35 comments

[ 2.8 ms ] story [ 61.7 ms ] thread
/me sighs; Merry Christmas everyone.

For what it's worth, we've been working on improving Matrix's metadata footprint this year: MSC4362 (https://github.com/matrix-org/matrix-spec-proposals/blob/kay...) got implemented on matrix-js-sdk for encrypting room state (currently behind a labs flag on Element Web: https://github.com/element-hq/element-web/blob/develop/docs/...). Meanwhile more radical proposals like MSC4256 (https://github.com/dklimpel/matrix-spec-proposals/blob/mls-R...) go and remove senders entirely and encrypt room state via MLS.

The reason Matrix hasn't prioritised metadata protection earlier is:

* If you're particularly concerned about metadata footprint, you can run your own servers in whatever network environment you feel like - you are NOT surrendering metadata to some central or 3rd party server as you would in a centralised platform.

* We've had to focus on getting decentralised encryption stable, which turns out to be hard enough without also throwing in metadata protection - it's only this year that we've turned that corner.

* Unless you're using a mixnet, network traffic gives away a significant amount of metadata anyway.

Anyway, yes: Matrix can do better on obfuscating metadata on servers, and we'll continue improving it in 2026.

Meanwhile, if anyone's feeling nostalgic you can see a presentation I wrote preempting the challenge of metadata protection back in 2016 (on the day we first turned on E2EE in Matrix, ironically): https://matrix.org/~matthew/2015-06-26%20Matrix%20Jardin%20E.... In some other world perhaps we would have got to this point sooner, but better late than never.

EDIT: I can't face going through all the other points in this post, but it's worth noting that some of it is just entirely false - e.g. the hackea claims of "an impressive collection of private data being sent to Matrix central servers, even when you use your own instance", or the fact that media isn't authed (it has been since Jun 2024). Meanwhile the abuse situation has evolved significantly in 2025, with stuff like https://matrix.org/blog/2025/02/building-a-safer-matrix/ and https://matrix.org/blog/2025/12/policyserv as well as hiring up a larger trust & safety team at the Matrix Foundation.

> [federation] offers a degree of censorship resistance, as the messages or images are replicated across multiple servers, making it difficult for any single entity to censor or control the content.

That's the way Matrix goes, but that's not an inherent property of federation (XMPP doesn't leak nearly as much metadata as Matrix does, for instance)

Also, there is no free lunch in this space: p2p is slow and inefficient (bandwidth as much as battery) for modern mobile usecases, the workarounds generally consist of having edge servers to act as caches or preferred routing points, and that brings us back to the exact same set of tradeoffs found in the federation model, except with less control.

In short, I agree with the premise that Matrix is terrible, but not that federation is necessarily bad, nor that P2P is clearly superior.

(comment deleted)
Discourse "loading" screen is the worst user experience. It's long, non-informative and meaningless.
> Why Federation Must Die

They've lost me right here.

Several years ago I was looking for something to use as a family chat server. Many of my friends/coworkers were using Slack/etc., but since my immediate family members didn't already have a preferred chat app, I was hoping to self-host something open-source. Matrix was under very active development at the time and I was pretty excited about the prospect of using it. Matrix didn't even have E2EE yet (I think it was under development), and that really wasn't a feature I needed or cared about (disappointing to read about all the trade-offs involved in this post though). The computational/storage costs for Matrix really were way too burdensome though. I ended up going with Jabber (Snikket). A jabber server costs essentially nothing to run. Highly recommend.
I really wanted matrix to succeed, but I've completely and entirely given up on it now.

State resolution is just a total mess. On the best of days it's a hideously complicated system that sucks crazy resources, and on the worst of days rooms get blown up and bricked. Supposedly it's not as bad as before, but the fact that rooms can get bricked in the first place is bonkers. Just computing the member list of a room is a disaster due to the complex resolution algorithm - I spoke to a homeserver admin once who found that the DB storage space of just the member list can easily reach multiple gigabytes for larger rooms.

Also years later, we still don't have custom emojis, user statuses, user bios, invite links etc. - very basic things that literally every messaging platform has. https://github.com/element-hq/element-meta/issues/339 https://github.com/element-hq/element-meta/issues/573 https://github.com/element-hq/element-meta/issues/426

I'm interested in hearing if anyone has used simplex and what kind of experience it is. It seems like simplex is going for a similar audience as signal but using a very different approach. I don't think they've really had a breakout though and haven't heard it talked about much.

I use the strict cookie policy on firefox, and set cookies to be deleted at shutdown. I just save credentials and login to platforms each time.

I joined the mozilla matrix, and ironically, this caused the auth system to completely break down for some reason since I would log in each time.

It suggested to reset the whatever login data cookie thing because it did not want to trust me anymore, displaying red warning or whatever.

I asked around, and apparently they disagreed about that strict cookie policy, which felt quite ironic coming from the mozilla community.

Moxie (Signal Founder) gave a talk about the issues with federation at CCC in 2020, he took a crazy amount of flak for it, a lot of it from the Matrix community. Lots of the issue highlighted are in this post.

https://youtu.be/DdM-XTRyC9c

(comment deleted)
>Unlike any other existing messaging platform, SimpleX has no identifiers assigned to the users

Lies by omission. SimpleX doesn't mask your IP-address by default. It leaks to the server. The ENTIRE public SimpleX network is hosted by two companies, Akamai and Runonflux. Metadata of two conversing users running on the same VPS can be detected with end-to-end correlation attacks, so pray that the two are not PRISM partners or whatever has replaced that program.

I'd be fine with SimpleX if they

1) bundled Tor and had a toggle switch during initial setup.

2) were transparent about what the toggle switch does (lag/bandwidth vs IP masking)

This is crucial as they already have Tor Onion Service server infra set up, but they're not making it easy for a layperson to use those. Instead they lie by omission. Their

"SimpleX has no identifiers"

only means

"SimpleX does not add additional identifiers"

They don't give a damn about your router gluing your IP address, that's increasingly becoming a unique IPv6 address, to every TCP packet header.

I wondered from the beginning why matrix was adapted so quickly. It's cryptographic protocol is so flawed. Most of the leaks could be easily prevented.
I still wonder why my experience and the experience of my friends, community and family with Matrix has been so positive compared to what people describe all of the time. Maybe it's because something changed in ~2025 when I started using it again? Both Beeper (my main Matrix provider, the one that preconfigures WhatsApp, Signal, SMS etc. bridges) and Element (the new mobile app and EMS for hosting). I onboarded something like two dozend non-technical people to it, and they are all happily using it every day, mostly to use the bridges that come with Beeper. Haven't heard a single complaint, even switching devices just works now. Almost all communities I care about (GNOME and so on) have Matrix servers, and since the spaces feature launched it's been really competitive with Discord, even UX-wise thanks to the new apps on desktop and mobile. Yet all I hear on HN and elsewhere is people complaining about UX issues that just have not appeared a single time for myself. Maybe it's people using non-compliant clients, old servers, or some other strange configuration? It's a mystery to me.
It used to be much worse before Sliding Sync was in widespread use... often just logging in would be next to impossible for me depending on the exact client I used and how much old state there was to fast-forward to... many minutes would go by stuck at "logging in..." as it downloaded gigabytes of god-knows-what.
Element web and PC applications are still, in 2025, a mess. I have heard you have to use it on Mobile using the ElementX.

No new complaints: The standard it badgers you to authenticate, then doesn't let you due to errors. Slow to load messages, inconsistent whether edits will show or not, inits channels to an arbitrary time in the past, then you have to click the arrow a few times and wait to get to the latest, the page won't load on mobile, etc.

As someone who has witnessed a malicious Matrix admin, it has become glaringly obvious that operating on a platform that hinges on any sort of trust in a human who can oversee metadata (even those who you consider to be good friends) is not viable.

I wanted to believe, but sadly privacy must be hard-coded or the people with a large set of technical skill, access to AI agents who will restlessly pursue their mission, and a dysfunctional moral compass will attempt to technologically dominate users.

It's all soylent green in the end; people.

There's no decentralized protocol as they're centered around their developers. Too much human effort and attention has been centered around software.

The ephemeral gibberish of software developers approaches religious like obsession with sigils and notation levels of absurdity. Believe in their scripture! It will see humanity to the promised land!

Meanwhile in meat space everyone I socialize with is tired of software engineers; "they over complicate everything!" is a common refrain.

This little filter bubble is probably fostering asocial mental illness's in many of its disciples

> Why Federation Must Die

I disagree so much. Yes Federation is hard and it brings lots of new challenges. But with things like Chatcontrol it's the only way we can continue to communicate securely in the EU. Everything that is not federated has a single entity managing it which can be threatened with punitive actions. With federation everyone can run their own server meaning too many people to go after.

I understand these guys don't want it and they have good reason but federation in general should not die.

The table comparisons here of Simplex vs Signal, XMPP & Matrix don't seem particularly interesting (like for like) beyond demonstrating the general differences between decentralised & federated systems.

Has anyone done a comparison between Simplex & any specific P2P systems (the P2P coverage in this article is extremely vague & handwave-y) - e.g. something like Scuttlebutt?

We've been happy Matrix users. Apart from less technical folks losing their encryption keys every now and then and certain other users having issues with flatpak permissions it's been an uneventful experience... until now. We're losing a domain due to contractual obligations and it seems the only way to migrate to a new one is to start over.
Death by a thousand features. A cryptographically secure simple listserv is _well_ within reach
I don't have opinions about Matrix (a more-secure version of Discord or IRC seems like a reasonable thing to want) but want to put a word in for reading the Nebuchadnezzar paper, which is kind of a master class in cryptanalyzing secure messaging protocols, and really drives the point home that the hard part of a group secure messaging system isn't encrypting messages (anybody can do that) but rather in securely managing group membership without trusting servers:

https://nebuchadnezzar-megolm.github.io/

I disagree that federation must die. Federation has problems, but it solves the most important point which is to avoid that one company controls everything. Whether you have identities, or servers associated or bla bla bla all of that is secondary to preventing centralization of power.
Like any opposition party, the anti big tech crowd is actually a loose coalition of different goals and interests. I've noticed that as these platforms get through the earlier stages of "will it even work" the differences in values are becoming more pronounced and controversial. The primary two groups seem to be those who value federation and see centralized control and algorithms as the threat and those who value encryption and see surveillance as the threat. Obviously these two things aren't mutually exclusive and we all want to see new platforms that can solve for both. But there's a quite distinct difference in the primary priority and consequent technical decisions.

I hope maybe if we can be aware that this is a broad set of technologies being driven by a broad set of goals then we can be a bit more gracious when a project isn't perfectly aligning with our personal values and find the common ground and values.

Thanks for this comment, you've said exactly what I've been thinking.

I'm definitely in the sect of people who have "detach from big centralised tech, be self hostable & interoperable" as the main priority, with E2EE being a nice extra. So it's always interesting when I read articles from the other side who see privacy, maximal E2EE & zero metadata as their #1 priority. They entirely dismiss protocols as junk for reasons I would never think or care about. But these things do matter to them, and they are just as important as me.

It strikes me as a near impossible balancing act for a project like Matrix to please everyone. They are clearly trying.

I will also note that there's a volume difference in the messaging being sent out. The privacy/security people are often very loud & critical, with good reason from their perspective. For example this article. That makes the discourse seem more negative than the overall sentiment probably is.