Matrix review. Matrix-synapse administration impressions.
Hi! I was hosting and using matrix-synapse homeserver for six months already, and I have plenty of things to tell you about. Let's get into it!
First of all, what is matrix here? No, it's not an old movie, and even not an array of numbers. This is a open standard and federated communication protocol with e2ee encryption and privacy features in mind. Please note: matrix is protocol, not a software. It only describes how things should work, not implementing it. The rest lies on the shoulders of the developers, who create the server and client-sides. Most popular choices here is matrix-synapse homeserver and Element as a client. There's no need to enter your email or phone number, you will just need a username and a password (Note: some public servers may still require your email for registration.) It's decentralized and federated, means anyone can run the server and communicate with others. A good example here is email. You can seamlessly send messages from, lets say, vasya@gmail.com to petya@disroot.org. Spooky scary cloud can bite it's balls off!
And here is the first problem!
Instead of using small servers run by individuals, people often prefer to use the standard, centralized matrix.org server. Matrix loses to mainstream apps like telegram or whatsapp in terms of clients. I would even say that the whole point of using matrix is it's openness and possibility to store your messages on your server or over the federation, on homeservers you trust. Not in cloud, this way you could just use something like telegram. And end-to-end encryption, of course, but I'll look into it later.
Implementations...
It's bad. It's really-really bad. Most stable and maintained implementation of server-side, matrix-synapse is literally written in python! It's very heavy, resource intensive and slow monster. Synapse literally eats 1.5 gigs of ram on an fresh installation with some users. For example, prosody (xmpp server) uses only 20-30 MB of ram on a fresh installation. If you want to run it, start with two cores and 4 GB ram VPS.Element, client I mentioned above has the same problems. It's a heavy electron app (or a webpage). Despite that though, I really enjoy using this client on my PC (but not on laptop! sandy bridge goes brrrrrr)
Yeah, I already said matrix is a spec. Software from above is maintained by company named New Vector Ltd. It's a main funding source, a for-profit organization, so they can afford making average quality software. And yes, of course there are server implementations and clients from individuals here. ...But they are fully imbued with the very spirit of open-source. They are made free of charge, so you can't count on the absence of bugs. They often lack the latest specifications, and many clients are in deep-deep beta. But in any case, things are slowly but surely improving over time.
Bridges!
Your friends don't want to switch from their favorite messaging app to a better alternative? There's already a solution for that! It's called bridges. Of course, it would certainly be better if you do switch to e2ee, but it's still not a bad decision. I have mautrix-telegram bridge deployed on my VPS, so I can tie two groups, one in matrix, and another in telegram together.
Ease of use
Another goal of the developers of the entire network is to make it as easy as possible for everybody to use it! Like, it's the main and only feature, why I'm still using matrix for my communications. I'd sit in jabber and tolerate all the flaws, but you know, there's no point in a IM server if no one will communicate with me :). Element X, the latest client from New Vector Ltd is so over-simplified that even grandma would have no problems with it. And it's all spiced up with e2ee. A person won't even need to know what it is. But yes, let's get down to earth, all these goodies are still in active development and you still have to learn about the basic principles.
E2EE
Public groups are public, yeah. Majority of admins just disable that option, and all messages are stored unencrypted across the federation, there's no magic. E2EE is achieved in p2p chats and small groups only by invite. There used to be some problems with encryption, but after a while, the whole thing became stable, and I haven't seen funny "Message cannot be decrypted" in a long time. But still there's flaws. Reactions to messages are unencrypted.
Privacy. Admin-in-the-middle.
I would say that matrix is semi-decentralized protocol, because it's not the users who communicate with each other, it's their homeservers. And malicious admin is a really big problem. Guy, who operates the server can see: - Chat history of every unencrypted room - Information about the users of their homeserver, like devices, IPs, etc. - Room related metadata, room participants and their avatars/nicks, the room topic, power levels, number of messages people sent and when, etc. See more here. So, only the encrypted messages themselves are truly secure. Adversary can do so much with information above!
In fact, this is true for all similar protocols. Only SimpleX has moved ahead, but it is still problematic to use, to say the least. If you need a higher degree of privacy/anonymity - SimpleX is your choice, nobody haven't invented a better solution yet :)
Let's visualize a scale. The more you add the "security" element, the less "ease of use" becomes. See the picture below
Administration of homeserver
It's 50/50, I want to say. in the very early days, it was painful enough. Literally everything had to be done through cli, from user registration to moderating public rooms on the server. But now, things are a lot better. I have synapse-admin web frontend for that activities, but still, some actions have to be done manually. First of all, the database grows exponentially. You may need third-party software to compress rows in it, and at some point you will need to dive into it manually to remove unused strings! If your users join huge rooms with 10k+ members, the i/o value will be bound to skyrocket. One day, I had 80 LA on VPS with 2 GB ram and 1 core! After that, I moved to a better VPS for the sake of stability. Users media is not a big problem, as it can be cleaned just using find to delete files that have not been used for, lets say, a month. But content moderation can be a real headache. Your server could spread cheese pizza across the federation and you wouldn't even know it :). That's the reason I have my registration closed.
Conclusion
To summarize, matrix is a good thing for chatting with your friends and random dudes in public groups, keep your work correspondence in a secure location on the company's server and so on. There are better solutions, but they are too compicated for normies. The main feature here - even a child could use it! Yes, you can swear endlessly about the problems listed above, but a better option has not yet been invented :DCheers!