mikaela.github.io/blog/_posts/2021-08-03-matrix-perfect-privacy-not.md

15 KiB
Raw Blame History

Having used Matrix since 2016 and hearing about its greatness without any issues so much, I wish to correct some misconceptions. I attempt to provide citations for everything and not name any other solution. I cannot discuss administrating experience due to not having any with Matrix personally.

Automaattinen sisällysluettelo - Automatically generated Table of Contents

Element, what Element?

Element is the defacto Matrix client. If you wish to get into Matrix, you will likely hear the advice to install Element or use it on the web.

It comes with two problems:

  • you will likely register your account on the matrix.org homeserver and later hear that you made a mistake in using it as its overloaded and you should instead use some other homeserver which would also be good for healthy federation, but the interface doesnt suggest or offer you any other servers.
  • if you happen to be like me and use both Element Web and Element iOS, you will notice they are wildly inconsistent. I cannot comment on Element Android as my phone (Nokia 1 / TA-1047) is too weak powered for pleasant Matrix experience and I dont use it much.

Comparing the later two platforms, I imagine you will hit some of these problems sooner or later:

  • You see a link in the channel. If you were using Element Web or possibly even Element Android you would immediately know what it was about. However you use Element iOS that never got URL preview support!
  • You hear of interesting room on another room and you wish to join it. You touch the name wishing to get into there? What happens instead? You will get an error message cannot rejoin an empty room.
    • I hope that doesnt annoy you and you wish to hear the workaround of running /join #room:example.net by hand instead.
  • This may be a bit more rare one, but if you share rooms with bots, you may notice that on Element Web they are more gray than people. Element iOS just never got messages from bots being rendered differently.
  • I may again be a bit weird, but I wish to have timestamps for all messages visible all the time, but Element says no. They exist on Web, not on iOS. Same if you wanted to see seconds
  • I almost forgot, but the new spaces just dont exist on iOS, should you attempt to join or be invited to one, you will get a banner saying that they arent implemented yet and you cannot accept or reject the invite unless you open Element Web to do that.
  • Another issue I am editing in hours later is pills, when you mention someone on Element (Web), or someone else mentions someone, there is a clear pill shape around their name and it can be clicked to get to their profile, but not on Element (iOS)

And that is probably enough of annoyances with Element iOS, I hope the situation will improve in foreseeable future there due to Matrix exploding with Element securing $30M funding to revolutionise the apps usability, build out major new features, expand in the enterprise market and take Matrix fully mainstream!

2022-01-29: As seen from the strikethrough, two of six points on my list have been resolved, however today FluffyChat released version 1.2.0 featuring stories. At the time of writing stories are a draft Matrix spec proposal that in incompatible clients (such as Element Web and Element Android) appear as read-only rooms, however Element iOS hides them completely with the exception of notifications that cannot be acknowledged.

You mentioned privacy?

Yes, privacy is a big reason why Matrix is advertised and the lack of it is a fact you agree to by using Matrix or getting bridged to Matrix (which is out of scope for this blog post as it involves other protocols too much, whether you know Matrix or not).

As with the internet in general, the most safe assumption is that once you post something its there forever. It may be encrypted in a private Matrix room or it may be public in a public room, but it will most likely be there forever.

Matrix does support history retention if you are advanced enough to enable it, this assumes your homeserver explicitly enables it as its not default and as your room is hosted on every homeserver that has users in your room, have a single homeserver that hasnt explicitly enabled it, or doesnt otherwise support it, and the room history never goes away. Executing /upgraderoom {{site.matrixLatestRoomVersion}} or any other version will also remove the event.

WARNING! Enabling history retention may corrupt your Synapse database and will make your room unrejoinable if a homeserver leaves it for long enough. Upgrading the room will fix that, but its just a fancy way of saying “discontinue the old room and add a note saying where the new room is”.

WARNING! Always before executing /upgraderoom check that everyone in your room has a recent Matrix server that supports your target room version, otherwise you may lock some of your users out. For example /invite @version:maunium.net and once it joins, say !servers upgrade {{site.matrixLatestRoomVersion}} to get a list of servers that dont support room version {{site.matrixLatestRoomVersion}} yet.

In case there isnt enough confusion, retention shouldnt be confused with actual self-destructing/disappearing messages.

Technical note: sorry about calling reference homeserver implementation by the matrix.org team New Vector Ltd issue as a Matrix protocol issue.

You may say that this requires you to trust the homeserver admin anyway and that is true, I wish people could trust each other and even if someone modified their Synapse to never remove anything or had a client logging everything, they wouldnt throw that history to people who dont want to see it.

Speaking of removals, once you remove a message it will be stored in the database for server admins for 7 days which is fine for me, but if this message happened to be media instead of text, it would never be removed and should you have copied link to the media, it would keep on working and if you changed the homeserver address in your copied link, it would still keep on working. Is this something you expect from a private protocol? I dont, or I didnt before getting familiar with Matrix. There is also an alternative proposal about this.

By the way Synapse is still a reference homeserver implementation by the matrix.org team New Vector Ltd and not Matrix protocol itself, so sorry about that for anyone technical reading this.

Do you use different names in different contexts? Like your Full Name in professional context, a nickname somewhere else and maybe what will be your real name after gender transitioning or even have a diffferent name in direct chat with your partner? Congratulations, whatever is your latest room-specific name may now be public (especially when the room federates and has users from different homeservers), same with your potential avatar.

Synapse didnt become Matrix protocol itself by the way, there are still other implementations!

This issue does have a potential solution an API planned for room specific details (2015) and what I am hopeful about in the future open pull request specification for space specific profiles, unless it just moves the issue to a different level. Which is cancelled or delayed for an undefined time period, “until extensible profiles and sync v3 become more concrete”

2021-08-27: I dont know how serious issue this may be for you, but any emoji/ reactions made on end-to-end-encrypted messages arent encrypted. Its fun in E2EE test rooms when you cannot read the other party, but regardless see their reactions on your messages.

2022-01-10: In E2EE features, when you are invited to E2EE rooms, you generally cannot see the previously encrypted messages. However when those are encrypted, viewing message source will reveal the older messages in body and formatted_body which have been under deprecating plans since 2020-09-19, maybe in the future…

I think that was my biggest complaints on Matrix (or Synapse itself), that dont involve other protocols and I have personally experienced. My notes for this blog post include Elements not having real contacts list, or in other words Matrix not having canonical direct messages, but they didnt occur to me and I guess it has been doing fine enough without implementing those.

If any of these issues is a dealbreaker for you or you dont want to hear a bad word about Matrix, you may be wondering what is the perfect flawless solution? I dont know, personally I dont think it may not exist and I dont want to enter discussing compromise solutions or other protocols in this post at all. This list also wasnt complete on what issues I have with Matrix (and so close to the end I dont want to dig for references) and I have specific wishes that no protocol offers (at least not consistently, such as using multiple names and knowing which name I am using where or managing 50 different rooms with same operators everywhere, but that may get answered by Matrix.)

You may wonder was it nice of me to write so negative blog post. I find it therapeutic as I have had an issue to me to write this since 2021-01-15 and now I have finally done it, a bit over half an year late, spending a bit over an hour to it and I feel better after getting these problems out of my head and maybe they werent so big after all. Up to you.

Lastly I apologise to you-know-who-you-are for not titling this post “undefined”, or even M.UNKNOWN (which I would have imagined to be one of the issues for me to write about, but I dont remember seeing it in a long time, so maybe the situation is improving.

Feedback? I have a discussion room in many apps, or you can find me from a lot of the linked issues and there is also issue tracker for this site.

  • Changelog, also known as git commit history
    • Clicksaver for edits done on day of publishing: I have fixed a typo resulting one link being a 404 error, added mention on Element (iOS) not doing URL previews and later added pills not being supported by it either. I didnt consider outdated emoji picker worth mentioning here, but it came up in the same context as URL previews and wasnt reported to upstream, so I might as well mention it in this part.
    • 2021-08-27: Noted cancellation/delay of space-specific profiles, mention emoji/reactions not being encrypted at all, added link to E2EE test room and this list item.
    • 2021-09-09: Its brought to my attention that URL previews exist on Element iOS! Its 23.15 in Finland so I only strikethrough this issue.
    • 2022-01-10: I am told that Synapse is not a reference homeserver implementation since 2021-10-06 so I have strikethrouged that and changed it to “by the matrix.org team”.
      • Typing this it looks like this blogpost predates the demote of Synapse, but I wish to stay up-to-date with this post.
      • I am also noting that m.room.retention doesnt persist across room upgrades and linking to the Element-meta issue on self-destructing/disappearing messages to not be confused with retention.
      • Oh and reply fallbacks leaking previously encrypted messages too.
    • 2022-05-31: I noticed that Element iOS has gotten pills. Strikethrough time.
    • 2023-07-05: I added warning that room retention may cause database corruption and make room unrejoinable.
    • 2024-01-21: I performed small wording corrections such as Synapse being by New Vector Ltd (according to bottom of element.io since a few months ago and clarified some language.