mikaela.github.io/pages/matrix.markdown

41 KiB
Raw Blame History

Just like IRC, Matrix has became a part of my social life online. My room can be found from my discuss page alongside some protocol comparison and my main accounts are in index.

I also have a txt with a list of all my accounts which has SSH signature.

Questions and Answers about Matrix


Note that this section is manually updated and might be missing some links.

Questions & Answers

Where else can I read about Matrix?

Is there any kind of Matrix etiquette I should know about?

Not particularly, you will find the same kind of social expectations like anywhere else, such as at IRC or Telegram. Here are some guidelines:

  • Ask for a permission in room before starting a private/direct message/discussion with someone.
    • There is commonly an exception when you are contacting a moderator of about an issue in the chat and wish to avoid getting attention on yourself.
  • When you eventually do message someone, state your business, without leaving your first message to a greeting. For more information about this, refer to nohello.net.
  • When creating a new room, avoid advertising it in existing rooms. The first guideline also applies, refrain from inviting random people from other rooms without their permission.
    • If you do perform mass inviting of strangers, you will be considered as a spammer and most likely end up on shared banlists resulting a significant portition of Matrix communities instantly banning you even if you never interacted with them directly.

How can I help gender minorities on Matrix?

There is an easy universal way on the internet, put your profiles into your profile or display name no matter how obvious they may seem to speaker of your language. In addition to normalising the behaviour, you may make it more difficult for hostile users to target us when they assume that only gender minorities have their pronouns visible.

On Matrix specific work on this, see the following MSCs although pronouns in display names are going to stay for the foreseeable future.

The two former would help with keeping English pronouns in English spaces and the last would introduce its own field for them like can be seen at GitHub profiles.

How do you do custom not-emoji reactions?

They are implemented by multiple clients other than Element. In FluffyChat, Gomuks and Nheko you can reply to something with /react something to add a something reaction. In Hydrogen there is a ... next to emojis allowing you to enter freeform text as a reaction. In Schildichat Android when you search for a reaction, it offers to send your search as a freeform-reaction.

Element-Web doesnt support this yet and while there is open pull request, the merging is blocked due to Element not knowing how to handle moderation and reporting for malicious reactions.

What are ghost and puppets?

They are related to bridging Matrix with other protocols.

  • A ghost is a virtual user account created by a bridge service to represent a user from another protocol (controlled by the actions of that user). They appear when an entire room is bridged. Some protocols like Discord or Slack have no native support for ghosts but can approximate them by changing the display name and avatar of the messages sent by the bridge.
  • A puppet is a real user account controlled by a bridge service (based on their actions on another protocol). They may arise from personal bridging but also from room-level bridging when the target protocol does not support ghosts (such as IRC). Unlike a ghost, its possible to log in to a puppet account using a normal client application so its impossible to tell at a glance if the controller is a human or a bridge service (however message contents may provide hints).
  • Double puppeting is when a user bridges their real accounts from two protocols so their actions on either side are mirrored on the other.

What does the public history visibility mean? I dont want to appear in search engines

The public/world-readable history visibility option means exactly what it says, public even without joining the room. These rooms are accessible to tools such as Matrix Static and its successor Matrix Public Archive (aka @archive:matrix.org) and thus their history is visible in search engines.

Note that as the option name hints, the history visibility option will not apply to previous messages. Thus if you first make room public and then restrict it to members only the messages between these two changes are public and new users will see them. Same if messages are visible to members and then restricted further.

Another thing worth noting here is that encryption will not prevent new users from reading the future messages, Matrix will share keys to new joiners to some extent. For more information refer to Matrix Spec issue #1 and related issues.

Can I see who is in any specific room without being there?

It depends.

You can try Matrix Public Archive, e.g. for Matrix HQ archive.matrix.org/r/matrix:matrix.org or matrix-archive.evulid.cc/r/matrix:matrix.org or view.gaytix.org/r/matrix:matrix.org (@arclurker:matrix.org) omitting the leading #.

Until 2023-06-27 Matrix Foundation considered members-only rooms as public so some outdated or patched archive instances may still reveal information. Method to opt-out is still not in sight.

Alternatively if the room in question has an alias, you can try poking the room directory API e.g. for #matrix.fi:matrix.org: https://matrix-client.matrix.org/_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org, you get the room ID and list of homeservers in it and if you see a single user (or otherwise not so popular homeserver), you can make educated guesses on who may be in the room. Note that this particular link requires matrix.org to be in the room and aware of the alias.

Otherwise no, you cannot.

How can I remove my messages automatically like on Signal, WhatsApp, Telegram and everything else?

Matrix doesnt support it, but some clients, mainly Nheko (nightly) do. For more information including countless reasons why you would like to do this, consult Element Meta discussion #682: Self-destructing/disappearing messages.

How can I remove my messages automatically on Nheko?

Assuming you are on nightly build, there are three steps:

  1. In global settings of Nheko, enable Periodically disable expired events, it will affect all profiles upon restart.
  2. In the room where you wish to automatically remove your messages, go to room settings and select Configure next to Automatic event deletion. There you will find the options Expire events after X days, Only keep latest X events, Always keep latest X events and Include state events.
  3. Keep your Nheko running for at least 20 minutes. Nheko will automatically remove the messages older than the time you specified and will check for event expiry occassionally after running for at least 20 minutes, regardless of which client send the event in the first place or whether Nheko was online at that time.

Secretly its also possible to configure defaults for all rooms using Element Webs /devtools through im.nheko.event_expiry account data event.

{
  "exclude_state_events": true,
  "expire_after_ms": 31536000000
}

This configuration would make Nheko remove all other messages than state events when they became one year old (and the scheduled expiry job ran after Nheko being online for around twenty minutes).

I am intentionally not going into deeper detail since that may be dangerous and if you cannot figure it out, you probably shouldnt be touching it.

How can I install Nheko nightly?

I use the nightly flatpak which is easy to install for all users:

sudo flatpak remote-add --if-not-exists nheko-nightly https://nheko.im/nheko-reborn/nheko/-/raw/master/nheko-nightly.flatpakrepo
sudo flatpak install nheko-nightly im.nheko.Nheko --assumeyes

For installing it just for one user, omit sudo and append --user.

To run it, either use the new application menu icons or flatpak run im.nheko.Nheko//master.

To use something else than flatpak, ask someone else like Nheko documentation.

What are state resets?

The term is used least in two different scenarios:

  • when your display name and/or avatar return back to what they were previously without anyone doing anything.
  • more seriously when the Matrix federation decides that the room is actually in the past adding/removing users who were (or werent) in the room at that time. This also affects administrator/moderator access.

This issue was supposed to be fixed at room version 2 with State Resolution Version 2, but regardless still happens in all versions after that. If you are affected, your best bet is to /upgraderoom {{site.matrixLatestRoomVersion}} in developer mode enabled in /devtools, which is a bit distruptive operation as all your users have to join the upgraded version and all homeservers involved must support it.

You shouldnt just trust me or the variable on this site on what is the latest version, consult the Spec and add Version Checker or Fluff Generator or their sibling to your room and once they join, !servers upgrade {{site.matrixLatestRoomVersion}} replacing the {{site.matrixLatestRoomVersion}} with your target version.

How about DAG splits?

DAG splits are a phenomenon somehow related to state resets above, but instead of all servers accepting the same old state, they disagree and split to different directions with varying severity.

In minor case some servers may decide that a user is not in the room and not display messages from them, while in more severe situations the room may practically be two different rooms with no new messages in common between different sides kind of resembling IRCs netsplits before sync.

People understanding state resolution (which by the way dont include me) disagree on the exact cause only agreeing that its difficult to fix. From what is told to me, I understand it to be tracked in the same Synapse issue #8629.

Can I have a non-federated room?

Yes, there are two methods.

  1. During room creation, Element Web offers an option to have a non-federated room. That will permanently prevent any other homeserver from joining and to change that a manual room upgrade is required.
  2. What I recommend instead is setting a server ACL, so if necessary it can be changed later. This may be helpful when migrating to another domain (which Matrix doesnt support) or cooperation with another entity with their own homeserver or anything.

The second method begins with the usual /devtools, explore room state, Send custom state event, enter type as m.room.server_acl and contents:

{
  "allow": ["example.org"],
  "allow_ip_literals": false,
  "deny": []
}

Now assuming all homeservers in the room implement ACL, only example.org users can join the room.

For futher reading about ACL:

What exactly is room upgrading?

Room upgrading basically means:

  1. Create a new room.
  2. Send an event to old room saying “the room has now moved to new room”
  3. Unless upgraded manually, the client copies some state such as power levels from the old room to the new one.

Manual upgrading means poking the API endpoint manually and thus not copying creation event (non-federation state) or power levels. For an example see my matrix-tombstone-room.bash script

See also Matrix Specification on room versions or CTRL-F this page for /upgraderoom {{site.matrixLatestRoomVersion}} (Element Web /devtools developer mode command to perform the upgrade).

How should I configure my Matrix room?

I think there are three important questions that will each require consideration:

  • Do you want to encrypt the room?
    • Is the room public? If so, encryption will just cause strange issues for you to troubleshoot and hinder the purpouse of the channel (which you should also consider).
    • Do you want to use bridges or integrations? Unless you or someone close to you is selfhosting those, they are untrusted and will defeat the point of encryption, so dont encrypt.
    • Does the room only contain trustworthy participants? Encryption may be your friend.
  • Who can see the room history?
    • If you want everyone to be able to read it, choose everyone or world_readable.
    • If you want everyone who has joined the room (and also crawler bots that publish the history further), choose members-only or shared.
    • If you want users to see the history since they were invited to the room, select invited
    • Otherwise select joined to have users only see history since they joined.
  • Who can join the room? This is self-explanatory so probably everyone or invited users.
    • However my favourite rules are knock so that users have to ask for permission to join and knock_restricted so users in trusted rooms can join directly without knocking.

If you choose to make your room public as in joinable by anyone and history viewable by members joining in the future, please communicate that in the room topic.

Some projects may wish to log their channels publicly, if you do so the logging should be authorised by the channel owners and users in the channel should be notified (through for instance the topic, entry message, or similar) that public logging is taking place. Channel operators should consider ways for users to make unlogged comments and a process for requesting the removal of certain logs.

Sample events for /devtools

// m.room.join_rules
{
  join_rule: "knock",
}
// m.room.history_visibility
{
  history_visibility: "invited",
}
// m.room.avatar
{
  url: "mxc://example.org/YouShouldKnowHowToGetThis",
}
// m.room.name
{
  "name": "Room Awesome!"
}
// m.space.parent
// state key is room id with !
{
  "via": [
    "example.com",
    "example.net",
    "example.org"
  ]
}
// m.room.topic
{
  topic: "This is my awesome topic \n Dare to disagree!",
}

What are these idlekicks for inactivity, why are they for?

Some Matrix rooms decide to connect their channel to IRC maintaining the same users on both sides, which can be heavy for the IRC network depending on bridge type of which there are three “major” variants:

  • matrix-appservice-irc which creates a ghost for every Matrix user on the IRC side. All of these pretend to be separate clients, so if you have 1000 ghosts at IRC, all internal PING/PONG (keepalive) traffic will be sent 1000 times every few minutes and so will every message received.
  • heisenbridge has two modes, either it acts as a IRC bouncer keeping everything separate for every user or a single bot connection to IRC while creating puppets for IRC users to use at Matrix. It also supports RELAYMSG for more modern IRC networks.
  • matterbridge is the most lightweight of the three working as a traditional relaybot on both sides. Unlike the others, it doesnt require selfhosting your own homeserver making it the most accessible for those with less resources and the option I use whenever possible. Sadly it doesnt look that great without RELAYMSG support I live in hope of Matrix implementing one day.

As matrix-appservice-irc very quickly becomes traffic-intensive, its operators generally have agreement with IRC networks (or are IRC networks by themselves) to remove unused connections after a month or three of inactivity, which is judged by lack of public read-receipts anywhere the bridge can see. It could have been implemented better pretending to be a server instead, which would have a problem of practically being root and thus not many IRC networks would open their door to a third party bridge and the Ergo IRCd doesnt even support server linking (opting to be HA instead, but more of that in “Why should I use Matrix instead of IRC?”).

Being a server would also resolve IRC users getting annoyed by huge disconnection floods whenever matrix-appservice-irc restarts as it could be batched by the IRCd users are connected to.

The issues of matrix-appservice-irc grow worse when the room has bridges to other protocols, as those grow the IRC user count, use nicknames (sometimes capturing nicknames of people using both protocols and may be difficult to regain if the bridge doesnt answer to !irc nick SomethingElse) especially when the other protocol doesnt support direct/private messages and doesnt have even that excuse of using a connection slot.

I hope this answer helped explain why this behaviour exists and that IRC users arent opposed to bridging out of malice.

But the relaybots look so ugly

IRC users have dealt with them since always, I tend to use Limnoria IRC bot which is forked from Supybot and has had the Relay plugin (for relaying messages between multiple IRC networks) since possibly before Wed Feb 2 06:45:35 2005 +0000 and I imagine it was far from the first IRC relay.

This means that even before IRCv3 RELAYMSG and displayname proposals, which I wish to merge so modern clients could show displaynames and legacy RELAYMSGs, there have been client-side solutions that have also been evolving:

  • Irssi I havent used personally, but I hear it has a detelexify that looks a bit like its made with Heisenbridge in mind.
  • WeeChat used to have a separate script for this, but at version 1.1 in gained the Trigger plugin able to perform actions without scripts, thus meaning you can use something like this Relaybot 2 Trigger example without having to install anything (while /script would be easy too).

I hope Matrix will get better at this too.

I am told that I should Matrixify my IRC channel, what does that mean?

You are likely using IRCnet and I am sorry that you have to deal with this raider group. It means some mix of:

  • setting a Matrix avatar to the room
  • removing the # from the name of the Matrix room
  • setting a main alias to the Matrix room that doesnt contain the IRC networks name
  • bridging to Matrix in a way that Matrix user (that may not be you) has full power over the room, potentially also over the bridge bot
    • be careful if you are told to answer a bot yes in a /query!

Why should I use Matrix instead of IRC?

No reason, if IRC suits you better than Matrix. As I have said before, I find maintaining IRC easier. IRC also tends to work better for me in poor network conditions and with IRCv3 specifications and implemented draft proposals, it can be very pleasant modern experience without the issues that come from federation.

There is a usecase for every tool and while federation is important feature in general I am yet to miss it in IRC.

I keep mentioning Ergo IRCd, which scales, has serverside history and integrated bouncer feature so its just a matter of adding it to your IRC client alongside your SASL credentials and you will receive your offline messages whenever you reconnect. Ergo also supports RELAYMSG making messages from other protocols seem more native to read and many graphical IRC clients even provide integrated image uploading support.

Pirate Party of Finland considers Ergo-based PirateIRC and its webchat a reasonable fallback should we have to leave other protocols or they would be unusable otherwise.

Why isnt Pirate Party of Finland using Matrix?

This goes a bit past my personal Q&A, but we are using it kind of as a “tech demo”. However it cannot currently mature past that as:

  • we dont have people interested in Matrix (obviously excluding me).
  • we dont have resources for hosting a Matrix homeserver, while we had IRC before we were founded.
  • moderation tools are so bad its only me dealing with them (see critiques near top of the page).
  • Matrix flagship clients, Element Web, Element Android and Element iOS dont support knocking which has been supported by Matrix Specification since September 2021 or so meaning users of those arent able to request access to our rooms, unless they are members of an allowed rooms first.

If you want in, your options are:

I dont currently want to touch Matrix, but I am seeing abuse from there, what can I do?

If you are using Telegram or Discord, you are out of luck, as while you can remove messages, that may get removed from Matrix, you cannot remove the abusive users. If you are using XMPP you may be out of luck.

However if you use IRC and the Matrix users are behind matrix-appservice-irc (check this list or your network operators) you may be in luck as long as you or your ops havent answered “yes” to the Matrix bot.

Matrix-appservice-irc attempts to sync permissions from IRC in a limited fashion, and if its unable to join a ghost (see an earlier question), it will kick the user from Matrix for as long as the ban stays in place.

In other words, if you were using Matrix personally, the IRC bridge would drastically increase the moderation tools available for you! You can now use wildcard bans that arent natively supported and even extbans like (LiberaChats) /mode #yourchannel +b $r:*:matrix.org* to ban all matrix.org users from your channel or set +e ban exceptions on them!

Note: this obviously stops working should the Matrix user change their gecos/“real name” in which case your only option is to ban the entirety of Matrix. E.g. on LiberaChat /mode +b _!_@2001:470:69fc:105::/64 assuming your abusers dont have a cloak (vhost in any other IRC network).

I fear someone has said yes

In that case someone may have near absolute power on the Matrix side and could have removed the matrix-appservice-irc bot from power thus preventing it from kicking users banned from IRC letting them spam freely on Matrix while being invisible to IRC. In even worse scenario the abusive user was given power and they are immune to whatever is done from IRC.

There is also the chance that a netsplit gives a Matrix user moderator permissions that are never removed when sync occurs.

That doesnt help me

If everything else fails, you can always mail abuse at matrix dot org, who will want the following details (as of 2022-10-16):

  • Your matrix ID
  • the room ID(s) your report is about
  • timestamps or links to the events you are telling us about

Assuming you are an IRC user and thus unable to provide the two first, I would include:

  • IRC network in question
  • IRC channel in question
  • WHOIS information of the abusive user (the realname should include MXID)
  • timestamps and logs upon the incident

I havent tried this personally though, as I am Matrix user and have been sending raw events in JSON to them.

Personal questions

Why so many accounts?

My reasons for that are many and I am often proved correct in them.

  • By having multiple accounts on different homeservers, there is no single entity that can decide whether I participate on Matrix or not. This is also a benefit of decentralisation in general.
  • In case of federation meltdown, I have multiple entrypoints to send events and thus hopefully one of them goes through faster. There have been multiple incidents where this could have been useful for room administrators.
    • Matrix homeservers used to allow open registration with no kind of protection and no warnings they are being ran with that configuration until some time before room version 10 was released. This allowed multiple rooms to be spammed trivially and it took days for all homeservers to sync ACL bans in the worst cases. It also resulted to a lot of state resetting so the affected rooms never got cleaned up as the spam users kept coming back and clients had issues handling so inflated rooms.
    • Federation also fails when a spammer sends messages after getting banned and thus moderation bots fail to remove messages from them as those dont get to the banning server. Thus moderators need more accounts again.
  • State resets keep happening and thus I cannot trust other accounts than the one which created a room in question stay as power level 100.
  • Homeservers come and go, sometimes with little to no warning. As I have many functioning accounts generally with power levels set, homeserver migrations take me less effort than going through every room and ensuring just now created account has power.
Brief history of my experiences with dead homeservers

Believe my concern on homeservers coming and going or not, no homeserver is safe, you should have backup accounts on multiple independent ones. Or maybe I am just personally unlucky?

  1. 2018-09-07: Disroot.org announced Matrix closure.
  2. 2019-04-12: Matrix.org was compromised resulting the homeserver being down for a while, some integrations even longer and the XMPP bridge returned months later.
  3. From Disroot I moved to Feneas, the Federated networks association, thinking that homeserver being a paid membership benefit would help it to stay up and be reliable. However in late 2021 and early 2022 we decided to disband the association due to COVID-19 pandemic, lack of volunteers, lack of money (which wasnt helped by Finnish money gathering law issues) etc.
  4. Around 2023-04-24 the-apothecary.club went down and returned sometime 2023-05-06. That would have been a long time with no communication on Matrix and not having access to any rooms, but luckily I have been using my account there just for accessibility testing and even if it was my primary account, I would have had backup accounts. I still dont know what exactly happened there, but I am not an active member of their community and they are volunteers like most of Matrix (excluding EMS and other paid homeserver offerings).
  5. 2023-05-08 13:15 Kapsi.fi database server physically died taking down their homeserver and pikaviestin.fi (alongside sauna.social and järkkää.fi) which hosts my main account. It returned a couple of days later on the evening of 2023-05-11.
  6. On 2023-10-25 IT group of Pirate Party Austria made an announcement that pirateriot.net pirateriot.net shut down on 2023-10-31.
    • They do bring it temporarily back up on some evenings (Austrian time?) so people have chance to migrate away, but it should be considered as discontinued.

Why do you use Matrix URI scheme instead of matrix.to?

I dislike matrix.to as a concept. Its a centralized service on decentralized protocol and in my opinion it shows lack of self-esteem on Matrix side considering neither XMPP or IRC require something like it, both of those trust being known or handled appropiately.

Why does one of your accounts have capital letter in the username?

In 2016 or so I mistakenly thought that usernames would be case-insensitive and they only got banned in Synapse on 10th November 2017.

Which client do you recommend?

Honestly the only one that I can recommend is Nheko nightly flatpak, even if its also missing features I care about such as Stories (#1038).

I have also said it before, but for any serious use of Matrix, you will need Element Web and especially the /devtools command it has.

If you absolutely need Matrix somewhere neither fits you, maybe Hydrogen is your PWA hoping your needs dont include too many Matrix accounts (#783, #817) and hoping you dont use SailfishOS (#1000) or Ubuntu Touch (#1144). Good luck!

Which homeserver do you recommend?

I am hesistant to recommend any. Finnish users may be interested in the Linux.fi wiki listing, everyone else may be served by joinmatrix.org listing.

Why dont you run your own?

As can be read between the lines from my critiques, I dont consider any homeserver to be in the state that its either safe to run legally or lightweight enough or not require constant maintenance as opposed to IRC which I do selfhost.

The world situation in general discourages me from anything as heavy.

Why cannot I see history in your Matrix rooms?

Matrix doesnt support self-destructing messages or message expiry in general, so I dont feel comfortable with world-readable logs (which would easily end to search engines forever).

If you need to see something in the backlog, I suggest using IRC (IRC@Etro or PirateIRC especially) or XMPP which each store messages only for 7 days (Ergo default) or some months (Prosody default) on a single server.

So do you wish Matrix to fail?

No, I have been using countless of hours at writing these critiques and performing “quality assurance”/testing, localizing clients to Finnish, providing support on their rooms for users of those clients, writing a Matrix Spec Change proposal (that was merged), having coauthored another, writing or contributing documentation in two languages and whatever else I have been doing since 2016.

Matrix has a place in my heart, just as IRC and XMPP and while none of the three are perfect, I wish for the issues get resolved and the fighting between them to end and I am tired of the “stop having fun” or “you are worse person for still using deprecated IRC” or “I wish IRC/XMPP just died already as its so old” or whatever attitude I see amongst certain Matrix user/enthustiastic groups.

However I admit sometimes having difficult time believing that either Matrix Foundation or New Vector trading as Element has their users best interests in heart. On my worse days, I especially hardwordedly criticise media never being removed or fear that Matrix may endanger gender or sexual minorities by leaking room-specific profiles and especially lack of self-destructing messages (that is nowadays a discussion rather than an issue) considering even DeltaChat (also known as an email client) manages to implement it without control over the underlying protocol and even less guarantees!


The lucky Matrix number is {{site.matrixLatestRoomVersion}}, but do consult the Spec for that and definitely ask !servers upgrade {{site.matrixLatestRoomVersion}} from Version Checker or Fluff Generator or their siblings.