL Banning users, rooms and even homeservers for various nonsensical reasons. Here's a small set of good examples:
- A punished #realanarchy:matrix.org, denied it's existence:
#realanarchy, an anarchy room, was shutdown by Matrix staff for "hosting illegal content." However in reality, it was rage-banned because Matrix developers were being invited to it.
- The alias
#8chan:matrix.orgwas revoked by Matthew despite his account not being in the room. He was publicly asked about this, but he never responded.
- @fractal, one of the first adopters of Matrix was harassed by the users of Fractal, a GTK Matrix client because of his ownership of the alias #fractal:matrix.org, as well as said users lobbying for Matrix to revoke the alias and grant it to the Fractal team. @fractal was accused of alias squatting despite using the aliases for active rooms, the alias was not revoked. However no action was taken against the users who were harassing @fractal.
- nerdsin.space, a semi-popular homeserver was ACL banned from +matrix due to "one of our users commenting (((mesh networks))) in a chat about mesh networks". Similar to
glowers.club, when the homeserver operator Tristan contacted firstname.lastname@example.org to discuss the ban, he was greeted with complete silence from Matrix.
These decisions aren't just exclusive to their homeserver. They have also have rejected a client from being listed on their official website due to the political background of one of the developers.
On Monday 5, August 2019, Vector, in their infinite wisdom, decided to loop through their entire catalog of rooms and ban every room that had the format of either "/name/" or "/name/ - Room Name" and in the process, shoah'd thousands of chan rooms and kicked thousands of innocent
matrix.org users from them due to the fallout of one shitposting Australian and the retardation of a reactionary administration team. Quite literally running the regex
/^\/[0-9A-z]+\/($|\s+-)/ and banning any room that passes it
Hostility towards other homeservers
Matrix staff generally act disrespectfully when confronted with issues about their homeserver such as federation problems or suggestions of mismanagement, and will use their position as the "official" homeserver of Matrix to demean and discredit such claims.
Around Mar 27 2019, the second largest matrix homeserver OrdoEvangelistarum was experiencing federation problems with matrix.org (these problems were later discovered to be entirely the fault of matrix.org). Instead of attempting to genuinely diagnose the problem presented, the Matrix staff instead opted to simply blame the problem on OrdoEvangelistarum and claim they simply misconfigured something.
Homeservers deemed unfit for basking in the glorious resource hog that are the official Matrix rooms have virtually no chance of getting an ACL ban lifted. Asking for help in #matrix with an alt will get you directed to email@example.com, asking for help from firstname.lastname@example.org will direct you to an auto-reply and then, radio silence.
"Who cares about you fascists, I only care about protected groups!"
Let's say you don't care about anything above and you're a hardcore mastodon.social user who loves Bernie Sanders and who hates racism, sexism and all other kinds of -isms. Well, a recent "experience" I had dealing with matrix.org may genuinely shock you, It did for me
For some context, at around 20:32 on 17 March 2020 I got two reports of a matrix.org user who was sending unsolicited pictures of their asshole to female users (or one's they assumed to be), these two reports eventually became three reports after further requesting information which led to a third user claiming that the user sent them CP. The claim was backed by one of the original two users, at this point I decided to login to my matrix.org account to report the issue to #matrix:matrix.org since this was obviously something that violated their homeserver rules. Due to the aforementioned radio silence from their abuse email, there would likely be no point in contacting them from it
Below is the conversation between myself and @travis, a vector employee who is both part of the Abuse Management team and one of the people with access to email@example.com.
I was so infuriated at how Travis handled this that I ended up leaving the room. After I did, he even gloated that I would have been able to quickly get in contact the abuse team by posting internal numbers that only he has access to.
What infuriates me more is not the original situation but rather the response of Travis, someone who directly represents the Matrix Protocol, the Matrix Foundation, the matrix.org homeserver and the matrix.org abuse management team. The complete lack of professionalism or any attempt to point me to something other than the abuse email which I at several points stated I would rather not be forced to use is absolutely baffling. If you are someone who believes that Codes of Conduct are good and that sexual harassment is unacceptable, here you have one of the highest men in Matrix saying that "he isn't that concerned at this point" when the issue of female users being harassed by creeps is brought up.
Even how other users in the room treat the issue is concerning, instead of suggesting that instead of the user who is in clear violation of the Matrix Code of Conduct be banned or looked to, decide to condescendingly lecture me on how I should be telling my users to block the offending user and how being vocal about the issue is a bad thing. As has been previously shown in this article, this condescending attitude is somewhat common.
If you are a liberal or a leftist, however you describe yourself, how can you in good faith direct users to matrix.org when people like this are the ones with the responsibility of preventing the harassment of protected groups? If I held those beliefs, I would not
I have since sent an email to firstname.lastname@example.org about the abusive user which has yet to be responded to, if it does I'll update you here although I wouldn't to hold my breath.
If this article turns you off from using matrix.org as your homeserver of choice, don't let it turn you off from the protocol in general. One of the major advantages of federates services is that no one "private company" or government is in charge. You can consider the other following homeservers for your matrix'ing needs:
- halogen.city: A homeserver ran by a centrist called Iodine, if you are an aforementioned liberal or lefty that the above section is targeted at, you'd likely feel most at home here. There are of course many other homeservers that would also host left-leaning users however the vast majority either have rules that calling strict would be a severe understatement or have selectively enforced their rules. If you have tough skin you can of course also join the other homeservers in the list, although some may be kinder than others
- matrix.ordoevangelistarum.org: One of the oldest matrix homeservers aside of matrix.org, operates the vast majority of "chan rooms" that matrix has to offer.
- 200acres.org: A homeserver with the purpose similar to the subreddit r/200acres, that being homesteading. Although you can join the homeserver and use it for things unrelated, @avf will probably spam invite you to his rooms because he's is lonely
- nerdsin.space: Shitposter friendly, ran by Tristan and has a large userbase that plays on 2b2t.
- matrix.kiwifarms.net: Operated by KiwiFarms, a rather infamous internet lulcow milking ranch. KiwiFarms also runs a pleroma instance
- iddqd.social: we also offer a homeserver (and a pleroma instance). IDDQD does not offer a riot instance, you will need to register using either riot.im/app or a public riot instance.
- thisisjoes.site: A homeserver ran by a centrist butter enthusiast.
- midov.pl: A wizard-friendly homeserver. Somewhat weeb focused