🔗Matrix Live

Today's Matrix Live: https://youtube.com/watch?v=wuQKtCg-doo

🔗Dept of Status of Matrix 🌡️

Thib (m.org) reports

The Foundation is at a crossroads. We need to raise an additional $610K to break-even, and more immediately to raise $100K to keep our bridges running.

As a neutral custodian for the specification and much more, the Foundation is key to the success of Matrix. It is time to step up for it.

Read the full post on our blog

🔗Dept of Governance ⚖️

Gwmngilfen reports

🔗Announcing the Governing Board Working Groups process

The Governing Board has news! If you have been itching to know how to get involved, we are now ready to get you ... on-Board! 🥁 😀

The Working Groups are the beating heart of the GB - they get the work done. So naturally people have been asking "how do we make one?" and "what is expected of a Working Group?"

🔗Creating a Working Group

The process is fairly simple:

• First, find some people who want to work on the problem - we would suggest at least 3, but the more you have the better, as it shows the level of interest in the issue.
• Second, write down a charter for your Group - this doesn't need to be huge to start with, just a few sentences about what you want to be responsible for and the outcomes you want to achieve.
• Finally, get a Board Member to sponsor you - this means finding a Board Member who agrees with the work you want to do, and will act as your link to the rest of the Board. The #governing-board-office:matrix.org is a great place to start conversations about WGs and look for sponsors. If in doubt, ping me there ( @gwmngilfen:matrix.org ) and I will help if I can.

Once you have that done, the Board Member will discuss it with the rest of the GB, we'll put it to a vote, and if it passes, you're in! (If it doesn't, we'll be sure to pass back what feedback we can about why not).

We would advise making noise about your proposals for Working Groups in the community to rally support and/or new members to get work done. TWIM is a good place for that 😛

🔗Expectations of a Working Group

Working Groups are well named - they work. Some will provide advice & documents on a topic, others may produce code or similar outputs (think, a Docs WG?) but all have work to do. So, obviously you'll want to get on with that.

We also expect that:

• Working Groups will have at least a Matrix room to discuss work in asynchronously

• they will have regular meetings ("regular" is different for different groups, but we would expect not less than monthly). These could be video or chat meetings.

• they take minutes of the meetings - the Board member can help here, but someone should take notes if they are not available.

  • These minutes get passed up to the rest of the Board so we can all be kept up to date at a high level

Clearly there are also some longer term things that we expect, like an expectation to work well with other Working Groups, to build consensus for decisions, etc. The GB can help if things need unblocking, of course.

🔗Documentation

We do need a place to record the Working Groups, what exists already, what they do, how you get involved. This will be added to the Matrix.org website SOON™️

🔗Initial Working Groups

All of this is theoretical until we start creating some groups, so .. let's hear your proposals (and I have a few to post in a moment)! Let's get some work done 💪

HarHarLinks announces

🔗New GB Working Groups - call for members

Working Groups are the core of how the Governing Board orchestrates its work. We have some new ones for you to consider (for the first time 🎉)

🔗Website WG (proposed)

The GB is considering a proposal for a Website WG! @HarHarLinks has written a charter regarding how to get work done for the main Matrix website, and has a good initial member list. While this is de-facto work already being done, we'd like to make it official - it's been proposed by @HarHarLinks so if this sounds like something you'd be interested in, register your interest with them!

🔗Events WG (proposed)

The GB is considering a proposal for a Events WG! This would cover CfPs, staffing booths, merch, event tooling (Pretix box, etc) and so on. While this is de-facto work already being done, we'd like to make it official - its fairly detailed charter been proposed by @HarHarLinks so if this sounds like something you'd be interested in, register your interest with them!

Gwmngilfen reports

🔗Ideas for New GB Working Groups

In addition to the in-flight proposals from HarHarLinks, I have a couple of ideas that need input to get started...

🔗Documentation WG (idea)

I think we could benefit from a Documentation Working Group in Matrix. The Spec pages are excellent, but much of the rest of our docs falls to the general website team, and we see a lot of copies of things like https://doc.matrix.tu-dresden.de/en which suggest to me that people aren't finding our docs sufficient?

So, without wanting to downplay the awesome work that has gone before, I think a dedicated Docs group could try to help specialise the various people working on the website, as well as provide a clear place to report issues with our materials. I'm willing to propose this, if you'd like to discuss it (or think it's an awful idea), please reach out to me ( @gwmngilfen:matrix.org )! in #governing-board-office:matrix.org

🔗New User Experience WG (idea)

Another group I'm thinking about is the New User WG - this would be focussed on how we get more people to Matrix, and improve those first few minutes/hours/days in our ecosystem - and how to gather their feedback effectively.

During the Matrix Unconference in Brussels, I hosted a session on this, and in just 45 mins we made 2 pages of ideas, so I think it's a rich area. Outputs would be advice/suggestions to other parts of the ecosystem for how we can make things better for our newer (and especially non-tech) users. I'm willing to propose this, if you'd like to discuss it (or think it's an awful idea), please reach out to me ( @gwmngilfen:matrix.org ) in #governing-board-office:matrix.org

Got ideas of other WGs? Talk to us in #governing-board-office:matrix.org! Onwards!

🔗Dept of Trust & Safety 🤗

Jim announces

An update on changes to the Matrix.org room directory: https://matrix.org/blog/2025/02/curated-room-directories/

🔗Dept of Clients 📱

🔗Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Doug says

• The next release of Element X iOS has an updated Rust SDK and as such, we will no longer support the Sliding Sync proxy - native Simplified Sliding Sync via your homeserver is the only sync option.
• We made huge progress on embedding the Element Call web app into the Element X (rather than loading it from the web) - we are able to participate in calls, and are now just adapting the code to fully support localisation when embedded.
• We have started implementing pills for rooms and events, just as in Element Web. The first step is to replace permalinks rendered in the timeline with these new pills.
• We had a nice little external contribution that fixes @mention suggestions to work from anywhere in your message and not just at the end. Thanks Vickoo 🙌

🔗Element X Android (website)

Android Matrix messenger application using the Matrix Rust SDK and Jetpack Compose.

Benoit reports

Working on several features currently:

• swipe between media: improvement when coming from the pinned Events list. Now merged!
• joining room by alias (can also be called address)
• user interactive verification. It's currently possible to verify your own sessions, it will be possible to verify other users
• fixing bugs! We have fixed a bunch of ANR issue, the first stats from the PlayStore are showing a drop in the ANR occurrences.
• new translations into Norwegian and Turkish. Thanks for all the contributors! As a reminder, anyone can help translating the mobile applications from here: https://localazy.com/p/element/ . Translations are shared between the iOS and Android application.

🔗Dept of SDKs and Frameworks 🧰

🔗matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

poljar reports

It's been a quieter week, but progress continues! The event cache is receiving its final polish, including performance improvements, as it nears prime time.

The authentication system is also seeing ongoing enhancements, thanks to Kévin Commaille.

Additionally, work has begun on the successor to MSC3061, aiming to allow newly joined users to access the history of encrypted rooms.

🔗Event Cache Updates

• Simplified the flow when resolving a gap (#4691)
• Streamlined back-pagination logic (#4689)
• Implemented lazy-loading for EventCache (#4632)
• Significantly improved reply replacement speed by introducing an index over replies (#4669)

🔗Authentication Improvements

• Removed support for deserializing the old UserSession format that contained the issuer_info field (#4679)
• Adopted the new GET /auth_metadata Matrix API endpoint (#4673)
• Removed the method for authorizing arbitrary scopes (#4664)

🔗Other Notable Changes

• Added a new constructor to InboundGroupSession for easier creation from an m.room_key event (#4688)
• Renamed snapshot files to reduce filename length, allowing Windows users to work on the codebase again (#4625)
• Enabled history visibility overrides when creating a room (#4682)
• Ensured that paginations and syncs don’t add events to the pinned events timeline (#4645)

🔗Dept of Ops 🛠

🔗synadm (website)

Command line admin tool for Synapse (Matrix homeserver)

jacksonchen666 (they/it) announces

We have released synadm v0.47! This release packs a few features:

• Connection errors to Synapse should be more reasonably small and easy to understand, thanks to #168.
• synadm user redact is now added, which redacts a user's messages. Supports local and remote users, but intricate details are up to Synapse (see "Redact all events of a user").
• You can filter for empty rooms on the server side in synadm room list with --empty or --not-empty. This is in addition to synadm room purge-empty
• More options were added to synadm user list to match what Synapse supports
• synadm media quarantine and unquarantine now have the -U/--mxc-uri argument to pass MXC URIs to

That's all in code. There are a few changes in documentation, including the theme, listed on the changelogs.

And of course, a changelog is also available on GitHub. Our room is at #synadm:peek-a-boo.at if you have any questions or other stuff.

🔗matrix-docker-ansible-deploy (website)

Matrix server setup using Ansible and Docker

Slavi says

thanks to Aine of etke.cc, matrix-docker-ansible-deploy now supports FluffyChat Web as an additional Matrix client you can self-host.

To learn more, see our Setting up FluffyChat Web documentation page.

Slavi announces

Thanks to Zepmann, matrix-docker-ansible-deploy now supports bridging to Bluesky via mautrix-bluesky.

To learn more, see our Setting up mautrix-bluesky documentation page.

🔗Dept of Interesting Projects 🛰️

🔗Matrixbird (website)

ahq announces

Matrixbird is an experimental "mail over matrix" idea I've been working on. It supports both traditional email and secure "matrix email" (local and federated) in a unified client.

🔗Matrix Federation Stats

Aine [don't DM] reports

collected by MatrixRooms.info - an MRS instance by etke.cc

As of today, 10771 Matrix federateable servers have been discovered by matrixrooms.info, 3202 (29.7%) of them are publishing their rooms directory over federation. The published directories contain 21078 rooms.

Stats timeline is available on MatrixRooms.info/stats

How to add your server | How to remove your server

🔗Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	codestorm.net	232.5
2	bi-vibes.com	296
3	shork.ch	338
4	matrix.sp-codes.de	483
5	computerlie.be	538.5
6	mtest.eyer.life	770.5
7	mgamers.com	815
8	ncat.cafe	821.5
9	felixilef.de	916.5
10	craftingcomrades.net	968

🔗That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

To learn more about how to prepare an entry for TWIM check out the TWIM guide.

After a successful 2024 with a lot to be proud of, and a Matrix Conference that brought our community together to celebrate 10 years of Matrix, we step into 2025 with a light budget and a mighty team poised to make the most of it!

Our priorities remain to make Matrix a safer network, keep growing the ecosystem, make the most of our Governing Board, and drive a fruitful and friendly collaboration across all actors.

However, whether we will manage to get there is not fully a given.

🔗The Foundation is key to the success of Matrix

The Matrix.org Foundation has gone from depending entirely on Element, the company set up by the creators of Matrix, to having half of its budget covered by its 11 funding members, which is a great success on the road to financial independence! However half of the budget being covered means half of it isn’t. Or in other words: the Foundation is not yet sustainable, despite running on the strictest possible budget, and is burning through its (relatively small) reserves. And we are at the point where the end of the road is in sight.

Why does it matter?

The Foundation has a clear mission:

The Matrix.org Foundation exists to act as a neutral custodian for Matrix and to nurture it as efficiently as possible as a single unfragmented standard, for the greater benefit of the whole ecosystem, not benefiting or privileging any single player or subset of players.

Without the Foundation and its programs, the Matrix protocol itself faces existential threats:

• Without Trust & Safety efforts, bad actors and communities would proliferate on the network and make it unlivable for the rest.
• Without a canonical specification, the shared infrastructure and a Spec Core Team to maintain it, the protocol would become fragmented, losing its effective interoperability – increasing the costs on all downstream users.
• Without a neutral entity as the custodian of the specification, the ecosystem would first shatter and then consolidate around the biggest (likely for-profit) actor.
• Without advocacy, conferences, documentation and tutorials, Matrix would become a niche protocol used by a few enthusiasts for side projects, whilst big proprietary and siloed networks continue to hold the world’s communications.

🔗Implementing the vision

But there is light at the end of the tunnel! Concretely, the Foundation delivers most of its value by fostering a healthy, fair and fertile ecosystem around Matrix. It needs to strike the right balance between:

• Making Matrix accessible & visible.
  • For the general public it means maintaining an easy default onboarding server (Matrix.org).
  • For server administrators it means providing the right tooling to keep their users (and themselves!) safe.
  • For developers it means making it easy to develop products using Matrix, via documentation, tutorials, and in-person events.
• Making Matrix compelling to build on.
  • This means maintaining the Matrix Specification as a canonical, unencumbered, patent free and royalty free specification.
  • Being responsive and vendor-neutral when an organisation or individual contributes.
  • Promoting the good players within the ecosystem.
  • Ensuring the network grows and attracts more users.
• Making Matrix a product that benefits the greater good.
  • This means ensuring that the general public can easily build safe & easy to use communities on Matrix.
  • Ensuring that bad actors are proactively chased and discouraged to use Matrix.

🔗Doing less to do better

Matrix has been here for 10 years, and will hopefully be here for many more! But to continue to grow and thrive, it needs the Foundation to be around and healthy, which means carefully allocating its budget in order to continue to exist and fulfill its mission. This is why it needs to focus on critical programs and shut down some of its activities.

We view the following programs as critical to the Foundation’s mission:

• Maintaining the canonical, backwards compatible, stable Matrix Spec
• Developing protocol enhancements and Trust and Safety tooling, making the tools available to the ecosystem and moderating the servers under its control (typically Matrix.org) - see our recent blog post
• Running the Matrix.org homeserver as an initial home for newcomers
• Promoting the Matrix protocol via online content, conferences and meet-ups and other marketing strategies

We might fine tune our approach, but we can't cease any of those programs without severe consequences for the ecosystem.

Meanwhile, bridges have been at the heart of Matrix for a long time. Public bridges hosted by the Matrix.org Foundation have been a very good resource to show the power of interoperability, connect communities together, and onboard many people into their Matrix journey.

However, these bridges require regular maintenance as the bridged platforms evolve their APIs, and significant engineering and moderation support to run. Luckily, the Matrix ecosystem is now more mature than it was at the time we spun up those public Slack, XMPP and IRC bridge instances. There are now commercial players like Beeper providing a user-friendly offering for people who want to get all their conversations in a single app, or IndieHosters and Fairkom offering hosting for Matrix server and bridge instances (and much more).

So unless the Foundation manages to raise $100,000 of funding by the end of March 2025, we will have to focus our resources on the critical lines of work, and consequently we will have to shut down all the remaining bridges hosted by the Matrix.org Foundation. This includes bridges to Slack, XMPP, OFTC (IRC), and Snoonet (IRC). We will also mark the software behind those bridges as archived, as we don't have the resources to accept new contributions.

In practice, the Foundation needs an additional $610K in revenue to break-even, but this $100K would extend our runway 1 month while we work on landing grants and new members. To put this in context, we nearly doubled our revenue in 2024, reaching $561K, but it was also the first year in which we carried the full cost of our operations: $1.2M. To make ends meet, we liquidated $283K worth of cryptocurrency donations and ended the year with a $356K deficit. We are currently on target for $587K revenue in 2025, with a modest increase in expenses.

🔗Growing the ecosystem and the network

Choosing to shut the bridges down is a difficult decision to make, but will allow us to focus on the critical projects which will keep the ecosystem growing. The success of Matrix depends on how widely it is used by the general public and by organisations – preferably natively rather than via bridges.

The more people and organisations rely on Matrix, the more attractive it becomes for organisations to build products and services on top of it, the more funding the Foundation gets, and the more the Foundation can in turn reinvest into the ecosystem and run initiatives that benefit all stakeholders for the growth of the network.

Once the Foundation is cashflow positive, it will be able to accelerate and eventually get on with the multiple projects the team and Governing Board have in mind to make Matrix fun, exciting, reliable, safe, easy to use, and above all useful. And we hope to get there by the end of the year.

Most importantly, despite the Trust and Safety team being the Foundation’s biggest expense, as explained in our blog post, the team is still underresourced: they are understaffed and under a lot of pressure to deliver protocol improvements, better tooling for server admins, and ensure Matrix.org is a good citizen of the open federation. T&S will be the first area to see increased funding.

Separately, the Foundation wants to continue executing on its mission! Among others, better connect the doers in the ecosystem with the people and organisations who need their energy, share the successes and learnings from the community: the Matrix Conference was an incredible success and we want to see more of that.

We’ve also seen a clear change in how many users and organisations were adopting Matrix in the last few months: the world needs a decentralised end-to-end encrypted network to communicate more than ever, and it shows! We want to uplift the good players which are driving this growth.

The Foundation would also love to support more public policy efforts, which give an opportunity to shape the world by educating regulators, like for the Digital Markets Act; or stronger involvement in standardisation: we had no choice but reduce the effort spent on participating in MIMI, the IETF working group for instant messaging interoperability due to lack of resources.

There is so much more that we could do to make Matrix better and realise its full potential.

🔗So what now?

Right now, the Foundation urgently needs your financial help. For the sake of a safe network, our primary focus today, but also to be able to deliver on the reason we all want Matrix to succeed.

Because we believe that:

• People should have full control over their own communication.
• People should not be locked into centralised communication silos, but instead be free to pick who hosts their communication without limiting who they can reach.
• The ability to converse securely and privately is a basic human right.
• Communication should be available to everyone as a free and open, unencumbered, standard and global network.

In short:

If you are an organisation building on top of Matrix, you can help by becoming a member, which also gives you the opportunity to be eligible to participate in the Governing Board, and other perks.

If you are an organisation buying Matrix services or products, you can help by ensuring that your vendor is financially contributing back to the project or becoming a member yourself.

If you are an individual using Matrix, you can help by making a donation or becoming a member.

If you are a philanthropist or other funder, you can help by getting in touch with us at funding@matrix.org to discuss funding options.

It isn’t the first time we’ve rung the alarm bell, and it is no fun to beg for help. We are at a crossroads, where the vibrancy of the ecosystem and enthusiasm around Matrix is not reflected in the support the Foundation gets, and we are at risk of losing this common resource and all it offers.

But all in all, we are optimists – we wouldn’t have begun this journey if we weren’t – and we believe that there are people out there who realise that sovereign and secure communication is as high on the list of today’s essential technology – if not higher – as ensuring AI is safe, so let’s spread the word and let’s continue working on a safer and more sovereign world!

As of yesterday, Matrix.org is using a curated room directory. We’re paring down the rooms that are visible to a collection of moderated spaces and rooms. This is an intervention against abuse on the network, and a continuation of work that we started in May 2024.

In early 2024 we noticed an uptick in users creating rooms to share harmful content. After a few iterations to identify these rooms and shut them down, we realised we needed to change tack. We landed on first reducing the discoverability and reach of these rooms - after all, no other encrypted messaging platform provides a room directory service, and unfortunately it can clearly serve as a mechanism to amplify abuse. So, in May 2024 we froze the room directory. Matrix.org users were no longer permitted to publish their rooms to the room directory. We also did some manual intervention to reduce the size of the directory as a whole, and remove harmful rooms ahead of blocking them.

This intervention aimed at three targets:

• Lowering the risk of users discovering harmful rooms
• Stopping the amplification of abuse via an under-moderated room directory
• Reducing the risk for Matrix client developers for app store reviews

In truth, the way room discovery works needs some care and attention. Room directories pre-date Spaces, and some of the assumptions don't hold up to real world use. From the freeze, and the months since, we've learned a few things. First, the criteria for appearing in a server's room directory in the first place is way too broad. Also, abuse doesn't happen in a vacuum. Some rooms that were fine at the time of the freeze, are not now. There are a few different causes for that, including room moderators losing interest. We looked for criteria to give us the confidence in removing the freeze, and we hit all the edge cases that make safety work so challenging.

Those lessons led to a realization. One of the values of the Foundation is pragmatism, rather than perfection. We weren't living up to that value, so we decided to change. The plan became simpler: move to a curated list of rooms, with a rough first pass of criteria for inclusion. In parallel, we asked the Governing Board to come up with a process for adding rooms in the future, and to refine the criteria. We've completed the first part of the plan today.

🔗What comes next

There's plenty of scope for refinement here, and we've identified a few places where we can get started:

• The Governing Board will publish criteria for inclusion in the Matrix.org room directory. They'll also tell you how you can suggest rooms and spaces for the directory.
• We're going to recommend safer defaults. Servers should not let users publish rooms unless there are appropriate filtering and moderation tools in place, and people to wield them. For instance, Element have made this change to Synapse in PR18175
• We're exploring discovery as a topic, including removing the room directory API. One promising idea is to use Spaces: servers could publish a default space, with rooms curated by the server admin. Our recent post includes some other projects we have in this area: https://matrix.org/blog/2025/02/building-a-safer-matrix/

🔗FAQs

What criteria did you use for this first pass?
We used a rough rubric: Is the room already in the room directory, and does the Foundation already protect the room with the Matrix.org Mjolnir? From there, we extended to well-moderated rooms and spaces that fit one of the following:

• Matrix client and server implementations (e.g. FluffyChat, Dendrite)
• Matrix community projects (e.g. t2bot.io)
• Matrix homeserver spaces with a solid safety record (e.g. tchncs.de, envs.net)

Why isn't the Office of the Foundation in the directory?
It didn't exist before May 2024, so the Office has never been in the directory. We're going to add it in the next few days, with a couple of other examples that fit our rough rubric.

How do I add my room/space to the list?
At the moment, you can't. The Governing Board will publish the criteria and the flow for getting on the list.

What do I do if I find a harmful room in the current directory?
You shouldn't, but if a room does have harmful content, check out How you can help

🔗Dept of Status of Matrix 🌡️

🔗Trust & Safety

Jim announces

If you are wondering what the Foundation Safety team get up to, and what we have planned, we have an update for you. Check out the post: Building a Safer Matrix

🔗Dept of Spec 📜

TravisR announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4264: Tokens for Contacting Accounts
• MSC4265: Data Protection Officer contact in /.well-known/matrix/support
• MSC4266: Policies in /.well-known/matrix/support

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

🔗Spec Update

Lots of MSC implementation and iteration is happening behind the scenes at the moment, leading to not very exciting Spec Core Team (SCT) updates :) As this implementation work progresses, the Matrix 2.0 MSCs in particular will continue to push forwards towards acceptance.

In the meantime, early versions of Extensible Profiles is up for review and today's blog post "Building a Safer Matrix" hints at some T&S spec changes expected soon.

The next spec release is expected in early March 2025 - if there's MSCs you think should be included there, let the team know in the SCT Office!

🔗Informal TI-Messenger Spec Discussion

Johannes reports

@this-week-in:matrix.org for people interested in informally discussing the Matrix-based TI-Messenger (TI-M) spec, as of today we have a public room: https://matrix.to/#/#tim-spec:matrix.org

If you haven't heard of TI-M before, in a nutshell it's a chat standard for the German healthcare system.

🔗Dept of Events and Talks 🗣️

🔗Our FOSDEM Wrap-Up post is out

Thib (m.org) reports

We could showcase our work, drown in enthusiasm, gather in smaller committee to discuss what works or what should work differently.

According to one of the FOSDEM organizers themselves we have one of the most impressive booth roster they have ever seen. We can be proud to have such a solid community!

And shout out again to our sponsors Famedly, Nordeck and Workadventure for making it possible to have such a great Fringe Event!

📚️ Read about it all and have a look at the video recordings on our blog

🔗Dept of Clients 📱

🔗Quaternion 0.0.97 (website)

A Qt5-based IM client for Matrix

kitsune reports

A new stable version of Quaternion is out, with the timeline looks getting a bit of a refresh, E2EE being unconditionally on, and a few other nice additions. Note for packagers as well as (command-line) Flatpak users: the application id has changed from com.github.quaternion to io.github.quotient_im.Quaternion. If these words don't mean anything to you, you can most likely just ignore that change. Anyway, all the details are in the release notes and links from it, as usual.

🔗Fractal (website)

Matrix messaging app for GNOME written in Rust.

Kévin Commaille announces

Due to a couple of unfortunate but important regressions in Fractal 10, we are releasing Fractal 10.1 so our users don’t have to wait too long for them to be addressed. This minor version fixes the following issues:

• Some rooms were stuck in an unread state, even after reading them or marking them as read.
• Joining or creating a room would crash the app.

This version is available right now on Flathub.

If you want to help us avoid regressions like that in the future, you could use Fractal Nightly! Or even better, you could pick up one of our issues and become part of the problem solution.

🔗Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Doug reports

We decided to postpone this week’s RC to next week so we will deliver the following features together:

• User verification is now available directly in Element X, you no longer need to use Element Web for this 🎉
• It is now possible to swipe between Media directly from the room timeline without having to go to the Media Browser.
• The Knocking feature is complete (but will remain behind a feature flag until we’re ready to launch on all platforms).

🔗Cinny v4.3.0 (website)

Cinny is a Matrix client focused on simplicity, elegance and security

Lozenge announces

We’re excited to announce the release of Cinny v4.3.0, bringing a host of improvements that make your experience even better. This update introduces a refreshed design, stronger security, and new features to enhance your overall experience.

• The App Settings have been revamped with a new look, following our Folds design system. This redesign creates a cleaner, more intuitive interface, making it easier to navigate and find what you need quickly.

• In terms of security, we’ve made a major upgrade by replacing the deprecated libolm encryption library with vodozemac. Along with this upgrade, we’ve also fixed various verification-related bugs, ensuring a smoother and more secure experience.

• Managing your devices has also been simplified. With improved device verification and simplified terminology (using MSC4161)—like Device Verification and Recovery Key—it’s now easier than ever to keep track of your devices.

• We’ve also taken privacy to the next level. Sensitive information, such as your IP address, Recovery Key, and Access token, are now hidden by default, minimizing any potential risks to your security.

• For the custom emoji lovers, you’ll be happy to know that personal emojis and stickers can now be imported in bulk, saving you time and hassle when creating personal packs.

• Additionally, users can now pin messages in rooms, making it easier to highlight important information and keep key messages front and center.

• Lastly, for our more advanced users, we’ve added Developer Tools in the app settings, giving you more control and customization options.

Thank you for being a part of the Cinny community. We’ve got even more updates coming soon! 🎉 Checkout Github release for more technical notes.

🔗Tammy (website)

Multiplatform messengers build on top of Trixnity Messenger

Benedict announces

The latest update of Tammy (1.1.4) brings a lot of bug fixes for a smoother overall experience, including fixes for device verification, message redactions, and text input issues.

Never heard of Tammy? Try it out and leave feedback at #tammy:imbitbu.de

🔗Dept of Non Chat Clients 🎛️

Timo K. announces

🔗MatrixRTC Update! ☎️

At FOSDEM, the Element VoIP team presented MatrixRTC: Building Real-Time Applications on Matrix 🎙️✨

We showcased the current state of MatrixRTC and how you can start using it today! Plus, we hacked together a simple demo to show how MatrixRTC can power real-time experiences.

We just published the demo, maybe it can serve as a resource or inspiration for your own projects!

📺 Watch the talk: MatrixRTC: Building Real-Time Applications on Matrix.

💾 Check out the demo repository: https://github.com/toger5/matrixRTC-example

#MatrixRTC #FOSDEM

🔗Rory&::MatrixUtils - General utility suite for Matrix

Emma [it/its] announces

Nothing too major, mostly just UX and performance updates :)

Changes:

• The membership history tool has been re-written! You can actually drill down to every single possible transition, while being generally faster.
• Moving a window will no longer absolutely break down. Untested with touch screens, but it should work?
• Better support for authenticated media - images flicker a lot less now, but is less reliable.
• Made the homepage more reliable, hopefully? Misconfigured homeservers should no longer throw internal exceptions.
• Logs will no longer be spammed when a tool is fetching the current session.
• Added some logic to warn about room versions with low server support (ie. v1-v6), to encourage room admins to upgrade their rooms to maximise server support (/me looks at conduit/+derivatives)
• Optimised some uncommon tools that haven't seen updates in ages.
• Fixed some long outstanding issues, such as the navigation bar link to git.

The "first party" instance is available at https://mru.rory.gay, and is a clientside-only web app!

And, as with all of the other projects:

• The code is available at cgit.rory.gay!
  • All contributions are more than welcome, be it documentation, code, layout/UI/UX improvements, anything!
• Discussion, suggestions and ideas are welcome in #mru:rory.gay

🔗Dept of SDKs and Frameworks 🧰

🔗Matrix Rust SDK (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

poljar reports

Last week, we released Matrix Rust SDK 0.10.0, marking the final version that includes support for MSC3575.

On the development side, we're making the event cache, including offline storage, more functional and ready for use. For those unfamiliar, the event cache plays a crucial role in managing all events received by a room. It constructs a high-level model of the room, which the timeline then uses to render an accurate view.

🔗Recent changes to the event cache

• Add a new benchmark to measure the time to fill a timeline with many events (#4668)
• Introduced EventCacheStore::filter_duplicated_events (#4659)
• Extract the deduplication of events out of RoomEvents (#4656)
• Handle more timeline item content kinds in replied-to details (#4649)
• Simplify the transition from an unencrypted event to encrypted (#4630)
• Maintain aggregations when an event is deduplicated (#4576)

🔗Authentication system improvements

• Only support public clients when authenticating (#4634)
• Switched from openidconnect to the oauth2 crate (#4604)
• Removed unnecessary E2EE imports in the OIDC submodule (#4553)

🔗Other notable updates

• Enforced TLS 1.2 or newer for all HTTP requests (#4647)
• Allow fetching encryption info using session ID (#4658)
• Ensured known secrets are deleted from 4S when recovery is disabled (#4629)

🔗Dept of Services 🚀

🔗🎉 Today marks 4 years of etke.cc! 🎉 (website)

Your matrix server on your conditions

Slavi reports

The etke.cc managed Matrix hosting service was launched on the 12th of February 2021 and has turned 4 years old today!

Below is an overview of improvements that have happened over the last year.

🔗Component changes

In the past year, we have launched a smaller number of components compared to last year. Most of our effort was spent on improving existing components, keeping up with upstream bridge replacements and polishing our service.

These components can be installed on existing servers upon request through our contact page.

🔗Matrix-related components

• ✨ Addition: ($3/mo) maubot - a plugin-based Matrix bot system offering a wide range of plugins
• 🚀 Replacement/Upgrade: (+$3/mo) baibot - a Large-Language-Model (LLM) bot developed by us as a replacement for our old ChatGPT bot offering. You can use it to communicate with OpenAI's ChatGPT and various other LLM providers.
• 🔄 Replacement: the old mautrix-facebook bridge was superseded by the new mautrix-meta bridge for bridging to Messenger. See our docs here.
• 🔄 Replacement: the old mautrix-instagram bridge was superseded by the new mautrix-meta bridge for bridging to Instagram. See our docs here.
• 🔄 Replacement: mx-puppet-discord was removed, in favor of the better mautrix-discord bridge we've been offering already
• 🔄 Replacement: mx-puppet-slack was removed, in favor of the better mautrix-slack bridge we've been offering already
• 🔄 Replacement: appservice-webhooks was removed, in favor of the better Hookshot bridge we've been offering already
• 🔄 Replacement: wireguard+dnsmasq was removed, in favor of the better Firezone VPN solution we've been offering already
• 🗑️ Removal: The following components were removed: mx-puppet-steam, mx-puppet-groupme, dimension. We removed them because they were not maintained upstream. Unfortunately, there's no alternative right now.

🔗Non-Matrix-related components

• ✨ Addition: (+$1/mo) [previously-offered and making a comeback] the LanguageTool proofreading software, now with optional n-grams support
• ✨ Addition: (+$5/mo) [brand new] the Funkwhale decentralized audio hosting platform
• ✨ Addition: (+$5/mo) [brand new] the PeerTube decentralized video hosting platform
• ☁️ Upgrade: (free) S3 Object Storage support was added to GoToSocial to make local disk space less of a limiting factor when scaling up
• 🔄 Replacement: We've replaced the Redis implementation twice, first with KeyDB and then with Valkey (which established itself as the leading and more compatible Redis implementation). Redis is an internal dependency component and only enabled on servers that need it.

🔗Other changes

• ✨ Addition: A new monitoring service was created to monitor the health of each server and alert customers when troubles occur.
• ✨ Addition: Our new demo service allows new and existing customers to test various components and features before ordering a Matrix server.
• ✨ Addition: A new hosted version of the synapse-admin software is now available at admin.etke.cc. We still install synapse-admin to to each customer's server as well, but the hosted version is a more bleeding-edge alternative that contains yet-unreleased features.
• ✨ Addition: synapse-admin provides exclusive features to etke.cc customers, which connect synapse-admin with etke.cc's monitoring system and scheduler bot.
• 🚀 Upgrade: HTTP/3 support was added an enabled by default to all Matrix and non-Matrix services
• 🚀 Upgrade: Our private Docker registry now supports caching and authentication via docker-registry-proxy
• 📈 Upgrade: Thanks to our new monitoring service, some customers (those packing too many services on a small VPS) became aware of high RAM utilization. As a result we've adjusted database tuning to lower RAM cap and made SWAP more aggressive.
• 📨 Upgrade: Overdue payments alerts are now delivered both to Matrix and email, ensuring important notifications are not missed.
• 📨 Upgrade: DKIM support was added to the mailing service (exim-relay) used by all components, to improve email deliverability when the Matrix server sends outgoing emails. Last year, we added DKIM support to the Postmoogle email bridge so this is a continuation of that effort.
• 🆘 Upgrade: We've migrated our customer support system from Matrix (powered by Honoroit and Postmoogle) to Freescout (self-hosted via our own mash-playbook). Using a dedicated customer support system has proven to be more manageable compared to dealing with chat threads in Matrix.
• 🆘 Upgrade: New orders are now followed by an Order Status page that simplifies the completion process. It contains instructions for next steps regarding DNS settings and other configuration requirements.
• 🆘 Upgrade: The scheduler bot now supports a new price command, which provides an overview of server costs with detailed breakdown by components
• 🧑 Upgrade: We have finally added an About page to our website. Thankfully, it took us less than 4 years to get to it.

🔗Free-software work

We've continued our work on the free-software (AGPLv3) Ansible mega-playbook - mash-playbook, which has grown to include 110+ components.

As part of our work over the past year, we have also developed and released as free-software (AGPLv3) the following new tools:

• ✨ Brand New: baibot - a Large-Language-Model (LLM) bot that you can talk to via Matrix, based on OpenAI's ChatGPT or other LLM providers. This new bot is available to etke.cc customers, as mentioned above.
• ✨ Brand New: Docker Registry Proxy - a caching and authentication proxy for Docker registries
• ✨ Brand New: Synapse User Auto Eraser - tool for automatically erasing users and their media using Synapse Admin API. This is used internally in our new demo service to keep the server small and clean. See the Other changes section for more details.
• 🔀 Fork: etkecc/synapse-admin - we forked original synapse-admin software (created by Awesome Technologies) to implement often requested Quality-Of-Life changes - see the highlights. We've made 37 releases already.

We've also done a lot more. Keep an eye on our GitHub for more.

🔗Numbers

• 🏗️ We've installed 700+ Matrix servers in total, out of which 250 new ones.
• 🔄 Pushed 391 updates and enhancements to the automation framework used as the service core (this does not count the number of updates to the components and upstream projects themselves).
• 📢 Posted 56 updates in the announcements room, so you're always up-to-date with what we're working on.

For those interested in previous etke.cc birthday posts:

• 3 years celebration post
• 2 years celebration post
• 1 year celebration post

🔗Matrix Federation Stats

Aine [don't DM] announces

collected by MatrixRooms.info - an MRS instance by etke.cc

As of today, 10620 Matrix federateable servers have been discovered by matrixrooms.info, 3155 (29.7%) of them are publishing their rooms directory over federation. The published directories contain 162675 rooms.

Stats timeline is available on MatrixRooms.info/stats

How to add your server | How to remove your server

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	bfo.shork.ch	190.5
2	nexy7574.uk	282
3	bi-vibes.com	296
4	littlevortex.net	310
5	codestorm.net	318.5
6	nerdhouse.io	389.5
7	tomfos.tr	474
8	pissing.dev	503
9	play.matrix.toys	602.5
10	halogen.place	901

🔗That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

To learn more about how to prepare an entry for TWIM check out the TWIM guide.

N.B. this post is also available in German below.

🔗Introduction

Right now, the world needs secure communication more than ever. Waves of security breaches such as the “Salt Typhoon” compromise of the telephone network’s wiretap system have led the FBI to advise US citizens to switch to end-to-end-encrypted communication. Geopolitical shifts painfully highlight the importance of privacy-preserving communication for vulnerable minorities, in fear of being profiled or targeted. Meanwhile the International Rules-Based Order is at risk like never before.

We built Matrix to provide secure communication for everyone - to be the missing communication layer of the Open Web. This is not hyperbole: Matrix is literally layered on top of the Web - letting organisations run their own servers while communicating in a wider network. As a result, Matrix is “decentralised”: the people who built Matrix do not control those servers; they are controlled by the admins who run them - and just as the Web will outlive Tim Berners-Lee, Matrix will outlive us.

Matrix itself is a protocol (like email), defined as an open standard maintained by The Matrix.org Foundation C.I.C - a UK non-profit incorporated in 2018 to act as the steward of the protocol; to coordinate the protocol’s evolution and to work on keeping the public Matrix network safe. The Foundation is funded by donations from its members (both individuals and organisations), and also organises the Matrix.org homeserver instance used by many as their initial home on the network.

Much like the Web, Matrix is a powerful technology available to the general public, which can be used both for good and evil.

The vast majority of Matrix’s use is constructive: enabling collaboration for open source software communities such as Mozilla, KDE, GNOME, Fedora, Ubuntu, Debian, and thousands of smaller projects; providing a secure space for vulnerable user groups; secure collaboration throughout academia (particularly in DACH); protecting healthcare communication in Germany; protecting national communication in France, Germany, Sweden and Switzerland; and providing secure communication for NATO, the US DoD and Ukraine. You can see the scope and caliber of the Matrix ecosystem from the talks at The Matrix Conference in September.

However, precisely the same capabilities which benefit privacy-sensitive organisations mean that a small proportion of members of the public will try to abuse the system.

We have been painfully aware of the risk of abuse since the outset of the project, and rather than abdicating responsibility in the way that many encrypted messengers do, we’ve worked steadily at addressing it. In the early days, even before we saw significant abuse, this meant speculating on approaches to combat it (e.g. our FOSDEM 2017 talk and subsequent 2020 blog post proposing decentralised reputation; now recognisable in Bluesky’s successful Ozone anti-abuse system and composable moderation). However, these posts were future-facing at the time - and these days we have different, concrete anti-abuse efforts in place.

In this post, we’d like to explain where things are at, and how they will continue to improve in future.

🔗What we do today

The largest use of our funding as a Foundation is spent on our full-time Safety team, and we expanded that commitment at the end of 2024. On a daily basis, the team triage, investigate, identify and remove harmful content from the Matrix.org server, and remove users who share that material. They also build tooling to prevent, detect and remove harmful content, and to protect the people who work on user reports and investigations.

The humans who make up the Foundation Trust & Safety team are dedicated professionals who put their own mental health and happiness in jeopardy every day, reviewing harmful content added by people abusing the service we provide. Their work exposes them to harms including child sexual exploitation and abuse (CSEA), terrorist content, non-consensual intimate imagery (NCII), harassment, hate, deepfakes, fraud, misinformation, illegal pornography, drugs, firearms, spam, suicide, human trafficking and more. It’s a laundry list of the worst that humanity has to offer. The grim reality is that all online services have to deal with these problems, and to balance the work to detect and remove that content with the rights of their users. We’re committed to that work, and to supporting the Trust & Safety team to the best of our ability — we are very grateful for their sacrifice.

🔗Safety Tooling on Matrix

The Safety team tackles safety from two perspectives: keeping the users on the Matrix.org server safe, and helping to make the wider Matrix network as a whole safe, secure and private. For the latter, we contribute to the development of the Matrix specification, engage with the Matrix ecosystem, and consult with governments, law enforcement, civil society groups, academia and industry groups. We also invest in open source tooling to help the ecosystem with this problem. For the former, we employ a mix of proactive and reactive approaches to online harms.

The Matrix Specification includes a system for reporting rooms, messages and users to your homeserver, API endpoints for server admins to lock, suspend and deactivate users, mechanisms for quarantining harmful media and redacting unwanted messages. We use all of these, receiving hundreds of reports per week from users of the Matrix.org server and emails to our reporting address.

Additionally, we scan room names and titles on the Matrix.org server using a variety of keyword lists, and highlight matches for human review. We also maintain a moderation bot called Mjolnir, which we use to moderate our community rooms, and offer as open source for other communities to use. Behind the scenes, we have tools to help the frontline safety team to investigate rooms, users and messages, and to take action where there is abuse.

When we identified abuse of the Matrix.org server room directory, we froze the directory and removed abusive rooms. In the near future, we’ll be moving to a curated directory, to stop it being used as an advertising system for abuse. It’s worth noting that historically Matrix has unintentionally given a platform to abuse with the concept of these “room directories”, which (unlike other encrypted messengers like Signal or Threema or WhatsApp) allow any user to advertise public chatrooms without needing admin approval - this is a mistake we deeply regret, and will address by switching to curated room directories in general.

🔗Approaches to tackling CSEA

One of our main focuses is tackling child sexual exploitation and abuse. We abhor CSEA, and have always explicitly called it out in our Terms and Conditions as something we work with law enforcement to combat. We deploy tooling and specific techniques to arrest the spread of CSEA on the Matrix.org server:

• We work with the Internet Watch Foundation (IWF), National Center for Missing and Exploited Children (NCMEC), cybertip.ca, the Australian eSafety Commissioner and other parties. (Element, who runs the Matrix.org server on behalf of the Foundation, has been an active member of IWF since 2020).
• We work with law enforcement in the UK and the US.
• We’ve consulted with groups like the Lucy Faithfull Foundation and Columbia SIPA to learn from their expertise.
• We use Cloudflare’s CSAM detection APIs on unencrypted content on Matrix.org.
• We use the IWF Hash, URL and Keyword lists from the IWF on unencrypted content on Matrix.org.
• We block rooms, remove media and suspend users who participate in rooms dedicated to sharing CSEA.
• We engage productively with and welcome robust critique from civil society groups, and invite them to join us in tackling CSEA. Check out the How you can help section below for details.

🔗Recent Updates

Over the past six months, we’ve invested in improved tooling for the frontline team who review user reports. We’ve sponsored the addition of account suspension to the Matrix Specification, and added a mass redaction API endpoint for the most popular Matrix server implementation, Synapse, so that both the Matrix.org server and other server instances in the ecosystem can benefit. Suspension gives us reversible account enforcement, which means we can develop more automated systems for faster takedown ahead of investigation. This should reduce the time that illegal material is accessible, while enhancing the rights and protections of our users. We’ve also recently added authenticated media, stopping abuse of Matrix as a content distribution network. We worked with the IWF on this project, following reports of abuse of Matrix servers as a content delivery mechanism for ICAP sites.

🔗The Matrix Community

The wider Matrix community has strong anti-abuse initiatives, which we are deeply encouraged by. In particular, the work on the Draupnir moderation bot project and the Community Moderation Effort (CME) are excellent additions to the safety ecosystem on Matrix. At the server tooling level, Awesome Technologies’ synapse-admin tool and the fork by etke.cc are great examples of how open source ecosystems can contribute to safety tooling. We celebrate their work, and hope to see more grass-roots developments in the coming months and years.

🔗What we are working on

Reporting
While we have a functional reporting system, we can make it better. In particular, users will receive updates on their reports and outcomes of those investigations. We’ll improve how users are notified about moderation action taken on their account, and how they can appeal those decisions. The entire ecosystem will benefit from these improvements, as we will contribute them to the Matrix Spec.

Discovery & Project Intercept
We’re in the early stages of a project to tackle the search and discovery of CSEA. We’ve had productive conversations with the Lucy Faithfull Foundation and Project Intercept about effective steps to redirect harmful search queries on Matrix.org for that kind of content.

Transparency Reporting
Accountability is important, so we’re aiming to start releasing transparency reports for Matrix.org this year. The project is nascent, but we’ll share details and invite contributions as we get closer to making it a reality. We’ll be working closely with the Governing Board on this project. We are hopeful that adding transparency reports will support our applications to join industry groups like GIFCT, Tech Against Terrorism and Tech Coalition.

Terms of Service updates
We’re overhauling our terms of service to make it clearer what content is forbidden, and how to report it to us. Where we use proactive scanning techniques, we’ll make that clear in the terms, including how to appeal decisions made by automated systems.

Open source our tooling
As we improve the tooling we use to manage safety on Matrix.org, we want to share our work. We’ll talk more about our goals here in future updates. We’re also engaging with the work of open source safety tooling that ROOST are doing, as one of their partners.

Meeting and beating our obligations under the Online Safety Act
We’re based in the UK, and we’ve engaged productively with the Online Safety Act since its conception. That includes our continued robust opposition to threats to end-to-end encryption. We already employ perceptual hash matching for CSEA content in unencrypted rooms, and we will continue to invest in this area, to work towards faster and more accurate takedowns, while respecting the privacy of our users.

Talking about our work, sharing what we learn
A fair criticism of the Foundation is that we haven’t shared publicly about what we do to keep Matrix.org users safe enough, nor what we do to ensure that Matrix as a platform has safe foundations. Let’s change that in 2025, starting with this post.

🔗How you can help

🔗As a user of Matrix

If you encounter harmful content on Matrix, you can report it in a few ways:

• If you are a Matrix.org homeserver user, you can report the content from your client, and it will head to our Trust & Safety team. Matrix clients like Element iOS now allow users to report rooms, and we understand it will be available in Element X, Element Android and Element Web soon.
• If you use another Matrix server, you can report to your server administrator from your client too.
• If you are not a Matrix user, or if you are a user on another homeserver who wants to let us know about harmful content on Matrix.org, you can email us at abuse@matrix.org with the information you have. Room IDs and user IDs are very helpful. Please don't send us screenshots of harmful content — we'll let you know if we need more information.

🔗If you run a Matrix server

• Open registration is disabled by default in Synapse, and we support that default. If your server offers open registration, you must invest in a safety team to provide appropriate moderation coverage, and mitigate the risks of allowing unknown users to use your server.
• Review who is signing up for your server, and the rooms that your server joins.
• Review reports from your users, and take action to remove harmful content they report. You should check your legal obligations in the country you host your server.
• Work with other server operators to share information about harmful rooms and users. You can reach out to our Safety team at abuse@matrix.org to start that conversation.

🔗Civil Society Groups, Academia and Industry Groups

We welcome the help of civil society groups and academics working in this area. Please reach out to abuse@matrix.org with your contact details and area of interest, and we'll talk. We're very interested in bringing on trusted flaggers, so if you want to send us reports, please let us know. Challenging the spread of online harm needs all parts of the puzzle to work together, and we’re looking to be a good example of how tech can work for society. For industry groups, we’d love to work with you, to share experiences and to learn from each other. The barriers to entry for these groups are a challenge, and we’d welcome your help in participating.

🔗Law Enforcement

Please check out our guidelines here: https://matrix.org/legal/law-enforcement-guidelines/

🔗Funding

The tech industry under-invests in Safety. We’re trying to do things better, and Safety is the largest line item in the Matrix.org Foundation budget. This investment is despite the challenges we face in our ongoing attempts to raise funds to support the development of Matrix and open software generally. We rely on donations to operate. Big public and private organizations use the work we do, often without contributing back to support that work financially. It would be easy to sacrifice Trust & Safety spending given that set of economic constraints, but we’re trying to find a better path through. If you would like to fund our work on safety, please reach out to the Foundation at funding@matrix.org.

---

🔗Für mehr Schutz in Matrix

🔗Einleitung

Gerade jetzt braucht die Welt mehr denn je sichere Kommunikation. Wellen von Sicherheitsverletzungen wie der „Salt Typhoon“, der das Abhörsystem des Telefonnetzes kompromittierte, haben das FBI veranlasst, den US-Bürgern zu raten, auf eine Ende-zu-Ende-verschlüsselte Kommunikation umzusteigen. Geopolitische Veränderungen machen schmerzlich deutlich, wie wichtig der Schutz der Privatsphäre bei der Kommunikation für gefährdete Minderheiten ist, die befürchten, profiliert oder ins Visier genommen zu werden. Gleichzeitig ist die regelbasierte internationale Ordnung so gefährdet wie nie zuvor.

Wir haben Matrix entwickelt, um sichere Kommunikation für alle zu ermöglichen - um die fehlende Kommunikationsschicht des Open Web zu sein. Das ist keine Übertreibung: Matrix ist buchstäblich eine Schicht über dem Web, die es Organisationen ermöglicht, ihre eigenen Server zu betreiben und gleichzeitig in einem größeren Netzwerk zu kommunizieren. Folglich ist Matrix „dezentralisiert“: Die Leute, die Matrix entwickelt haben, kontrollieren diese Server nicht; sie werden von den Administratoren kontrolliert, die sie betreiben - und so wie das Web Tim Berners-Lee überleben wird, wird Matrix uns überleben.

Matrix selbst ist ein Protokoll (wie E-Mail), das als offener Standard definiert ist und von der Matrix.org Foundation C.I.C. gepflegt wird - einer gemeinnützigen britischen Stiftung, die 2018 gegründet wurde, um als Verwalterin des Protokolls zu fungieren, die Weiterentwicklung des Protokolls zu koordinieren und das öffentliche Matrix-Netzwerk sicher zu halten. Die Stiftung wird durch Spenden ihrer Mitglieder (sowohl Einzelpersonen als auch Organisationen) finanziert und organisiert auch die Matrix.org-Homeserver-Instanz, die von vielen als erste Heimat im Netzwerk genutzt wird.

Ähnlich wie das Internet ist auch Matrix eine mächtige Technologie, die der Allgemeinheit zur Verfügung steht und sowohl zum Guten als auch zum Bösen eingesetzt werden kann.

Die überwiegende Mehrheit der Matrix-Nutzung ist konstruktiv: Sie ermöglicht Zusammenarbeit in Open-Source-Software-Communities wie Mozilla, KDE, GNOME, Fedora, Ubuntu, Debian und tausende kleinerer Projekte; sie bietet einen sicheren Raum für gefährdete Benutzergruppen; sichere Zusammenarbeit in der gesamten akademischen Welt (insbesondere in der DACH-Region); Schutz der Kommunikation im Gesundheitswesen in Deutschland; Schutz der nationalen Kommunikation in Frankreich, Deutschland, Schweden und der Schweiz; und sichere Kommunikation für die NATO, das US-DoD und die Ukraine. Aus den Vorträgen auf der Matrix-Konferenz im September ist der Umfang und das Kaliber des Matrix-Ökosystems klar ersichtlich.

Genau die gleichen Fähigkeiten, die datenschutzsensiblen Organisationen zugute kommen, bedeuten jedoch, dass ein kleiner Teil der Öffentlichkeit versuchen wird, das System zu missbrauchen.

Wir waren uns dieses Missbrauchsrisikos von Anfang an bewusst, und anstatt uns der Verantwortung zu entziehen, wie es viele verschlüsselte Messenger tun, haben wir kontinuierlich daran gearbeitet, dieses Problem zu addressieren. In den frühen Tagen, noch bevor wir signifikanten Missbrauch sahen, bedeutete dies, dass wir über Ansätze zur Bekämpfung des Missbrauchs spekulierten (z. B. unser Vortrag auf der FOSDEM 2017 und der darauffolgende Blogbeitrag 2020, in dem wir eine dezentrale Reputation vorschlugen; heute erkennbar in Blueskys erfolgreichem Ozone-System zur Missbrauchsbekämpfung und der modularen Moderation). Damals waren diese Beiträge jedoch zukunftsorientiert - und heute wenden wir andere konkrete Methoden zur Missbrauchsbekämpfung an.

In diesem Beitrag möchten wir erklären, wo die Dinge heute stehen und wie sie sich in Zukunft weiter verbessern werden.

🔗Unsere aktuelle Arbeit

Der größte Teil unserer Mittel als Stiftung wird für unser Vollzeit-Trust-&-Safety-Team verwendet, und wir haben dieses Engagement Ende 2024 erweitert. Das Team kümmert sich täglich um die Sichtung, Untersuchung, Identifizierung und Entfernung schädlicher Inhalte vom Matrix.org-Server und entfernt Nutzer, die dieses Material teilen. Darüber hinaus entwickelt es Werkzeuge zur Verhinderung, Erkennung und Entfernung schädlicher Inhalte und zum Schutz der Mitarbeiter, die an den Berichten und Untersuchungen der Nutzer arbeiten.

Die Menschen, die das Trust & Safety Team der Stiftung bilden, sind engagierte Fachleute, die jeden Tag ihre eigene geistige Gesundheit und ihr Wohlbefinden aufs Spiel setzen, indem sie schädliche Inhalte überprüfen, die von Menschen hinzugefügt wurden, die den von uns angebotenen Dienst missbrauchen. Bei ihrer Arbeit sind sie Gefahren ausgesetzt, darunter sexuelle Ausbeutung und Missbrauch von Kindern (CSEA), terroristische Inhalte, nicht einvernehmliche intime Bilder (NCII), Belästigung, Hass, Deepfakes, Betrug, Fehlinformationen, illegale Pornografie, Drogen, Schusswaffen, Spam, Selbstmord, Menschenhandel und mehr. Es ist eine Wäscheliste mit dem Schlimmsten, was die Menschheit zu bieten hat. Die düstere Realität ist, dass sich alle Online-Dienste mit diesen Problemen auseinandersetzen und die Arbeit zur Erkennung und Entfernung dieser Inhalte mit den Rechten ihrer Nutzer in Einklang bringen müssen. Wir haben uns dieser Arbeit verschrieben und unterstützen das Trust & Safety Team nach besten Kräften - wir sind sehr dankbar für ihre Aufopferung.

🔗Schutzwerkzeuge für Matrix

Das Trust & Safety Team befasst sich mit dem Thema Schutz aus zwei Blickwinkeln: Schutz für die Nutzer des Matrix.org-Servers und Schutz für das gesamte Matrix-Netzwerk als Ganzes. Für letzteres tragen wir zur Entwicklung der Matrix-Spezifikation bei, stehen im engen Austausch mit anderen im Matrix-Ökosystem und beraten uns mit Regierungen, Strafverfolgungsbehörden, zivilgesellschaftlichen Gruppen, Hochschulen und Industriegruppen. Wir investieren auch in Open-Source-Werkzeuge, um das Ökosystem bei diesem Problem zu unterstützen. Für ersteres setzen wir eine Mischung aus proaktivem und reaktivem Vorgehen gegen Online-Missbrauch ein.

Die Matrix-Spezifikation umfasst ein System zur Meldung von Räumen, Nachrichten und Nutzern an Ihren Homeserver, API-Endpunkte für Serveradministratoren zum Sperren, Suspendieren und Deaktivieren von Nutzern, Mechanismen zur Quarantäne von schädlichen Medien und zum Entfernen unerwünschter Nachrichten. Wir nutzen all diese Möglichkeiten und erhalten wöchentlich Hunderte von Meldungen von Benutzern des Matrix.org-Servers und E-Mails an unsere Meldeadresse.

Darüber hinaus scannen wir Raumnamen und -titel auf dem Matrix.org-Server anhand einer Reihe von Schlüsselwortlisten und unterziehen Übereinstimmungen einer menschlichen Überprüfung. Wir pflegen auch einen Moderations-Bot namens Mjolnir, den wir zur Moderation unserer Community-Räume verwenden und als Open Source für andere Communities zur Verfügung stellen. Hinter den Kulissen verfügen wir über Werkzeuge, die dem Trust & Safety Team an vorderster Front helfen, Räume, Benutzer und Nachrichten zu untersuchen und Maßnahmen zu ergreifen, wenn Missbrauch vorliegt.

Als wir den Missbrauch des Serverraumverzeichnisses von Matrix.org feststellten, haben wir das Verzeichnis eingefroren und missbräuchliche Räume entfernt. In naher Zukunft werden wir zu einem kuratierten Verzeichnis wechseln, um zu verhindern, dass es als Werbesystem für Missbrauch genutzt wird. Es ist erwähnenswert, dass Matrix in der Vergangenheit mit dem Konzept dieser „Raumverzeichnisse“ unbeabsichtigt eine Plattform für Missbrauch geschaffen hat, da diese (im Gegensatz zu anderen verschlüsselten Messengern wie Signal oder Threema oder WhatsApp) jedem Nutzer erlauben, öffentliche Chaträume aufzulisten, ohne dass eine Genehmigung des Administrators erforderlich ist - dies ist ein Fehler, den wir zutiefst bedauern und den wir durch den Wechsel zu kuratierten Raumverzeichnissen im Allgemeinen beheben werden.

🔗Strategien gegen sexuellen Kindesmissbrauch und Ausbeutung (CSEA)

Einer unserer Schwerpunkte ist der Kampf gegen die sexuelle Ausbeutung und den Missbrauch von Kindern. Wir verabscheuen sexuelle Ausbeutung von Kindern (CSEA) und haben in unseren Nutzungsbedingungen immer ausdrücklich darauf hingewiesen, dass wir mit den Strafverfolgungsbehörden zusammenarbeiten, um sie zu bekämpfen. Wir setzen Werkzeuge und spezielle Techniken ein, um die Verbreitung von CSEA auf dem Matrix.org-Server zu unterbinden:

• Wir arbeiten mit der Internet Watch Foundation (IWF), dem National Center for Missing and Exploited Children (NCMEC), cybertip.ca, dem Australian eSafety Commissioner und anderen Parteien zusammen. (Element, das den Matrix.org-Server im Auftrag der Stiftung betreibt, ist seit 2020 aktives Mitglied der IWF).
• Wir arbeiten mit Strafverfolgungsbehörden im Vereinigten Königreich und in den USA zusammen.
• Wir haben uns mit Gruppen wie der Lucy Faithfull Foundation und Columbia SIPA beraten, um von deren Fachwissen zu lernen.
• Wir verwenden die CSAM-Erkennungs-APIs von Cloudflare für unverschlüsselte Inhalte auf Matrix.org.
• Wir verwenden die IWF-Hash-, URL- und Schlüsselwortlisten der IWF für unverschlüsselte Inhalte auf Matrix.org.
• Wir sperren Räume, entfernen Medien und suspendieren Benutzer, die an Räumen teilnehmen, die dem Austausch von CSEA gewidmet sind.
• Wir stehen in produktivem Austausch mit zivilgesellschaftlichen Gruppen und begrüßen deren fundierte Kritik und laden sie ein, gemeinsam mit uns gegen CSEA vorzugehen. Weitere Informationen finden Sie weiter unten im Abschnitt Wie Sie helfen können.

🔗Aktuelle Maßnahmen

In den letzten sechs Monaten haben wir in verbesserte Werkzeuge für das Frontline-Team investiert, das Nutzerberichte überprüft. Wir haben die Aufnahme der Kontosperrung in die Matrix-Spezifikation unterstützt und einen API-Endpunkt für Massenlöschung für die am weitesten verbreitete Matrix-Server-Implementierung, Synapse, hinzugefügt, damit sowohl der Matrix.org-Server als auch andere Serverinstanzen im Ökosystem davon profitieren können. Bei der Kontosperrung können wir die Moderation von Konten umkehren, was bedeutet, dass wir mehr automatisierte Systeme für eine schnellere Löschung vor der Untersuchung entwickeln können. Dadurch sollen die Zeit, in der illegales Material zugänglich ist, verkürzt und gleichzeitig die Rechte und der Schutz unserer Nutzer gestärkt werden. Außerdem haben wir kürzlich Authentifizierung für Medien hinzugefügt, um den Missbrauch von Matrix als Netzwerk zur Verbreitung von Inhalten zu unterbinden. Wir haben bei diesem Projekt mit der IWF zusammengearbeitet, nachdem Berichte über den Missbrauch von Matrix-Servern als Content-Delivery-Mechanismus für ICAP-Seiten eingegangen waren.

🔗Die Matrix Community

Die breitere Matrix-Community hat starke Initiativen zur Missbrauchsbekämpfung, die uns sehr ermutigen. Insbesondere die Arbeit am Draupnir-Moderationsbot-Projekt und der Community Moderation Effort (CME) sind hervorragende Ergänzungen zum Schutzökosystem von Matrix. Auf der Ebene der Server-Werkzeuge sind Synapse-Admin von Awesome Technologies und der Fork von etke.cc großartige Beispiele dafür, wie Open-Source-Ökosysteme zu Schutzwerkzeugen beitragen können. Wir freuen uns über ihre Arbeit und hoffen, dass wir in den kommenden Monaten und Jahren weitere auf eigenen Füßen stehende Entwicklungen sehen werden.

🔗Woran wir gerade arbeiten

Reporting
Wir haben zwar ein funktionierendes Meldesystem, aber wir können es noch besser machen. Insbesondere werden künftig die Nutzer Updates zu ihren Berichten und den Ergebnissen dieser Untersuchungen erhalten. Wir werden die Art und Weise verbessern, wie Nutzer über Moderationsmaßnahmen in ihrem Konto benachrichtigt werden und wie sie diese Entscheidungen anfechten können. Das gesamte Ökosystem wird von diesen Verbesserungen profitieren, da wir sie in die Matrix Spezifikation einbringen werden.

Identifizierung & Project Intercept
Wir befinden uns in der Anfangsphase eines Projekts, das sich mit der Suche und Identifizierung von CSEA befasst. Wir hatten produktive Gespräche mit der Lucy Faithfull Foundation und Project Intercept über wirksame Schritte zur Umleitung schädlicher Suchanfragen auf Matrix.org für diese Art von Inhalten.

Transparenz Reporting
Rechenschaftspflicht ist wichtig, deshalb wollen wir dieses Jahr mit der Veröffentlichung von Transparenzberichten für Matrix.org beginnen. Das Projekt befindet sich noch im Anfangsstadium, aber wir werden Einzelheiten bekannt geben und um Unterstützung und Mitwirkung bitten, sobald wir der Verwirklichung näher kommen. Wir werden bei diesem Projekt eng mit dem Matrix.org-Verwaltungsrat (Governing Board) zusammenarbeiten. Wir hoffen, dass das Hinzufügen von Transparenzberichten unsere Anträge auf Mitgliedschaft in Branchengruppen wie GIFCT, Tech Against Terrorism und Tech Coalition unterstützen wird.

Aktualisierungen der Nutzungsbedingungen
Wir überarbeiten unsere Nutzungsbedingungen, um deutlicher zu machen, welche Inhalte verboten sind und wie man sie uns melden kann. In den Fällen, in denen wir proaktive Scanning-Techniken einsetzen, werden wir dies in den Bedingungen klarstellen, einschließlich der Frage, wie man gegen Entscheidungen automatischer Systeme Einspruch erheben kann.

Unsere Werkzeuge als Open Source freigeben
Während wir die Werkzeuge für das Schutzmanagement auf Matrix.org verbessern, wollen wir unsere Arbeit mit anderen teilen. Wir werden in zukünftigen Beiträgen mehr über unsere Ziele sprechen. Als einer der Partner von ROOST beteiligen wir uns auch an der Arbeit an Open-Source-Schutzwerkzeugen.

Erfüllung und Übertreffen unserer Verpflichtungen gemäß dem Online Safety Act
Wir sind im Vereinigten Königreich ansässig und haben uns von Anfang an produktiv mit dem Online Safety Act auseinandergesetzt. Dazu gehört auch, dass wir uns weiterhin entschieden gegen die Bedrohung der Ende-zu-Ende-Verschlüsselung wehren. Wir setzen bereits den Perceptual Hash Matching für CSEA-Inhalte in unverschlüsselten Räumen ein und werden weiterhin in diesen Bereich investieren, um schnellere und genauere Abschaltungen zu erreichen und gleichzeitig die Privatsphäre unserer Nutzer zu respektieren.

Über unsere Arbeit sprechen und unsere Erkenntnisse teilen
Eine berechtigte Kritik an der Stiftung lautet, dass wir nicht viel darüber gesprochen haben, was wir tun, um den Schutz der Matrix.org-Nutzer zu gewährleisten, und auch nicht darüber, was wir tun, um sicherzustellen, dass Matrix als Plattform ein sicheres Fundament hat. Das wollen wir im Jahr 2025 ändern, angefangen mit diesem Artikel.

🔗Wie Sie helfen können

🔗Als Nutzer von Matrix

Wenn Sie auf Matrix auf schädliche Inhalte stoßen, können Sie diese auf verschiedene Weise melden:

• Wenn Sie den Matrix.org-Homeserver nutzen, können Sie die Inhalte von Ihrem Client aus melden, und sie werden an unser Trust & Safety Team weitergeleitet. Matrix-Clients wie Element iOS ermöglichen es Nutzern, Räume zu melden, und wir wissen, dass dies bald auch in Element X, Element Android und Element Web verfügbar sein wird.
• Wenn Sie einen anderen Matrix-Server verwenden, können Sie die Meldung ebenfalls von Ihrem Client aus an Ihren Server-Administrator senden.
• Wenn Sie kein Matrix-Nutzer sind oder wenn Sie ein Nutzer auf einem anderen Homeserver sind und uns über schädliche Inhalte auf Matrix.org informieren möchten, können Sie uns eine E-Mail mit den Informationen, die Sie haben, an abuse@matrix.org schicken. Raum- und Benutzerkennungen sind sehr hilfreich. Bitte schicken Sie uns keine Bildschirmfotos von schädlichen Inhalten - wir werden Ihnen Bescheid geben, wenn wir weitere Informationen benötigen.

🔗Als Matrix-Server-Betreiber

• Die offene Registrierung ist in Synapse standardmäßig deaktiviert, und wir befürworten diese Voreinstellung. Wenn Ihr Server eine offene Registrierung anbietet, müssen Sie in ein Trust & Safety Team investieren, um eine angemessene Moderation zu gewährleisten und die Risiken zu minimieren, die entstehen, wenn Sie unbekannten Benutzern die Nutzung Ihres Servers erlauben.
• Überprüfen Sie, wer sich auf Ihrem Server anmeldet und in welchen Räumen Ihr Server Mitglied ist.
• Überprüfen Sie die Meldungen Ihrer Nutzer und ergreifen Sie Maßnahmen, um gemeldete schädliche Inhalte zu entfernen. Überprüfen Sie Ihre rechtlichen Verpflichtungen in dem Land, in dem Sie Ihren Server betreiben.
• Arbeiten Sie mit anderen Serverbetreibern zusammen, um Informationen über schädliche Räume und Nutzer auszutauschen. Sie können sich an unser Trust & Safety Team unter abuse@matrix.org wenden, um dieses Gespräch zu beginnen.

🔗Zivilgesellschaftliche Gruppen, Wissenschaft und Industrieverbände

Wir begrüßen die Unterstützung aus zivilgesellschaftlichen Gruppen und der Wissenschaft, die in diesem Bereich arbeiten. Bitte wenden Sie sich an abuse@matrix.org und teilen Sie uns Ihre Kontaktdaten und Ihr Interessengebiet mit, damit wir uns austauschen können. Wir sind sehr daran interessiert, vertrauenswürdige Berichterstatter hinzuzuziehen; wenn Sie uns also Berichte schicken möchten, melden Sie sich bitte bei uns. Um die Ausbreitung von Online-Missbrauch zu bekämpfen, müssen alle Teile des Puzzles zusammenarbeiten, und wir wollen ein gutes Beispiel dafür sein, wie Technik eine positive Auswirkung auf die Gesellschaft haben kann. Wir würden gerne mit Branchengruppen zusammenarbeiten, Erfahrungen austauschen und voneinander lernen. Die Eintrittsbarrieren für diese Gruppen sind eine Herausforderung, und wir würden uns freuen, wenn Sie uns helfen würden, sie abzubauen.

🔗Strafverfolgungsbehörden

Bitte lesen Sie unsere Leitlinien hier: https://matrix.org/legal/law-enforcement-guidelines/

🔗Finanzierung

Die Tech-Industrie investiert zu wenig in Schutz. Wir versuchen, es besser zu machen, und Schutz ist der größte Posten im Haushalt der Matrix.org Stiftung. Diese Investition erfolgt trotz der Herausforderungen, denen wir uns bei unseren ständigen Versuchen gegenübersehen, Mittel zur Unterstützung der Entwicklung von Matrix und Open Source Software im Allgemeinen aufzubringen. Wir sind für unseren Betrieb auf Spenden angewiesen. Große öffentliche und private Organisationen nutzen die von uns geleistete Arbeit, oft ohne einen finanziellen Beitrag zu leisten. Es wäre einfach, die Ausgaben für Trust & Safety angesichts dieser wirtschaftlichen Zwänge zu opfern, aber wir versuchen, einen besseren Weg zu finden. Wenn Sie unsere Arbeit im Bereich Schutz finanziell unterstützen möchten, wenden Sie sich bitte an die Stiftung unter funding@matrix.org.

The Matrix.org Foundation and its growing community were once again present at the biggest OSS conference in Europe, and it's been a tremendous success! It was an opportunity for us to gather, share ideas and debate about ongoing topics, meet the broader FOSS community and present our work.

🔗Fringe Event

With 8000 visitors, FOSDEM is primarily a place to share your work with others and present the latest developments to those interested. But it's not necessarily the best venue for conversations within the community about topics that are still in-flight.

Because so many people are doing the trip to gather in a single city, it remains a good opportunity to gather your own community in a more intimate setting. This is precisely what Fringe Events happening before or after FOSDEM are about.

Workadventure, Nordeck and Famedly generously sponsored the 60 pizzas and €1500 worth of drinks at the event to keep us refreshed and fed! Our deepest gratitude to them and the Brussels Hackerspace HSBXL for giving us a place to gather.

The barcamp / unconference format we adopted allowed participants to mention what they were interested in talking or hearing about, with the help of Yan Minagawa who is a fantastic event facilitator!

Some people were comfortable getting their talk recorded, but some were not. You can find the full list of talk recordings in our Fringe Event YouTube playlist.

🔗Booth

The Matrix booth was located in the realtime communications corner, next to the XMPP and Linphone friends who have been lovely neighbors. Shout out to the XMPP gang in particular for setting up the Realtime Comms Lounge with bean bags that must have been a logistical nightmare to bring to FOSDEM!

The booth was very crowded, we got plenty of enthusiastic visitors telling us what they love about Matrix, with occasional minor support requests. People have been overwhelmingly supportive and curious about the future of Matrix.

We gave away 100 T-shirts in less than a day, asking people for a donation to the Foundation in exchange for the T-shirt. If you didn't already, you can make a donation today!

This year the booth has been opened up to the broader ecosystem and volunteers, and that was a significant success. Many thanks to the whole roster: Dominik, Milton, Sumner, td, Nico, Kim, weeman, Nadine, Timo, Anoa, Greg, Bram, Robin T, stereo, BenP, Will, Neil, Florian and everyone who showed up at the booth to support the crew!

A special thought to MatMaul, Robin and Hans v. Zijst who volunteered but fell sick and took the right decision not to spread germs. You were missed, but you did the right thing.

🔗Main Track Talk

Matthew had a Main Track Talk in Janson "The Road to Mainstream Matrix" in which he covers the history of Matrix, why things are what they are today, how the vendors' strategy support Matrix' mission, and what's coming next.

Today's Matrix Live: https://youtube.com/watch?v=lkCKhP1jxdk

Give it a watch if you want to learn more about the new State Resolution algorithm, MLS, Post Quantum Matrix, the future of the matrix-rust-sdk and what this means for the matrix-js-sdk, Trust & Safety.

🔗Matrix Devroom

Right after Matthew's talk we had the Matrix.org Foundation & Community Devroom. The full schedule is available on FOSDEM's website.

The talks covered a variety of topics ranging from technical issues to community ones. If you want to learn more about the state of Synapse, how federation works, using the rust sdk with WASM or even why the Ubuntu community is switching to Matrix, head to the schedule or to our YouTube Playlist with all the talks.

You can find all the videos

• Directly on FOSDEM's website
• Or on our YouTube Channel: Devroom Playlist, FOSDEM 2025 Playlist

Thanks to all speakers and Yan Minagawa again for MCing the devroom!

🔗Community & Ecosystem

If you're an individual and you can afford it, please support the Foundation or become a member so we can keep organizing these events and spread the word about your favorite sovereign, decentralized and E2EE communications protocol.

If you're an organization and you rely on Matrix one way or another, please become an organizational member to ensure the Foundation can keep maintaining an unencumbered specification, protect the Matrix brand and community, and contribute to the efficiency of the protocol.

Finally, if you missed us at FOSDEM, make sure to follow us on our socials to be informed of the next events we will organize or attend! Follow us either on the fediverse, on LinkedIn, on Bluesky or even on the most decentralized of all, by subscribing to our RSS feed.

🔗Matrix Live

Today's Matrix Live: https://youtube.com/watch?v=lkCKhP1jxdk

🔗Dept of Status of Matrix 🌡️

Quentin Gliech reports

This week we released Matrix Authentication Service 0.13.0!

This is a big release, as we haven't done one since September.

It is fixing a lot of small issues, but here are a few of the big highlights:

• The email verification has been completely reworked, meaning that accounts don't require a valid email address on them anymore! They are still required for open password registrations, but MAS won't nag you anymore to add an email to your account.
• No more spurious logouts when consuming a refresh token! That was a recurring annoyance for people using Element X in poor network conditions.
• It now reliably provisions users to Synapse! Sometimes, MAS would just stop provisioning new sessions if, for some reason, it lost connections to Postgres. This is a thing of the past, as now MAS has a reliable job queue.
• New translations! MAS is now available in Czech, Dutch, Estonian, English, French, German, Portuguese, Simplified Chinese, Swedish, and Ukrainian. If you'd like to help MAS get translated to your language, head out to our Localazy project
• Better support for non-OIDC upstream OAuth 2.0 providers. Support for 'social login' options like Google or Sign-in with Apple went from 'good' to 'great', with many UI improvements.

Upgrading should be as easy as grabbing the latest Docker image or the pre-built binaries, restarting the service and voilà!

Feel free to stop by #matrix-auth:matrix.org to join in on the discussion and if you encounter a bug make sure to report it here.

🔗Dept of Spec 📜

TravisR announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4263: Preventing MXID enumeration via key queries
• MSC4262: Sliding Sync Extension: Profile Updates
• MSC4261: "Do not encrypt for device" flag

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

🔗Spec Updates

There's not a ton of updates this week: the team is focusing on reviewing Matrix 2.0 MSCs to move them towards release. The team is also thinking about when to release the spec this calendar quarter, and may aim for late February or early March.

Watch this space for updates :)

🔗Dept of Servers 🏢

🔗Synapse (website)

Synapse is a Matrix homeserver implementation developed by Element

~creme reports

envs has put together a small tool for Synapse to block temporary email addresses during user registration and stop invite spam.

You can find the Repo and more details at: https://github.com/envs-net/synapse_blocklist_module

🔗Dept of Ops 🛠

🔗matrix-tf-aws

A Fully Automated Terraform Deployment for Matrix on AWS

rsb_tbg reports

Hey everyone, check out my newly public Terraform module on GitHub! It fully automates the deployment of a Synapse homeserver along with 0-4 currently-supported Mautrix bridges (Discord, Signal, Telegram, WhatsApp) on AWS—no manual setup required.

🔗🔧 What’s Included?

The module provisions the following resources:

✅ VPC & Networking – Private/public subnets, NAT, security groups
✅ ECS Cluster – Runs Synapse and selected Mautrix bridges
✅ EFS & Access Points – Persistent storage for Synapse
✅ Aurora PostgreSQL – Scalable, managed database
✅ S3 Buckets – Storage for configs and logs
✅ TLS Certificate – Secure HTTPS for your ALB
✅ Dynamic Secrets – No hardcoded tokens/passwords; all are auto-generated
✅ And other resources to connect everything together

🔗🚀 Getting Started

All you need before launching:

🔹 A Route 53 domain for your Matrix homeserver name
🔹 If using the Telegram bridge, a Telegram API ID & hash

Once you initialize the module with Terraform, you’ll have the option to customize configurations and registration files to fit your needs. You can even modify them post-deployment and simply run terraform apply to apply the changes.

🔗 Check it out here: https://github.com/matrix-tf/matrix-tf-aws

It’s super easy to use—whether you’re setting up your first Matrix server or already a pro. Hope it helps! 🚀

🔗Dept of Events and Talks 🗣️

🔗FOSDEM

Thib (m.org) says

If you want to see what's been happening behind the scenes to organize Matrix' presence at FOSDEM this year, I blogged about my perspective as an attendee, booth organizer, and devroom organizer.

A proper wrap-up post from the Foundation is coming, once we'll have all the recordings published!

🔗Matrix Retreat 2025: Workation in Thailand

HarHarLinks announces

Greetings from Thailand! You may have heard previously about a Matrix-related technology-retreat in Thailand this winter. Well, it’s happening as we speak! Some of us have made our way, directly following FOSDEM, to the beautiful island of Koh Phangan in the gulf of Thailand. We are staying in Tongsala working our day jobs across two coworking spaces. The seven of us will be joined by two more tomorrow, with most of us staying until the 17th of March where we will be attending FOSSASIA, operating a Matrix Stand, giving some talks [1] [2] [3], and handing out stickers which we brought despite limited baggage allowance (priorities!). If you have, or know anyone who has, contacts to Matrix enthusiasts in Asia - or if you want to come join us, please get in touch via #workation-nation-matrix-thailand-2025:datanauten.de! Outside of work, we are exploring Matrix-related tech-projects including a Matrix RTC call recorder, a message search, and the rust-matrix-web. We look forward to updating you on our progress!

🔗Dept of Guides 🧭

Matthew reports

Anil, head of the Energy and Environment Research Group at the University of Cambridge just published a fun guide for how to use hookshot for webhooks in Matrix: https://anil.recoil.org/notes/enter-the-matrix-hookshot

🔗Matrix Federation Stats

Aine [don't DM] announces

collected by MatrixRooms.info - an MRS instance by etke.cc

As of today, 10712 Matrix federateable servers have been discovered by matrixrooms.info, 3177 (29.7%) of them are publishing their rooms directory over federation. The published directories contain 22325 rooms.

Stats timeline is available on MatrixRooms.info/stats

How to add your server | How to remove your server

🔗Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	girlboss.ceo	226
2	codestorm.net	257
3	nexy7574.uk	281.5
4	play.matrix.toys	308
5	maunium.net	325
6	nerdhouse.io	353
7	ncat.cafe	373.5
8	puppygock.gay	386
9	13-48-182-158.cprapid.com	393
10	synapse.rntpts.de	492

🔗That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

To learn more about how to prepare an entry for TWIM check out the TWIM guide.

🔗Dept of Status of Matrix 🌡️

Thib (m.org) announces

FOSDEM was a huge success for the Matrix.org Foundation and community this year again!

• 🍕60 pizzas and an uncountable amount of drinks at the Fringe event
• 👕 100 t-shirts sold at the booth on the first day!!
• 🧑‍🏫 A completely packed devroom
• 🤝 Many great conversations at the booth

Shout out to Workadventure, Nordeck and Famedly who sponsored the Fringe Event and kept us refreshed and fed. And a huge thanks to everybody who showed up at the booth either to staff it or to say a kind word, bring constructive criticism, or have a casual conversation.

A more detailed wrap up post will be published this week. In the meantime, I’m leaving FOSDEM with a sense that we are doing the right thing, going in the right direction, and that people notice. I'm looking forward to meeting you all again, as well as those who couldn't make it to FOSDEM!

🔗Dept of Spec 📜

TravisR says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4260: Reporting users (Client-Server API)
• MSC4259: Bulk Profile Sync API for Federation
• MSC4258: Federated User Directory
• MSC4257: Profiles Arent Auth: Move profile contents to a separate event
• MSC4256: RFC 9420 MLS mode Matrix

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• MSC4239: Room version 11 as the default room version
• MSC4133: Extending User Profile API with Key:Value Pairs

Closed MSCs:

• No MSCs were closed/rejected this week.

🔗Spec Updates

Many of the SCT members are at FOSDEM this weekend to talk to folks about Matrix, so won't be doing too much MSC review, but we've still got the next-gen auth MSCs at the highest priority for review once everyone is back!

We're also looking to cut a release of the spec soon, possibly in February, with as many Matrix 2.0 features as possible - if there's an MSC you think should be in this release, let us know in the #sct-office:matrix.org room on Matrix :)

🔗Dept of Servers 🏢

🔗Synapse (website)

Synapse is a Matrix homeserver implementation developed by Element

Devon Dmytro says

This week we released Synapse v1.123.0.

This release adds the following new features:

• Implement MSC4133 for custom profile fields. Contributed by @clokep. (#17488)
• Add a query parameter type to the Room State Admin API that filters the state event. (#18035)
• Support the new /auth_metadata endpoint defined in MSC2965 (OAuth 2.0 Authorization Server Metadata discovery). (#18093)

... and a whole lot more!

Thank you to all our contributors for helping to make Synapse the best it can be. As always, feel free to stop by #synapse:matrix.org to join in on the discussion and if you encounter a bug make sure to report it here.

🔗Dept of Clients 📱

🔗Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Mauro Romito says

• Knocking, alongside security and privacy settings work is almost completed, recently a testing session was done, where we determined that the features work well, and require only some small polishing before release
• Media gallery also received a lot of improvements and updates and is being closer to get completed
• Today we release our first RC with calendar versioning, which will soon become the new standard for marking releases
• Some small design improvements were made for the DM Details view
• Alongside some improvements for the macOS version

🔗Element X Android (website)

Android Matrix messenger application using the Matrix Rust SDK and Jetpack Compose.

benoit reports

• Knocking, alongside security and privacy settings work is almost completed, recently a testing session was done, where we determined that the features work well, and require only some small polishing before release (yes, I have shamefully copied what Mauro said about EXI 🙈)
• It will be possible to swipe between media when open from the timeline in the next release. Previously it was only possible to scipe when the media was opened from the gallery.
• Next release will be versioned using calendar versioning, so that it will be easier to know the release date and also how old is a particular release just by knowing its version. Also iOS and Android will share the same version!

🔗Tammy (website)

Multiplatform messengers build on top of Trixnity Messenger

Benedict reports

Tammy just got a new release! This update brings speed boosts, fresh features, and tons of fixes to make your messaging experience smoother than ever.

✨ What’s New?

• Typing indicators in the room list – see who’s responding in real time!
• A sleek new image details view for a better media experience.
• Send attachments with Enter for quicker sharing on Desktop.
• Under-the-hood improvements to make Tammy even faster and more reliable.

⚠️ Heads-up! We had to change the database, so you’ll need to log in again. Should we ever have more Tammy users and this happens again, we will do an automatic migration. It's just not worth it at the moment.

Checkout the new Tammy version at https://tammy.connect2x.de and give us feedback in https://matrix.to/#/#tammy:imbitbu.de 🚀

🔗Dept of VoIP 🤙

🔗Element call on Room Kit (Cisco) devices

Emma [it/its] reports

You may or may not have seen my demo at FOSDEM last saturday. In short, I've been working with Robert on integrating Element Call into the closed garden ecosystem of Cisco's meeting devices. This gives businesses and government agencies a migration flow to Matrix, without having to spend a large amount of money on new hardware - by meeting them where they are at.

In the current state of things, we're able to join a call, but dont yet have any interface for interacting with the call once it's running, but it's a great start!

If you're interested, join us in #roomos-matrixrtc:rory.gay, though we do hang out in #webrtc:matrix.org quite regularly aswell!

Today's Matrix Live: https://youtube.com/watch?v=HvdKdjZZLyU

🔗Dept of SDKs and Frameworks 🧰

🔗Trixnity (website)

Multiplatform Kotlin SDK for developing Clients, Bots, Appservices and Servers

Benedict reports

A new version of Trixnity is out! The release brings massive performance enhancements to Trixnity, significantly improving sync processing efficiency. Processing times have been boosted by up to 5x, while RAM usage has been slashed by the same factor. These improvements were achieved by optimizing how the cache interacts with the local database—bypassing the cache entirely when no listeners are active. On top of this, the cache now supports rollbacks, which helps maintain consistency between the cache and the database, even in edge cases.

A noteworthy change in this release is the removal of support for the Realm database. As Realm-Kotlin is no longer actively maintained or compatible with the latest Kotlin versions, we’ve decided to discontinue its support. However, there’s good news! The Androidx Room database implementation has been fixed and is now a solid alternative for those seeking a reliable, cross-platform database solution.

In addition to these major updates, the release includes several smaller but impactful improvements and bug fixes. For example, refresh token support has been added. Be sure to check out the full changelog for all the details.

🔗Dept of Bots 🤖

🔗Draupnir (website)

A moderation bot for open Matrix communities

Gnuxie 💜🐝 announces

We have released Draupnir v2.1.0 with some bug fixes in the wake of the v2.0.2 release:

• Some moderators noticed that on upgrading from v1.87.0 to v2.0.* some rooms would appear unprotected. It later turned out that the functionality for the config option protectAllJoinedRooms was missing from this release. We've now fixed this and also updated the !draupnir rooms command to show which rooms Draupnir is and isn't protecting. Your rooms should be automatically protected again on upgrading to v2.1.0.

• The config option commands.allowNoPrefix has been fixed again. Some commands would interact badly with the setting in the v2.0.* releases, this has now been fixed.

• Functionality has been added in conjunction with protectAllJoinedRooms to automatically unprotect rooms that it has been kicked from and notify the management room.

A couple other issues have been fixed around Draupnir startup time, and manually entering safe mode, so checkout the CHANGELOG if you are interested in those. As always you can find us in #draupnir:matrix.org. Thank you to everyone who has been promptly reporting bugs and making these fixes possible <3

🔗Dept of Events and Talks 🗣️

🔗Matrix User Meetup Berlin

saces says

Next Matrix user meetup 4.2.2025, 8 pm @ c-base

Meet other matrix users, chat about Matrix, the rest, and everything else, discuss your Matrix ideas, sign each other in persona, and maybe spice the evening with a good mate or beer.

Every first Wednesday of the month in the c-base at 8pm ('til the next pandemic).

Matrix room: #mumb:c-base.org

🔗Dept of Guides 🧭

🔗Matrix Spec for Dash & Zeal: Looking for help

Christian Paul (jaller94) announces

Hi everyone, for the past 2.5 years I've submitted new versions of the Matrix Spec to Dash and Zeal. Dash is a documentation browser which works offline. Zeal is an open source browser supporting the same docset format.

The Matrix Spec is built with Hugo and in v1.13 the Hugo config changed enough to break my build script. Currently, I'm unable to release new docsets as these require relative URLs in all HTML files.

Is anyone using this docset? Can someone help to maintain this or figure out the changes needed for v1.13?

https://github.com/matrix-org/matrix-spec/issues/583#issuecomment-2615430745

🔗Matrix Federation Stats

Aine [don't DM] announces

collected by MatrixRooms.info - an MRS instance by etke.cc

As of today, 10438 Matrix federateable servers have been discovered by matrixrooms.info, 3094 (29.6%) of them are publishing their rooms directory over federation. The published directories contain 22196 rooms.

Stats timeline is available on MatrixRooms.info/stats

How to add your server | How to remove your server

🔗Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	codestorm.net	252.5
2	bi-vibes.com	262.5
3	nerdhouse.io	353
4	littlevortex.net	402
5	tomfos.tr	517.5
6	mtest.eyer.life	521
7	flauschwelle.de	545
8	lewd.social	546
9	rom4nik.pl	598

🔗That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

To learn more about how to prepare an entry for TWIM check out the TWIM guide.

🔗Matrix Live

Today's Matrix Live: https://youtube.com/watch?v=RvVC0wNgNC0

🔗Dept of Events and Talks 🗣️

🔗Matrix@FOSDEM 2025

As a reminder Matrix will again be present at FOSDEM this year!

As always, FOSDEM is free to attend and will happen at the 1. and 2. of February. Additionally we will have a fringe event on the 31st of January. You can find more information in the "Matrix in full force at FOSDEM" blog post.

Additionally please be aware that the Health and Safety Policy for the fringe event will be the same as the one of the Matrix Conference. Extremely briefly: You need to wear a mask while indoors, except while eating and drinking.

🔗Dept of Spec 📜

Andrew Morgan (anoa) {he/him} reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4253: Modifying or rejecting accepted MSCs
• MSC4252: Extensible Events modification: State event handling
• MSC4250: Authenticated media v2 (Cookie authentication for Client-Server API)

MSCs in Final Comment Period:

• MSC4213: Remove server_name parameter from join and knock endpoints (merge)

Accepted MSCs:

• No MSCs were accepted this week.

MSCs in Proposed Final Comment Period:

• MSC4133: Extending User Profile API with Key:Value Pairs
• MSC3765: Rich text in room topics
• MSC3266: Room summary API
• MSC4239: Room version 11 as the default room version
• MSC3757: Restricting who can overwrite a state event
• MSC4183: Additional Error Codes for submitToken endpoint

Closed MSCs:

• MSC3575: Sliding Sync (aka Sync v3)
  • Superseded by MSC4186: Simplified Sliding Sync
• [WIP] MSC4097: Interactions between media redirection and authentication
  • Replaced by spec-independent approaches.

🔗Spec Updates

As suggested from folks in the TWIM room, the above status now contains MSCs that are currently in proposed Final Comment Period. The hope is that this directs attention to MSCs that are close to being either merged/closed.

Let me know what you think!

🔗Dept of Servers 🏢

🔗Synapse (website)

Synapse is a Matrix homeserver implementation developed by Element

Matthew announces

In Chapter 46 of Element’s neverending mission to persuade enormous Matrix deployments to contribute to Synapse and Matrix development costs, we’ve put out a blog post explaining precisely what Synapse Pro is, why it exists, and why if you base a huge national Matrix deployment on open source Synapse it will fail - https://element.io/blog/scaling-to-millions-of-users-requires-synapse-pro/

Andrew Morgan (anoa) {he/him} announces

This week the Element team released Synapse v1.122.0. Please note that the minimum required version of PostgreSQL is now 13 - upgrade your DB cluster if necessary!

Otherwise this release contains a number of nice additions to the module API and the Admin API. It also stabilises the implementation of MSC3823: Account Suspension.

The usual round of bug fixes and dependency upgrades are also present. Enjoy and thanks!

🔗matrix-media-repo (website)

Matrix media repository with multi-domain in mind.

TravisR announces

matrix-media-repo v1.3.8 is out now! This release is a security release with other bug fixes and features contained within. Operators are encouraged to update as soon as possible.

Highlights from the changelog are:

• Fix GHSA-rcxc-wjgw-579r / CVE-2024-56515
• Fix GHSA-gp86-q8hg-fpxj / CVE-2024-52791
• Fix GHSA-r6jg-jfv6-2fjv / CVE-2024-52602
• Guests are now able to upload media, as per MSC4189.
• Federated servers will have their Authorization headers parsed correctly now, giving them a higher chance at being able to download media.

If you run into issues upgrading, please visit #media-repo:t2bot.io on Matrix, or open issues in the issue tracker.

🔗Dendrite (website)

Second generation Matrix homeserver

Till announces

This week we released Dendrite 0.14.1! This is a security release with just one additional fix for loading server ACLs.

gomatrixserverlib, which is powering Dendrite, was vulnerable to server-side request forgery under certain conditions. CVE-2024-52594/GHSA-4ff6-858j-r822 has been fixed by implementing Allow and Deny lists for network requests.

Loading server ACLs on startup has seen a huge improvement, this is mostly noticeable on larger instances with many ACL'd rooms.

On the PR side of things: There is a work in progress PR, adding support for MSC3861 and the matrix-authentication-service which is quite exciting.

Like always, feel free to join us at #dendrite:matrix.org if you encounter any issues or for Dendrite-related discussions.

🔗Dept of Clients 📱

🔗gomuks android

tulir says

I made an Android wrapper for gomuks web using GeckoView to get push notifications. There are a bunch of other new features too, read https://mau.fi/blog/2025-01-mautrix-release/ for more info

🔗Fractal (website)

Matrix messaging app for GNOME written in Rust.

Kévin Commaille says

In this cold weather, we hope Fractal 10.rc will warm your hearts. Let’s celebrate this with our own awards ceremony:

• The most next-gen addition goes to… making Fractal OIDC aware. This ensures compatibility with the upcoming authentication changes for matrix.org.
• The most valuable fix goes to… showing consistently pills for users and rooms mentions in the right place instead of seemingly random places, getting rid of one of our oldest and most annoying bug.
• The most sensible improvement goes to… using the send queue for attachments, ensuring correct order of all messages and improving the visual feedback.
• The most underrated feature goes to… allowing to react to stickers, fixing a crash in the process.
• The most obvious tweak goes to… removing the “Open Direct Chat” menu entry from avatar menu and member profile in direct chats.
• The clearest enhancement goes to… labelling experimental versions in the room upgrade menu as such.

As usual, this release includes other improvements, fixes and new translations thanks to all our contributors, and our upstream projects.

It is available to install via Flathub Beta, see the instructions in our README.

As the version implies, it should be mostly stable and we expect to only include minor improvements until the release of Fractal 10.

If you are wondering what to do on a cold day, you can try to fix one of our newcomers issues. We are always looking for new contributors!

🔗Element X Android (website)

Android Matrix messenger application using the Matrix Rust SDK and Jetpack Compose.

benoit announces

Working on the media gallery. It will be possible to swipe between media (images and videos) when displaying media in full screen. For the first iteration, and because of technical - temporary - limitations, it will be possible only when coming from the gallery (navigate to Room settings / Media and files).

Also finalizing (?) the work on the Knock feature.

A technical note: there has been an update on how we configure the log of the SDK, it's now limited to setting a log level.

🔗Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

benoit announces

We are publishing a new release of Element Android (v1.6.28), that will advertise user to migrate to Element X if they want to create an account on a homeserver with MAS support. As a reminder, matrix.org will migrate to MAS in a near future. This is the first step of redirecting user to Element X, which will become the main client that Element will support on Android and iOS platforms.

Also, Element Android is now dual-licensed: AGPL-3.0 and commercial license.

🔗Dept of Widgets 🧩

🔗Miro to Matrix-Neoboard converter

MTRNord (they/them) announces

As a weekend project I wanted to solve the usecase we got at work where we develop Neoboard but mainly still use Miro for a lot of things. Hence, I wrote a tool to migrate :)

You can find it hosted at https://miro-export.neoboard.midnightthoughts.space/. Note that it requires you to be logged in to Miro to work, but then it allows also using urls.

You can also find the source code at https://gerrit.midnightthoughts.space/gitweb?p=neoboard-miro-converter.git;a=summary

🔗Catches/Gotchas

• Neoboard lacks feature compatibility
  • Arrows do not show up the same
  • Sticky notes don't have dedicated rendering
  • No border colors
• Miro API doesn't tell me the position of unattached lines -> Unable to export those

  

🔗Dept of SDKs and Frameworks 🧰

🔗Rory&::LibMatrix (website)

.NET 8 matrix bot/client library/SDK

Emma [it/its] says

I've been hard at work squashing compile warnings! Hopefully pushing those in a few days? User impact is not expected for those changes. Not worth a separate TWIM post: Fixed a bug in Rory&::MatrixUtils that caused some tools to crash when you have an invalid session logged in. Additionally: I hope you had a great new year!

🔗Changes

• Trim leading slashes out of well-known URIs. LibMatrix and anything that uses it (hello Rory&::MatrixUtils!) should now work more reliably for homeservers!
• Update dependencies, keeping us up to date with the latest bug fixes and security improvements.
• Allow building all parts of LibMatrix without depending on a local checkout of ArcaneLibs. This should help with packaging LibMatrix in NuGet/... in the future, making LibMatrix far more accessible for developers!

And, as always:

• The code is available at cgit.rory.gay (or Github - read only, may be outdated)!
  • All contributions are more than welcome, be it documentation, code, anything! Perhaps, example usecases, bots, ...?
• Discussion, suggestions and ideas are welcome in #libmatrix:rory.gay (Space: #mru-space:rory.gay)
• Got a cool project that you're working on and want to share, using LibMatrix? Be sure to let us know, we'd love to hear all about it!

🔗Matrix Rust SDK (2025-01-17) (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jorge reports

First of all, we have some important updates about Sliding Sync vs Simplified Sliding Sync:

Sliding Sync exists in 2 MSC: 3575 and 4186 (aka Simplified Sliding Sync). As announced, after a period where both MSC were supported, it's time to “deprecate” MSC3575. Here is the PR that removes the support of MSC3575 in the SDK. The plan is to merge it next week.

Besides that, we kept working on the persistent event cache storage, and some other topics:

• The time when an event is added to the send queue is stored in some metadata so the send queue has a better understanding on how stale the event is. Thanks @zzorba! (#4385).
• A new RoomPrivacySettings helper was added through Room::privacy_settings to customise a room's aliases, join rules, visibility, etc. (#4401).
• We fixed a bug where we incorrectly discarded previous batch tokens when the persistent event cache storage is disabled, which caused some events to be missing while paginating (#4495).
• When a room is forgotten by the SDK, we now also clear all the events related to it from the event cache (#4521).
• Fixed a bug where UTD events where always added to any timeline unconditionally while syncing, including those that filter out events such as the pinned events timeline or the media one (#4525).
• Added a Room::own_membership_details function to get both the current user's room member details and the ones of the sender of that room member event. Also, the FFI RoomMember struct now also contains the optional reason for the membership change (#4529).
• We now handle redactions of redacted events (#4533).
• Fix a bug that caused the logs at the FFI layer to be way too verbose (#4542).

🔗Dept of Services 🚀

🔗etke.cc (website)

Your matrix server on your conditions

Aine [don't DM] reports

🔗Synapse Admin Updates

A while back, we at etke.cc announced our Synapse-Admin fork. This week, we’re excited to introduce a new feature and more bugfixes!

Account Data Tab for Users

You can finally see what's inside your users' account data! It is extremely handy for bots using account data as main data store

Respect base url when loading config.json

If you serve Synapse Admin under a subdir (e.g. example.com/admin), this one is for you! Previously Synapse Admin attempted to fetch config.json as-is, completely ignoring the base url you use

Respect other GET params when reading SSO login token

Previously, Synapse Admin extracted loginToken using regular expressions, and that didn't work well if you have any other GET params (like server). Well, the issue is no more!

Explore the source code or try the admin.etke.cc (CDN version). Don’t forget to join the discussion in #synapse-admin:etke.cc

🔗Dept of Bots 🤖

🔗Draupnir (website)

A moderation bot for open Matrix communities

Gnuxie 💜🐝 says

Draupnir 2.0 is finally out!

The 2.0-beta programme has concluded and the long-awaited Draupnir 2.0 is here, bringing substantial improvements to moderation for public Matrix rooms. This update reflects over a year of hard work and community feedback.

🔗A Milestone for Matrix moderation

This release marks a turning point for Draupnir, which has become an essential tool for moderators across Matrix's open communities. With the introduction of new features and optimizations, the bot is easier to use and more capable than ever.

The key improvements are:

• Intuitive Prompts: Routine tasks like protecting rooms or watching policy lists are now as simple as inviting the bot and clicking a reaction. Prompts in the management room replace many manual commands.
• Faster and Smarter: Draupnir now caches room state using a persistent revision system, significantly reducing the need to query homeservers. An optional room state backing store also cuts startup time dramatically.
• Resilient and Recoverable: The new Safe Mode feature can diagnose and recover from configuration problems by using the bot's familiar prompts and commands UI.
• Revamped Protections: The protections system has been overhauled, offering better hooks into room state, community membership, and policy changes. Protection settings and configurations are now also easier to manage.

In addition to hundreds of other fixes and smaller changes that add up to make a big difference. For full details, see the release notes. Thank you to everyone who contributed to Draupnir in any way to making this release possible, whether that was reporting an issue, feature request, or coming to talk in #draupnir:matrix.org.

🔗Matrix Federation Stats

Aine [don't DM] announces

collected by MatrixRooms.info - an MRS instance by etke.cc

As of today, 10589 Matrix federateable servers have been discovered by matrixrooms.info, 3152 (29.8%) of them are publishing their rooms directory over federation. The published directories contain 20436 rooms.

Stats timeline is available on MatrixRooms.info/stats

How to add your server | How to remove your server

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	nexy7574.uk	212
2	codestorm.net	234
3	synapse.rntpts.de	279
4	pissing.dev	283
5	matrix.sp-codes.de	363
6	girlboss.ceo	424
7	tomfos.tr	489
8	transgender.ing	559.5
9	matrix6.rainerzufall.click	678
10	melthecat.dev	740

🔗That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

To learn more about how to prepare an entry for TWIM check out the TWIM guide.

Check also out the Office of the Governing Board if you want to get more involved in the Matrix community.

The Matrix.org homeserver will see changes related to authentication in Q1 2025. The team will turn off guest account access on Matrix.org on January 16th and roll out Matrix Authentication Service (MAS) to embrace Matrix 2.0 after February 10. Client developers need to ensure their clients support the required changes.

🔗What is MAS

Matrix Authentication Service is Matrix's next-generation authentication stack. It allows for more flexible authentication journeys without requiring client developers to support every one of them.

You can find all the technical details in Quentin's Matrix Conf talk, Harder Better Faster Stronger Authentication with OpenID Connect.

🔗What's the impact

Client developers need to ensure that their projects support the requirements listed on areweoidcyet.com and, more precisely, the requirements listed in MSC3824.

Developers can already use beta.matrix.org to see if their clients are compatible with MAS. If you notice anything that doesn't work as intended, make sure to give your feedback on those MSCs. If clients work on beta.matrix.org, they will be able to connect to matrix.org after the rollout.

Homeserver administrators from the public federation don't have to worry about this deployment. MAS only affects the APIs between the clients and the server, so this deployment only impacts clients connecting to matrix.org. Federation APIs, used for servers to talk to each other, remain unchanged.

🔗Disabling guest accounts

Guest accounts are a legacy Matrix feature that allows clients to create temporary, limited technical accounts to participate in specific rooms that allow it.

The Matrix.org Foundation would have liked to find an efficient way to let people create guest accounts when joining a conversation and then turn them into fully fledged accounts later. Nobody in the ecosystem found resources to design and implement such a user journey, and guest accounts ended up being used for technical reasons, like displaying room previews or badges via shields.io.

Those accounts make up a significant load on the matrix.org homeserver. For that reason, the Matrix.org Foundation has decided to disable them at least temporarily to save precious resources and go ahead with the rollout of the new authentication stack.

The Matrix.org Foundation is open to re-enabling guests accounts once it has the financial capacity to support them. If guest accounts on matrix.org are important to you and your business, please join the Matrix.org Foundation as a supporting member to contribute to its financial sustainability.

We encourage developers using guest access for room information, such as topics, aliases, or member counts, to utilize the endpoint proposed by MSC3266. This endpoint is publicly accessible without authentication and can serve as an alternative resource until guest access is reinstated in a more robust form.

We appreciate your understanding as we take these steps to enhance the user experience on Matrix.org.

🔗Dept of Status of Matrix 🌡️

Matthew reports

The 2024 Matrix Holiday Special: https://matrix.org/blog/2024/12/25/the-matrix-holiday-special-2024/

🔗Dept of Clients 📱

🔗SchildiChat (website)

SchildiChat is a fork of Element for Android and Desktop, that used to focus on UI changes such as message bubbles and a unified chat list, but now also provides some additional tweaks and community-driven features that may not be on the roadmap for the upstream clients.

SpiritCroc says

Over the holidays, I added two new (old) features to SchildiChat Next (our Element X Android fork) that I've been missing since switching to the new codebase.

First, inline images and custom emotes are now rendered again, so you don't miss out when users on other clients or certain bridges send these. If you prefer not having images rendered in text message, you can also disable them via a setting, in order to render the fallback text instead - rather than not rendering anything at all as done previously.

Second, I added back the functionality to fetch and render previews for links found in text messages, so you have a better idea what to expect before clicking them. For now, this is an experimental setting, so remember to enable it first if you want to try it out once it lands in the next release.

🔗Neochat (website)

A client for matrix, the decentralized communication protocol

Tobias Fella says

This week, Kai Uwe has worked on improving the notifications showing the progress of a file upload or download.

James has continued to bring thread support to neochat, this time by making it possible to reply to an existing thread.

Carl has created new UI for various right-click menus that shows up as a drawer when using NeoChat on a mobile device.

🔗Fractal (website)

Matrix messaging app for GNOME written in Rust.

Kévin Commaille announces

🎶 Vive le vent ! Vive le vent ! Vive le vent d’hiver ! 🌲 And vive Fractal 10.beta! While everyone is resting for the holidays, we thought you could use a new release. It focuses on improvements and bug fixes, including:

• Videos were often not playing after loading in the room history, this was fixed, and we also show properly when an error occurred.
• Computing the size of media messages was slightly wrong, which meant that sometimes a grey line would appear below them. We rebooted the code and that problem is gone!
• Our CSS file was a bit too big for our taste, so we decided to make use of SASS and split it.
• We were downloading too many different sizes for avatar images, which would fill the media cache needlessly. We now only download a couple of sizes. This has the extra benefit of fixing blurry or missing thumbnails in notifications.

As usual, this release includes other improvements, fixes and new translations thanks to all our contributors, and our upstream projects.

It is available to install via Flathub Beta, see the instructions in our README.

As the version implies, there might be a slight risk of regressions, but it should be mostly stable. If all goes well the next step is the release candidate!

If you have a little bit of time on your hands, you can try to fix one of our newcomers issues. Anyone can make Fractal better!

🔗Dept of SDKs and Frameworks 🧰

🔗libQuotient (website)

A Qt5 library to write cross-platform clients for Matrix

kitsune announces

🔗libQuotient 0.9.2

While working on the next Quaternion beta (sorry to those waiting - the holiday present is not coming this year), the number of improvements in libQuotient reached a point where it's worth making a new maintenance release - so here it is. Aside from, also long awaited, initial threads support in the library (thanks to NeoChat's nvrwhere) it's fixes and cleanup over the place. The notes and the Git tag are at the usual place. Happy New Year everyone!

🔗Dept of Events and Talks 🗣️

🔗Matrix Salon Podcast: Fabian about Alertrix (German episode)

Christian Paul (jaller94) announces

Meet Fabian, who develops Alertrix. This customised chat is going to help firefighters coordinate their emergency responses. It's currently funded by the German Prototype Fund and Fabian gave a presentation at the Matrix Conference where we also recorded this episode. You can find the community room at https://matrix.to/#/#community:alertrix.net.

• RSS feed: https://anchor.fm/s/cdb34188/podcast/rss
• Episode on Spotify: https://open.spotify.com/episode/7GI3ek9chZr3VYhMCC0TIs?si=JUoNg1XjRbCB3SFeLdgmdg
• Mastodon post: https://mastodontech.de/@jaller94/113726065155521630

This marks the 20th episode of the podcast and the end of the current backlog. 🥳 Message me your suggestions for which community members you'd like to see featured in 2025.

🔗38C3

HarHarLinks announces

Dear TWIM, I'm writing you from the train back home after having visited 38C3 in Hamburg, the 38th edition of Chaos Communication Congress by the German Chaos Computer Club. Like yesteryear, #community-events:matrix.org organised the matrix community assembly there; you can imagine it as a kind of crossover of the Matrix #fosdem-2025-barcamp:matrix.org booth and a workshop area. We offered some "office hours" for people but many also dropped by around the clock with their questions, to get some of the official Matrix.org hoodies or T-shirts we could offer (thanks Thib for making this possible!), or simply to celebrate and socialise. We had a small assembly project driven by Nico who brought the materials to build an LED cube which once set up visitors could control through Matrix chat commands. As a small game, we hid small plastic rabbits around the whole congress center, which attendees could find and bring back to us to receive our wonderful assembly badge designed by Nadine. We also offered 2 workshops, one being another instance of Tune Your Chat, a project to collect all the neat small tips and tricks to tweak your Matrix experience, and for the other we were joined for a discussion by the creators of the "Standardised Messenger Audit – Frontend" catalog from the office of the German Federal Commissioner for Data Protection and Freedom of Information, published earlier this year. And of course we also took another group photo! If you are interested in joining us next time or for one of the many events we visit in the meantime, you can join #chaosevents:matrix.org specifically for appearances at CCC events or #community-events:matrix.org for even more.

Happy new year and see you at #fosdem-2025-barcamp:matrix.org!

🔗Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	codestorm.net	229.5
2	ncat.cafe	301
3	littlevortex.net	444.5
4	girlboss.ceo	452.5
5	beeper.com	463
6	matrix.org	493
7	melthecat.dev	532
8	transgender.ing	538.5
9	eyer.life	597.5
10	tomfos.tr	637

🔗That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

To learn more about how to prepare an entry for TWIM check out the TWIM guide.

Hi all,

Once again we celebrate the end of another year with the traditional Matrix Holiday Special! (see also 2023, 2022, 2021, 2020, 2019, 2018, 2017, 2016 and 2015 just in case you missed them).

This year, it is an incredible relief to be able to sit down and write an update which is overwhelmingly positive - in stark contrast to the rather mixed bags of 2022 and 2023. This is not to say that things are perfect: most notably, The Matrix.org Foundation has not yet hit its funding goals, and urgently needs more organisations who depend on Matrix to join as members in order to be financially sustainable. However, in terms of progress of Matrix towards outperforming the centralised alternatives; growth of the ecosystem; the success of the first ever Matrix Conference; we couldn’t be happier - and hopefully the more Matrix matures, the more folks will want to join the Foundation to help fund it.

So, precisely why are we feeling so happy right now?

🔗Matrix 2.0

Matrix 2.0 is the project to ensure that Matrix can be used to build apps which outcompete the incumbent legacy mainstream communication apps. Since announcing the project at FOSDEM 2023, we’ve been hard at work iterating on:

• Sliding Sync, providing instant sync, instant login and instant launch.
• Next Generation Auth via OIDC, to support instant login by QR code and consistent secure auth no matter the client.
• Native Multiparty VoIP via MatrixRTC, to provide consistent end-to-end-encrypted calling conferencing within Matrix using Matrix’s encryption and security model.
• Invisible Cryptography, to ensure that encryption in Matrix is seamless and no longer confuses users with unable-to-decrypt errors, scary shields and warnings, or other avoidable UX fails.

All of these projects are big, and we’ve been taking the time to iterate and get things right rather than cut corners – the whole name of the game has been to take Matrix from 1.0 (it works) to 2.0 (it works fast and delightfully, and outperforms the others). However, in September at the Matrix Conference we got to the point of shipping working implementations of all of the Matrix 2.0 MSCs, with the expectation of using these implementations to prove the viability of the MSCs and so propose them for merging into the spec proper.

Sliding Sync ended up evolving into MSC4186: Simplified Sliding Sync, and is now natively integrated into Synapse (no more need to run a sliding sync proxy!) and deployed on matrix.org, and implemented in matrix-rust-sdk and matrix-js-sdk. MatrixRTC is MSC4143 and dependents and is also deployed on matrix.org and call.element.io. Invisible Cryptography is a mix of MSCs: MSC4161 (Crypto terminology for non-technical users), MSC4153 (Exclude non-cross-signed devices), MSC3834 (Opportunistic user key pinning (TOFU)), and is mostly now implemented in matrix-rust-sdk - and Unable To Decrypt problems have been radically reduced (see Kegan’s excellent Matrix Conference talk for details). Finally, Next Gen Auth is MSC3861 and is planned to be deployed on matrix.org via matrix-authentication-service in Feb 2025.

It’s been controversial to ship Matrix 2.0 implementations prior to the MSCs being fully finalised and merged, but given the MSCs are backwards compatible with Matrix 1.0, and there’s unquestionable benefit to the ecosystem in getting these step-changes in the hands of users ASAP, we believe the aggressive roll-out is justified. Meanwhile, now the implementations are out and post-launch teething issues have largely been resolved, the MSCs will progress forwards.

One of the things we somehow failed to provide when announcing the implementations at the Matrix Conference was a playground for folks to experiment with Matrix 2.0 themselves. There’s now one based on Element’s stack of Synapse + matrix-authentication-service + Element Web + Element Call available at element-docker-demo in case you want to do a quick docker compose up to see what all the fuss is about! Meanwhile, matrix.org should support all the new MSCs in February – which might even coincide with the MSCs being finalised, you never know!

Rather than going through Matrix 2.0 in detail again, best bet is to check out the launch talk from The Matrix Conference…

Today's Matrix Live: https://youtube.com/watch?v=ZiRYdqkzjDU

…and in terms of seeing a Matrix 2.0 client in action, the Element X launch talk shows what you can do with it!

Today's Matrix Live: https://youtube.com/watch?v=gHyHO3xPfQU

Honestly, it is insanely exciting to see Matrix having evolved from the “good enough for enthusiastic geeks” to the “wow, this feels better than Signal” phase that we’re entering now. Meanwhile, matrix-rust-sdk is tracking all the latest Matrix 2.0 work, so any client built on matrix-rust-sdk (Fractal, Element X, iamb, etc) can benefit from it immediately. There’s also some really exciting matrix-rust-sdk improvements on the near horizon in the form of the long-awaited persistent event cache, which will accelerate all event operations enormously by avoiding needless server requests, as well as providing full offline support.

🔗The Matrix Conference

Talking of The Matrix Conference - this was by far the highlight of the year; not just due to being an excellent excuse to get Matrix 2.0 implementations launched, but because it really showed the breadth and maturity of the wider Matrix ecosystem.

One of the most interesting dynamics was that by far the busiest track was the Public Sector talk track (sponsored by Element) – standing room only, with folks queuing outside or watching the livefeed, whether this was Gematik talking about Matrix powering communications for the German healthcare industry, SwissPost showing off their nationwide Matrix deployment for Switzerland, DINUM showing off Tchap for France, NATO explaining NI²CE (their Matrix messenger), Försäkringskassan showing off Matrix for Sweden with SAFOS, Tele2 showcasing Tele2 Samarbete (Matrix based collaboration from one of Sweden’s main telcos), FITKO explaining how to do Government-to-Citizen communication with Matrix in Germany, ZenDiS using Matrix for secure communication in the German sovereign workspace openDesk project, or IBM showing off their Matrix healthcare deployments.

This felt really surprising: not only are we in an era where Matrix appears to be completely dominating secure communication and collaboration in the public sector – but it’s not just GovTech folks interested, but the wider Matrix community too.

I think it’s fair to say that when we created Matrix, we didn’t entirely anticipate this super-strong interest from government deployments – although in retrospect it makes perfect sense, given that more than anyone, nations wish to control their own infrastructure and run it securely without being operationally dependent on centralised solutions run out of other countries. A particular eye-opener recently has been seeing US Senators Ron Wyden (D) and Eric Schmitt (R) campaigning for the US Government to deploy Matrix in a way similar to France, Germany, Sweden and others. If this comes to pass, then it will surely create a whole new level of Matrix momentum!

It’s worth noting that while many Matrix vendors like Element, Nordeck, Famedly, connect2x and others have ended up mainly focusing commercially on public sector business (given that’s empirically where the money is right now) – the goal for Matrix itself continues to be mainstream uptake.

Matrix’s goal has always been to be the missing communication layer of the web for everyone, providing a worthy modern open replacement to both centralised messaging silos as well as outdated communication networks like email and the PSTN. It would be a sore failure of Matrix’s potential if it “only” ended up being successful for public sector communication! As it happens, our FOSDEM 2025 mainstage talk was just accepted, and happens to be named “The Road To Mainstream Matrix.” So watch this space to find out in February how all the Matrix 2.0 work might support mainstream Matrix uptake in the long-run, and how we plan to ensure Matrix expands beyond GovTech!

🔗The Governing Board

Another transformative aspect of 2024 was the formation of The Matrix.org Foundation Governing Board. Over to Josh with the details…

The election of our first ever Governing Board this year has gone a long way to ensuring we can truly call Matrix a public good, as something that is not only shared under an open source license and developed in the open, but also openly governed by elected representatives from across the ecosystem.

It took forming the Spec Core Team and the Foundation, both critical milestones on a journey of openness and independence, to pave the way. And with the Governing Board, we have a greater diversity of perspectives and backgrounds looking after Matrix than ever before!

The Governing Board is in the process of establishing its norms and processes and just last week published the first Governing Board report. Soon it’ll have elected committee chairs and vice chairs, and it appears to be on track to introduce our first working groups – official bodies to work together on initiatives in support of Matrix – at FOSDEM. Working groups will be another massive step forward, as they enable us to harmonize work across the ecosystem, such as on Trust & Safety and community events.

One last note on this, I want to shout out Greg Sutcliffe and Kim Brose, our first duly elected Chair and Vice Chair of the Governing Board, who have been doing great work to keep things in motion.

🔗Growing Membership

A key part of building the Governing Board has been recruiting to our membership program, which brings together organizations, communities, and individuals who are invested in Matrix. Our members illustrate the breadth of the ecosystem, and many of them are funders who help sustain our mission.

The Foundation has gone from being completely subsidized by Element in 2022, to having nearly half of its annual budget covered by its 11 funding members.

Of course, only being able to sustain half our annual budget is not nearly good enough, and it means that we live hand-to-mouth, extending our financial runway a bit at a time. It’s a nail biter of a ride for the hardworking staff who labor under this uncertainty, but we savor every win and all the progress we’ve made.

I’d like to take this opportunity to thank our funding members, including Element, our Gold Members, Automattic and Futurewei Technologies, our Silver Members, ERCOM, Fairkom, Famedly, Fractal Networks, Gematik, IndieHosters, Verji Tech, and XWiki.

We look forward to welcoming two new funding members in the coming weeks!

Our community-side members also play an important role, and we’re grateful for their work and participation. This includes our Associate Members, Eclipse Foundation, GNOME Foundation, and KDE, and our Ecosystem Members: Cinny, Community Moderation Effort, Conduit, Draupnir, Elm SDK, FluffyChat, Fractal, Matrix Community Events, NeoChat, Nheko-Reborn, Polychat, Rory&::LibMatrix, Thunderbird, and Trixnity.

If you’d like to see Matrix continue its momentum and the Foundation to further its work in ensuring Matrix is an independently and collectively governed protocol, please join the Foundation today. We need your help!

Back to you, Matthew!

🔗Focus

In 2023, we went through the nightmarishly painful process of ruthlessly focusing the core team exclusively on stabilising and polishing the foundations of Matrix – shelving all our next-generation showcases and projects and instead focusing purely on refining and evolving today’s Matrix core use cases for chat and VoIP.

In 2024, I’m proud to say that we’ve kept that focus – and indeed improved on it (for instance, we’ve stepped back on DMA work for much of the year in order to focus instead on the Trust & Safety work which has gone into Matrix 1.11, 1.12, and 1.13). As a result, despite a smaller team, we’ve made huge progress with Matrix 2.0, and the results speak for themselves. Anecdotally, I now wince whenever I have to use another messaging system – not because of loyalty to Matrix, but because the experience is going to be worse: WhatsApp has more "Waiting for message, this may take a while" errors (aka Unable To Decrypts or UTDs) than Matrix does, takes longer to launch and sync and has no threads; iMessage’s multidevice support can literally take hours to sync up; Signal just feels clunky and my message history is fragmented all over the place. It feels so good to be in that place, at last.

Meanwhile, it seems that Element’s move to switch development of Synapse and other projects to AGPL may have been for the best – it’s helped concretely address the issue of lack of commercial support from downstream projects, and Element is now in a much better position to continue funding Synapse and other core Matrix work. It’s also reassuring to see that 3rd party contributions to Synapse are as active as ever, and all the post-AGPL work on Synapse such as native sliding sync shows Element’s commitment to improving Synapse. Finally, while Dendrite dev is currently slow, the project is not abandoned, and critical fixes should keep coming – and if/when funding is available P2P Matrix & Dendrite work should resume as before. It wouldn’t be the first time Dendrite has come back from stasis!

🔗The Future

Beyond locking down Matrix 2.0 in the spec and getting folks using it, there are two big new projects on the horizon: MLS and State Res v3.

MLS is Messaging Layer Security (RFC 9420), the IETF standard for group end-to-end-encryption, and we’ve been experimenting with it for years now, starting around 2019, to evaluate it for use in Matrix alongside or instead of our current Double Ratchet implementation (Olm/Megolm). The complication on MLS is that it requires a logically centralised function to coordinate changes to the membership of the MLS group – whereas Matrix is of course fully decentralised; there’s never a central coordination point for a given conversation. As a result, we’ve been through several iterations of how to decentralise MLS to make it play nice with Matrix – essentially letting each server maintain its own MLS group, and then defining merge operations to merge those groups together. You can see the historical work over at https://arewemlsyet.com.

However, the resulting dialect of MLS (DMLS) has quite different properties to vanilla RFC 9420 MLS – for instance, you have to keep around some historical key data in case it’s needed to recover from a network partition, which undermines forward secrecy to some extent. Also, by design, Matrix network partitions can last forever, which means that the existing formal verification work that has been done around MLS’s encryption may not apply, and would need to be redone for DMLS.

Meanwhile, we’ve been participating in MIMI (More Instant Messaging Interoperability), an IETF working group focused on building a new messaging protocol to pair with MLS’s encryption. A hard requirement for MIMI is to utilise MLS for E2EE, and we went through quite a journey to see if Matrix could be used for MIMI, and understand how Matrix could be used with pure MLS (e.g. by having a centralised Matrix dialect like Linearized Matrix). Right now, MIMI is heading off in its own direction, but we’re keeping an eye on it and haven’t given up on converging somehow with it in future. And if nothing else, the exercise taught us a lot about marrying up Matrix and MLS!

Over the last few months there has been more and more interest in using MLS in Matrix, and at The Matrix Conference we gave an update on the latest MLS thinking, following a workshop at the conference with Franziskus from Cryspen (local MLS formal-verification experts in Berlin). Specifically, the idea is that it might be possible to come up with a dialect of Matrix which used pure RFC 9420 MLS rather than DMLS, potentially using normal Matrix rather than Linearized Matrix… albeit with MLS group changes mediated by a single ‘hub’ server in the conversation. The good news is that Cryspen proposed a mechanism where in the event of a network partition, both sides of the partition could elect a new hub and then merge the groups back together if the partition healed (handling history-sharing as an out-of-band problem, similar to the problem of sharing E2EE history when you join a new room in Matrix today). This would then significantly reduce the disadvantages of rooms having to have a centralised hub, given if the hub broke you could seamlessly continue the conversation on a new one.

So, we’ve now had a chance to sketch this out as MSC4244 - RFC 9420 MLS for Matrix, with two dependent MSCs (MSC4245 - Immutable encryption, and MSC4246 - Sending to-device messages as/to a server) and it’s looking rather exciting. This is essentially the protocol that Travis & I would have proposed to MIMI had the WG not dismissed decentralisation and dismissed Matrix interop - showing how it’s possible to use MLS for cryptographic group membership of the devices in a conversation, while still using Matrix for the user membership and access control around the room (complete with decentralisation). Best of all, it should also provide a solution to the longstanding problem of “Homeserver Control of Room Membership” highlighted by Albrecht & co from RHUL in 2022, by using MLS to prove that room membership changes are initiated by clients rather than malicious servers.

Now, we’re deliberately releasing this as a fairly early draft from the Spec Core Team in order to try to ensure that MLS spec work is done in the open, and to give everyone interested the opportunity to collaborate openly and avoid fragmentation. In the end, the SCT has to sign off on MSCs which are merged into Matrix, and we are responsible for ensuring Matrix has a coherent and secure architecture at the protocol layer – and for something as critical as encryption, the SCT’s role in coordinating the work is doubly important. So: if you’re interested in this space, we’d explicitly welcome collaboration and feedback on these MSCs in order to get the best possible outcome for Matrix – working together in the open, as per the Foundation’s values of ‘collaboration rather than competition’, and ‘transparency rather than stealth’.

Meanwhile, the other big new project on the horizon is State Resolution v3. Old-timers may remember that when we launched Matrix 1.0, one of the big changes was the arrival of State Resolution v2 (MSC1442), which fixed various nasty issues in the original merge conflict resolution algorithm Matrix uses to keep servers in sync with each other. Now, State Res v2 has subsequently served us relatively well (especially relative to State Res v1), but there have still been a few situations where rooms have state reset unexpectedly – and we’re currently in the process of chasing them down and proposing some refinements to the algorithm. There’s nothing to see yet, although part of the work here has been to dust off TARDIS, our trusty Time Agnostic Room DAG Inspection Service, to help visualise different scenarios and compare different resolution algorithms. So watch this space for some very pretty explanations once v3 lands!

🔗Happy New Year!

Matrix feels like it entered a whole new era in 2024 – with the Foundation properly spreading its wings, hosting The Matrix Conference, operationalising the Governing Board, and Matrix uptake exploding across the public sector of 20+ countries. Funding continues to be an existential risk, but as Matrix continues to accelerate we’re hopeful that more organisations who depend on Matrix will lean in to support the Foundation and ensure Matrix continues to prosper.

Meanwhile, 2025 is shaping up to be really exciting. It feels like we’ve come out of the darkness of the last few years with a 2.0 which is better than we could have possibly hoped, and I can’t wait to see where it goes from here!

Thanks to everyone for supporting the project - especially if you are a member of the Foundation (and if not, please join here!). We hope you have a fantastic end of the year; see you on the other side, and thanks for flying Matrix :)

Hi all,

It’s been 6 months since the first ever Matrix Governing Board (GB) was formally elected & announced, and it has recently had its first official meeting. As such, we felt it was time that you, our constituents, had a report on how things are going and what we’ve been doing. We appreciate that the work of the GB is often in the background, and we want to be as transparent as we can.

🔗What’s been happening?

Since our election in June, the GB has mainly been focussed on internal structure. We began with the most basic part of this - getting to know each other! We have quite a large group, and we all needed time to understand what each of us would like to achieve, and to assist with. We also needed to get to know the Foundation better, and time spent with Josh has been extremely valuable too.

The other, even bigger, topic to tackle has been structure. We are a new board, and as such we need to lay down the processes and hierarchy that will govern our work in the near-to-medium future. There is ample inspiration around us in the many other communities we are part of, but we do have to write down our versions of these.

🔗What about the recent Governing Board meeting?

The GB had its first official meeting on Nov 15th, and the topic of structure took up all of our time - this is key since that structure is blocking the work we want to do in various topic areas (which we’re calling Committees). There are detailed minutes available here but here is a high level summary - you’ll note that these all relate to the structure and norms of the GB:

• We elected our first Chair and ViceChair - Greg Sutcliffe (gwmngilfen) and Kim Brose (HarHarLinks) respectively
• We discussed some of the core elements of the GB - voting processes, quorum, timescales, etc
• We discussed the organisation layout, Committees, and Working Groups - more detail on that below
• We talked a lot about norms as well - how we expect members of the GB to behave.

The last point is actually really important - while it sounds quite simple, it’s critical for setting expectations for us and also helps set overall policy when an explicit rule or process doesn’t exist. The culture that we set out with this first board will likely set the tone for the future, and we should get it right.

🔗Committees and Working Groups

Probably the decision with the biggest impact (thought we agreed it fairly quickly) was around the hierarchy of the GB, so let’s expand on that a bit.

As we reported in TWIM at the time, we have convened 4 initial Committees (Governance, Trust & Safety, Community, and Finance & Fundraising), and these are board-level subgroups with a focus on that specific area. Each Committee will have one or more Working Groups (WG) that focus on something related to that topic, and WGs must have a board member involved - but can (and probably should) involve more people from the community who wish to be involved in that effort.

Drawing on my own background in operating systems, this is somewhere between the CentOS model (which just has Special Interest Groups under the CentOS Board) and Fedora (which has a detailed & complex org chart). As an example, we’ll (probably) have a Website WG under the Community Committee.

Each Committee and WG will need a charter - this can be pretty short, but sets out the remit of that group. Committees will also need a Chair (and probably a Vice Chair, just in case) so that we can ensure things keep ticking along. Those positions are open for voting within the GB at the moment!

For the community, you can expect regular reports from the committees once they’ve formed, and we’ll bring those to you as we can - how we do reporting with transparency is also a topic we're discussing. You can also expect a process for people to propose new Working Groups - that is also under discussion!

🔗Reports?

Yes! So, as said above, the Committees will have an obligation to report on their activity. Since most have only existed for 3 weeks so far, there’s not yet much to say, but I hope that in the next few weeks we’ll be able to announce the Committees are up-and-running, and that we have a proposal system for new WGs.

We also have a report from the Spec Core Team which they’ve asked us to share with you - you can read that SCT report here.

🔗What’s next?

Right now, elections are in progress for the people who will run the Committees, and we want to finalise the norms and processes - these have had significant discussion already, and once we’ve tidied up the last points we can vote them in. Then comes the serious work of setting up WGs, and all that entails.

We know that this seems a very slow process, especially in today’s world of fast moving technology - but the work of discussion, negotiation, and consensus can’t be rushed. It’ll be worth it.

If you want to chat with us, we are always happy to chat! You can find us in the Office of the Governing Board room, but many of the GB will also be present at FOSDEM as well as being at the Friday Matrix event - please talk to us, bring us your thoughts, tell us your worries. We’ll do what we can to help.

Until next time!

Greg (on behalf of the Governing Board)

Hey all,

Another 9 MSCs have been released today in Matrix 1.13! It’s just over 2 months since Matrix 1.12 went out, and the last scheduled release for 2024 - the next release is planned for around FOSDEM 2025. Today’s release contains more T&S features and a number of clarifications and improvements. The full changelog is at the end of this post, per usual :)

🔗Account suspension

Last release brought Account Locking to the spec, and this release brings Account Suspension - a highly related but semantically different feature. Locking prevents the user from accessing their account, typically as a consequence of security reasons or restrictions, while suspension aims to disrupt while retaining a (mostly) readonly experience for the user. Both actions are reversible, and available to safety and security teams to help manage their servers with alternatives to deactivation (a destructive, irreversible, action).

Clients should continue calling /sync to detect when a lock/suspension is lifted (or converted to deactivation). MSC3939 and MSC3823 both have suggestions on what a UI could look like for the different states.

🔗Reporting rooms

Event reporting has been in the spec since the very early days of Matrix, allowing users to send concerns about particular content to their homeserver administrators for review. A notable gap in this functionality is being able to report whole rooms from the public room directory or out of band in general - this has been addressed in Matrix 1.13 with the new report room endpoint.

The T&S team continues to work on designing a possible replacement to reporting in general, considering functionality like appeals, report-to-moderators, classification, and other quality of life improvements.

🔗Up next in Matrix 1.14 and 2025

Mentioned earlier in this post, Matrix 1.14 is expected to be released around FOSDEM 2025 in early February. Many of the Matrix 2.0 features, like OIDC and Simplified Sliding Sync, are getting ever-closer to the needed proposed-FCP state to become part of the spec. We currently expect that the Matrix 2.0 features will land in either Matrix 1.14 or Matrix 1.15, converting the applicable release to Matrix 2.0 as a specification version. This is highly dependent on the MSCs progressing through FCP though, and may get pushed out as needed.

As always, if there’s an MSC ready for FCP, let us know in the SCT Office room! We’re currently on an administrative break until January 8th, 2025, but we’re still around and prioritizing features as we see them.

🔗The full changelog

The full changelog for Matrix 1.13 is:

🔗Client-Server API

New Endpoints

• Add POST /_matrix/client/v3/rooms/{roomId}/report, as per MSC4151. (#1938, #2028)

Backwards Compatible Changes

• Add error codes to requestToken endpoints, as per MSC4178. (#1944)
• Remove reply fallbacks, as per MSC2781. (#1994)
• Clarify the allowed HTTP methods in CORS responses, as per MSC4138. (#1995, #2011)
• Add new M_USER_SUSPENDED error code behaviour, as per MSC3823. (#2014)

Spec Clarifications

• The reason parameter in POST /_matrix/client/v3/rooms/{roomId}/report/{eventId} can be omitted instead of left blank, as per MSC2414. (#1938)
• Correct OpenAPI specification for query parameters to GET /_matrix/client/v3/thirdparty/location/{protocol} endpoint. (#1947)
• Sort VoIP events semantically. (#1967)
• Clarify that servers must forward custom keys in PusherData when sending notifications to the push gateway. (#1973)
• Clarify formats of string types. (#1978, #1979, #1980)
• Clarify that the async upload endpoint will return 404 in some cases. (#1983)
• Remove distinction between StateFilter and RoomEventFilter. (#2015)
• Add hyperlinks throughout the specification. (#2016)
• Use json instead of json5 for syntax highlighting. (#2017)
• Specify order that one-time keys are issued by /keys/claim, as per MSC4225. (#2029)

🔗Server-Server API

Backwards Compatible Changes

• Make ACLs apply to EDUs, as per MSC4163. (#2004)

Spec Clarifications

• Add 403 error response to /_matrix/federation/v1/state_ids/{roomId}. (#1926)

🔗Application Service API

Backwards Compatible Changes

• Allow sending ephemeral data to application services, as per MSC2409. (#2018)

🔗Identity Service API

No significant changes.

🔗Push Gateway API

Spec Clarifications

• Document the schema of PusherData. (#1968)
• The path of HTTP pusher URLs is fixed to /_matrix/push/v1/notify. (#1974)

🔗Room Versions

Spec Clarifications

• Clarify rule 4.3.1 of the auth rules in room version 11 to state which event's sender the state_key needs to match. (#2024)

🔗Appendices

Spec Clarifications

• Remove note about reference implementations. (#1966)

🔗Internal Changes/Tooling

Spec Clarifications

• Add x-weight property for sorting events rendered with the event-group shortcode. (#1967)
• Enforce consistent vertical spacing between paragraphs in endpoint definitions. (#1969, #2005)
• Remove boxes/added-in-paragraph shortcode. (#1970)
• Remove withVersioning parameter of rver-fragment shortcode. (#1971)
• Remove span element from added-in and changed-in shortcodes. (#1972)
• Fix formatting of added-in and changed-in shortcodes by using % delimiter. (#1975)
• Remove CSS workaround for scroll-anchoring. (#1976)
• Rename custom-formats.yaml to string-formats.yaml and update its docs. (#1977)
• Fix relative URLs when serving the specification with a custom baseURL. (#1984, #1997)
• Rename .htmltest.yaml to .htmltest.yml. (#1985)
• Improve the JS script to highlight the current ToC entry. (#1991, #2002)
• Upgrade docsy to 0.11.0 and hugo to 0.139.0. (#1996, #2007)
• Improve the quality of the rendered diagrams (#1999)
• Update the Inter font and allow the browser to render the page before it is loaded (#2000)
• Use a proper Matrix favicon (#2001)
• Clean up unused CSS classes in openapi/render-operation partial. (#2003)
• Fix changed-in partial when used with multiple paragraphs. (#2006)
• Optimize generated CSS by removing unused selectors. (#2008)
• Remove trailing slash on void HTML elements. (#2009)
• Remove type and language attributes of script element. (#2021)
• Change the accessible role of info boxes to note. (#2022)

🔗Matrix Live

Today's Matrix Live: https://youtube.com/watch?v=GQATaQpuUUQ

🔗Dept of Status of Matrix 🌡️

Matthew reports

Last week US Senators Wyden (D) and Schmitt (R) wrote an open letter to the US Department of Defense encouraging them to adopt Matrix more widely, rather than wasting money on unencrypted, centralised or closed systems. The letter also reveals a whole bunch of info at the end about the US Navy's Matrix deployments. This feels like a huge step change forwards - not only is the FBI encouraging citizens to use end-to-end-encryption in the wake of realisations that the public telephone network is insecure, but US Senate is pushing for Matrix adoption (without any lobbying from us, I hasten to add). You can read more about it at the Element blog (Element provides the deployments for the US Navy).

P.S. it really is bleakly amusing that we've been constantly pointing out that legislation like EU's ChatControl and the UK's Online Safety Act are catastrophically flawed because the surveillance backdoors they propose will be exploited and abused by attackers. And here we are, with the lawful intercept backdoors in the US public phone system being compromised by attackers, causing the FBI to recommend non-backdoored E2EE instead. We live in a very strange timeline.

🔗Dept of Spec 📜

Andrew Morgan (anoa) {he/him} reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4239: Room version 11 as the default room version
• MSC4238: Pinned events read marker

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• MSC4225: Specification of an order in which one-time-keys should be issued
• MSC4147: Including device keys with Olm-encrypted events

Closed MSCs:

• No MSCs were closed/rejected this week.

🔗Random MSC of the Week

The random MSC of the week is... MSC3006: Bot Interactions!

We haven't had one of these in a while, so I figured, why not!

This MSC talks about "bot interactions", which are additional ways that users can interact with bots other than text - namely client-rendered buttons. Ironically, the rise of LLMs in the years since this MSC was published have brought human-computer text interaction to the forefront, but buttons still have their place!

A bot can define their interactions as a state event and send it into the room. Then clients that see that state event can populate user menus with the actions that bots support! Clicking on a button will send a message into the room that a bot would parse as per usual (so really this is just a shortcut to typing commands out manually). The benefit is users don't need to remember commands (and don't need to !help all the time - cough cough mjolnir), and can quickly issue a potentially lengthy command without typing.

This seems like a cool feature to me. If any bot or client devs feel the same, consider reaching out on the MSC and offering your feedback!

🔗Dept of Servers 🏢

🔗Synapse (website)

Synapse is a Matrix homeserver implementation developed by Element

Till reports

This week we released Synapse 1.121.0 (and 1.121.1).

1.121.1 is just a patch release to fix an issue building release docker images in our CI. As such, there is only a docker image for 1.121.1, not 1.121.0. 1.121.1 is otherwise functionally identical to 1.121.0.

1.121.0 introduces experimental support for a number of MSCs (MSC4190: Device management for application services, MSC4076: Let E2EE clients calculate app badge counts themselves (disable_badge_count)), as well as stabilises support for locking accounts. It also has bug fixes and limited initial support for returning information about suspended users via the Admin API.

Grab it while it's hot! 🔥

🔗Dept of Clients 📱

🔗Extera

OfficialDakari reports

Recently, Extera got saved messages feature. To save a message, open it's menu and click Save. This feature can be changed at any time and is unstable. Also, now, users of extera.xyz can get an email on our domain. DM @mail:extera.xyz and say !m help.

🔗SchildiChat (website)

SchildiChat is a fork of Element for Android and Desktop, that used to focus on UI changes such as message bubbles and a unified chat list, but now also provides some additional tweaks and community-driven features that may not be on the roadmap for the upstream clients.

SpiritCroc says

While releases of SchildiChat Next (our fork of Element X for Android) have always been available on my own F-Droid repository, we finally made it into the main F-Droid repository too! These F-Droid releases are reproducible builds checked against my repo, so you know if it lands on the F-Droid repository that it matches what I built before. Compared to reproducible builds from Element X, F-Droid even builds our forks of the Matrix Rust SDK and the Rich Text Editor from source rather than using prebuilts to include as dependencies.

On the feature side, one of the main points that made me switch back to the old SchildiChat app was the ability to manage rooms in spaces. Accordingly, I added a long-press action to the room list that allows you to select a room's parent spaces to add to or remove from. At the time of writing this change is still only included in beta builds behind a feature flag, but will probably arrive in a release build in the next few days.

🔗Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Mauro Romito says

• We are doing great progress with message knocking and media gallery
• We are also experimenting with the event cache, which will make the app even faster
• Some design improvements are being made in the room details screen and the join room screen

🔗Element X Android (website)

Android Matrix messenger application using the Matrix Rust SDK and Jetpack Compose.

benoit reports

• Pretty similar to what's happening on Element X iOS:
• We are doing progress with room knocking
• We are making progress on the media gallery and are integrating an audio player to play voice message and message with audio attachment
• We are also experimenting with the event cache, which will make the app even faster. There is still work to do SDK side to make it usable so it's behind a disabled feature flag for now.

🔗Dept of SDKs and Frameworks 🧰

🔗Trixnity (website)

Multiplatform Kotlin SDK for developing Clients, Bots, Appservices and Servers

Benedict says

The latest release of Trixnity introduces support for decrypted temporary files across all platforms! 🎉 This feature is crucial for handling media like video playback and PDF rendering that require secure but temporary access to decrypted content. Trixnity ensures to providing seamless and secure handling of such files, while maintaining compatibility with the old API.

For more information about this update, or to check out Trixnity, visit the project repository: https://gitlab.com/trixnity/trixnity.

We welcome feedback and discussions in the #trixnity:imbitbu.de room.

🔗Dept of Services 🚀

🔗Synapse Admin Updates

Aine [don't DM] says

A while back, we at etke.cc announced our Synapse-Admin fork. This week, we’re excited to introduce more new features and quality-of-life improvements!

Media Tab for Rooms

Previously, media management was limited to individual users (i.e., media uploaded by a specific user). Now, you can manage media at the room level!

⚠️ While the new media tab offers options to view and remove media per room, it’s worth noting that the Admin API endpoint for room media is more limited compared to the user media endpoint. Despite this, we hope this feature will assist with Matrix server moderation.

Account Suspension (MSC3823)

Account suspension is here! This feature enables you to place users in a "read-only account" state as an alternative to locking accounts.

💡 Note: Not all Admin API endpoints fully support the suspension flag yet, but support is expected to improve in future updates.

E.164-Based Matrix IDs (MSC4009)

Support for E.164-based Matrix IDs is finally here!

Matrix IDs in the format +123456:example.com (with a + sign) have been valid since Matrix v1.8. However, Synapse Admin previously lacked support for these IDs - oops! This has now been addressed.

🔗Spread the Word!

We at etke.cc are incredibly proud of what we’ve accomplished with our Synapse Admin fork. Over the last three months, we’ve released an impressive 34 versions, each packed with updates to make Synapse Admin the go-to admin dashboard for Synapse.

While we haven’t yet covered 100% of the API endpoints, and there’s still work to be done, the overall experience has improved dramatically.

If you’ve appreciated the progress we’ve made, we’d love your help in spreading the word about github.com/etkecc/synapse-admin! Share it with homeserver owners and administrators you know, and let them discover the features we’ve worked so hard to deliver.

Explore the source code or try the admin.etke.cc (CDN version). Don’t forget to join the discussion in #synapse-admin:etke.cc

Kim was flabbergasted by Aine's productivity and shared

🔗Dept of Bots 🤖

🔗I Don't Have Spotify Maubot

HarHarLinks says

Do people sometimes share links to music with you on Matrix? They do for me. Often, people use Spotify as their music streaming service, but I don't have Spotify.

Therefore about month ago, I shared a maubot plugin on TWIM, which uses the REST API of sjdonado's I don't have Spotify webapp, which itself is also selfhostable open source software.

As it turns out, people sometimes also share links to other streaming services not just with me but also with you!

So after a bit more tinkering, I have released v1.1.0 of my plugin https://github.com/HarHarLinks/maubot-idonthavespotify. It can now also be configured to check for any combination of spotify, apple, deezer, soundcloud, tidal, and youtube, which are all supported by idonthavespotify to different extent. Your mileage may vary depending on what you search, but that's up to the upstream project, since the plugin just connects whatever it does to matrix.

Let me know of any feedback you have at #maubot-idonthavespotify:matrix.org!

Here is what it can look like in action:

🔗Dept of Events and Talks 🗣️

🔗Matrix Stammtisch Dresden

@mcnesium:matrix.org announces

After being founded live during the recording of a recent "Reboot Politics" podcast show, the newly spawned regional community meetup "Matrix Stammtisch Dresden" will have their second get-together next Wednesday the 18th December at 19:00 in the bistro/restaurant "Neue Sachlichkeit" at Kraftwerk Mitte, Dresden, DE – all creatures welcome!

🔗FOSDEM

Thib (m.org) says

The Matrix.org Foundation & Community Devroom @ FOSDEM has a schedule!

The DevRoom will start at 13:00 and end at 17:00 CET, on Sunday, February 2. We received more talks than we could accept, compressed some longer talks into shorter ones to accept as many high quality talks as possible, but we had to make some tough choices!

We will hold a Fringe Event before FOSDEM and invite everyone who didn't make it to the schedule to give it another try there! We already have 2 generous sponsors to keep the community refreshed and fed, and we're open to more sponsorship opportunities. Reach out if you want to talk about how you can help us secure recordings for Fringe event speakers who opt-in, or more.

As for the devroom itself, the schedule is the following:

• 13:00 Matrix State of the Union
• 13:30 Getting the Rust SDK running on WebAssembly
• 14:00 Demystifying Federation in Matrix
• 14:30 State of Synapse
• 15:00 Building the World's First Server-to-Server Matrix Federation Bridge
• 15:30 How Ubuntu Entered the Matrix
• 16:00 Robrix: a pure multi-platform Matrix Client and more
• 16:30 MatrixRTC: Building Real-Time Applications on Matrix

🔗Matrix Salon Podcast: Tom Lant

Christian Paul (jaller94) says

Back in August, I had the honour of interviewing Tom about Matrix, Element, open source work and the community.

Here are links to the episode with Tom, RSS feed of the Matrix Salon Podcast and the Mastodon post about Tom's episode.

You may also look forward to two more German episodes which are planned to be released before the end of the year (aka. on the upcoming two Fridays). 🥁

🔗Dept of Interesting Projects 🛰️

Kegan reports

TARDIS has had a facelift! Matthew spent a weekend devising a custom layout algorithm and renderer which has now replaced d3-dag.

This is not only clearer for complex DAGs but also faster than the layout algorithm we previously used. We're currently using TARDIS to experiment with state resolution improvements.

🔗Christian's NeoBoard Advent Calendar

Christian Paul (jaller94) reports

More backgrounds, more games, more templates for your retrospectives. My NeoBoard Advent Calendar offers free whiteboard templates every day.

• NeoBoard Advent Calendar
• NeoBoard Adventskalender (German / Deutsch)

Check out some highlights from the past days:

• Door 7: Pairs game (generator)
• Door 11: Memorise the scene (Christmas)
• Door 13: Ocean background

Do you also wonder what will be behind tomorrow's door? 😏

NeoBoard is a whiteboard widget for Element, allowing you and your team to collaborate during meetings, presentations and group projects. You can export and import whiteboard files to reuse them as templates or migrate between rooms.

🔗Dept of Built on Matrix 🏗️

🔗Acter (website)

Your social organizing app build on matrix: A secure space to gather, engage and grow your community!

ben says

We have been working on deep-linking support in Acter for a while now. As per our usual process, progrress on that happens iteratively over the weekly releases. In the last few releases, we have added support for matrix.to and matrix:-URI-schemes on Mobile as well as started experimenting with our own acter:-scheme to support linking to specific items like Pins and Task-Lists. The current release already featuers support for that via a new QR-code you can scan from within the app to directly jump to specific items. As part of that effort, you can also link calendar-events and pins in boosts and you can easily do that from the newly designed share-screen from the object itself. It's glorious.

On the other side, work on the Chat NG - the total rewrite of the chat UI infrastructure - is also progressing very well with support for bubbles and grouping of messages already in, and further message types being rendered properly now. It is still quite a bit from production ready but the improvement in architecture can already be felt very nicely in terms of UX speed and reactive-ness when you switch it on in your Labs.

Last but not least, we have started with "spring cleaning"-sessions where larger parts of the team get together and walk through the app and discuss minor bugs and annoyances in a synchronised sessions and then try to fix them there and then - so we can speed up the process on these - or write them up as proper bugs if we can't fix them yet. A first sessions of this kind was done recently and fixed a bunch of minor annoyances. As usual the Github release page's Changelog has all the details.

Additionally, we'd like to mention that we are looking for a DevOps Person helping us run our Matrix Infrastructure to extend the Acter Team. If that sounds interesting to you, please apply :) .

🔗Matrix Federation Stats

Aine [don't DM] reports

collected by MatrixRooms.info - an MRS instance by etke.cc

As of today, 10386 Matrix federateable servers have been discovered by matrixrooms.info, 3148 (30.3%) of them are publishing their rooms directory over federation. The published directories contain 20778 rooms.

Stats timeline is available on MatrixRooms.info/stats

How to add your server | How to remove your server

🔗Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	codestorm.net	242
2	nerdhouse.io	303.5
3	wi11.co.uk	307
4	girlboss.ceo	311.5
5	envs.net	407.5
6	catvibers.me	437
7	ncat.cafe	491
8	larsl.net	683
9	melthecat.dev	1161
10	xiny.li	1200

🔗That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

To learn more about how to prepare an entry for TWIM check out the TWIM guide.

The Matrix.org Foundation has been made aware that an international investigative operation took down a service called MATRIX which was used by a cybercriminal network, which has no relationship with the Matrix.org Foundation or the Matrix protocol itself.

The takedown site has a Matrix-the-movie branding, which is a probable source of confusion. The app showcased doesn’t look like any of the Matrix clients we’re aware of.

In a statement to the Matrix.org Foundation, Europol confirmed that the MATRIX cybercriminal network and the Matrix protocol are entirely unrelated. Europol states:

The Matrix protocol (matrix.org) is by no means connected to the Matrix secured communication service that was targeted in OTF Continental.

A statement from the Dutch police confirms that this is unrelated: "Matrix is ​​also the name of a company and communications protocol of the same name, which has nothing to do with the crypto communications service Matrix."

The Matrix.org Foundation and community are very happy to announce that this year, they will be in full force at FOSDEM, with a community event right before the conference, a booth to welcome everyone during the conference, and a dev room to explore topics in depth!

🔗Jan 31 - Matrix Community Event

We organize an event before FOSDEM for the community to meet and talk about Matrix without fear of missing out on all the great talks at FOSDEM. The event will take place on January 31 at 1 pm CET at HSBXL and last the whole afternoon. Please note that HSBXL moved since last year.

It's an unconference/barcamp: come and bring your ideas, share them at the beginning of the event, and small groups will form spontaneously.

Please note that the Matrix Community Event has the same Health & Safety Policy as the Matrix Conference. Extremely briefly: You will need to wear a mask while indoors, except while eating and drinking.

As last year, attending the event is free, and we're looking for sponsors to show their commitment to the ecosystem by refreshing our community with drinks and feeding it with pizzas! Of course, you will be credited in our event wrap-up post on matrix.org. We're open to additional ideas to get you the recognition you deserve.

Join the FOSDEM Barcamp room if you're interested in the event, and reach out to events-wg@foundation.matrix.org to sponsor!

• 🕐️ Friday 31, 13:00 - 21:00 CET (local time)
• 🏢 HSBXL

🔗Feb 1&2 - Booth

This year again, we are happy to have a booth for the duration of the event. This is our opportunity to talk with the broader open-source community, share our latest updates, and listen to people's feedback. We can also help the broader community spread the word with cool stickers and T-shirts!

We're looking for volunteers to run the booth with us. This includes talking to the community, sharing project news, and selling merch. Don't worry if it's your first time: We have a booth handbook ready for volunteers and want to limit the time commitment to 2 hours per day.

Reach out to events-wg@foundation.matrix.org if you're interested in staffing the booth with us! We will work out together which slot works best for you. People who sign up before December 15 are entitled to a special edition T-shirt!

• 🕐️ Saturday 1 to Sunday 2, 09:00 - 18:00 CET (local time)
• 🏢 Desk K.2.B4

🔗Feb 2 - Main Track Talk

Matthew's "The Road to Mainstream Matrix" talk got accepted on the main track. It will happen right before the Devroom, fortunately in the same building!

• 🕐️ Sunday 2, 12:00 - 12:50 CET (local time)
• 🏢 Room K.1.105 (La Fontaine)

🔗Feb 2 - DevRoom

Some topics are too complex to be discussed at a booth. Fortunately, we have a DevRoom on Sunday 2 afternoon to talk about topics in greater depth. Be it a technical talk about state resolution or a success story about how Matrix got deployed in your organization, we want to hear about it all!

The Call for Proposals is now closed.

• 🕐️ Sunday 2, 13:00 - 17:00 CET (local time)
• 🏢 Room K.4.201
• 🗒️ The schedule is here

The whole team is looking forward to meeting you at FOSDEM!

🔗Dept of Status of Matrix 🌡️

🔗Sunsetting the Sliding Sync Proxy: Moving to Native Support

Will L announces

Work on Sliding Sync – which provides a significantly faster and more scalable sync experience in Matrix clients – has moved to focus on native support, and away from the proxy.

The Sliding Sync Proxy on the Matrix.org homeserver will be decommissioned on November 21st, and client support in Element X will be removed on January 17th.

More details for users as well as server and client developers in Matrix.org's latest blog post

🔗First Official Governing Board Meeting

HarHarLinks says

It is Friday TWIMday the 15th of November, and the Governing Board just came out of their first official meeting after the informal one at the Matrix Conference back in September. The focus of this meeting was to define the structure of the Governing Board, so we expect the results will not have an immediate tangible effect outside the Governing Board, but it gives the Governing Board the basic process to enable taking more perceptible decisions.

This includes discussion about how we want to communicate with each other, but we also defined how we vote on actual decisions and some other basic rules for the Governing Board. As a part of that we elected a chair and vice chair for the Governing Board, who are going to help the Governing Board with facilitation tasks. Greg "Gwmngilfen" (chair) and Kim "HarHarLinks" (vice) were elected and are happy to share this post as one of our first actions in this role today. 😁 We also started some subcommittees of the Governing Board, to enable us to work efficiently in smaller groups focussed on specific topics. The rough topics for the initial four committees are Governance, Trust & Safety, Community, and Finances. What their exact scopes are going to be is left as a first task to the respective committees to define along with other bootstrapping, such as electing committee chairs and vice chairs. The set of initial committees is intentionally kept small to remain flexible and open the door for refining them later when we have more experience with how our day to day operations look like. We also discussed defining initial working groups, which would be structured as groups below the committees to fulfil more specific roles and would be the primary way for the Governing Board to include the community. However, we decided to defer that to the committees for now. We got through all the big parts on our agenda but ran out of time before having a formal vote on what communication tools we want to use. We have a great proposal which we are going to vote on asynchronously.

In general we had quite a productive meeting and reached agreements on many topics with clear next steps in other areas. The Governing Board might not have tackled yet the topics you would have prioritised, but it now has an asynchronous voting process and should be able to progress in other areas using the committees.

See you soon with more news from the Governing Board!

🔗Dept of Spec 📜

Andrew Morgan (anoa) {he/him} [back Nov 5] announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4227: Audio based quick login
• MSC4226: Reports as rooms

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

🔗Spec Update

Once again there has been a flurry of activity on the spec repo itself, with Kévin Commaille continuing to fix up various aspects of the spec and the technical underpinnings of the website itself. They are also writing up spec PRs for recently accepted MSCs, such as MSC2781: Remove the reply fallbacks from the specification and MSC4138: Update allowed HTTP methods in CORS responses.

Many kudos for their continued efforts on advancing the spec!

🔗Homeserver Deployment 📥️

🔗Element Docker Demo

Matthew says

Last week I teased https://github.com/element-hq/element-docker-demo on Matrix Live - a two-liner for standing up a Matrix 2.0 stack for experimentation: ./setup.sh; docker compose up.

This week I published a proper walkthrough showing how you can use it for both a local setup with mkcert as well as a federated server setup with letsencrypt, complete with QR login and federated MatrixRTC calling with Element Call. The point is to show just how simple it can be to play with Matrix 2.0 and let folks experiment with the implementations (and help ensure any issues are flushed out before it gets baked into the spec for good!)

Today's Matrix Live: https://youtube.com/watch?v=6iMi5BiQcoI

🔗Dept of Clients 📱

🔗Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Mauro Romito reports

• Knocking work is still going on, some other UIs have been implemented.
• Local echoes for media work has made good progress and will be enable in Nightly and development builds
• Share extension work is now also available in Nightly! Be sure to try it out!
• Finnish has been added to the available languages
• The app is now fully supporting XCode 16.1

🔗Dept of VoIP 🤙

🔗Element Call (website)

Native Decentralised End-to-end Encrypted Group Calls in Matrix, as a standalone web app

spaetz announces

Given the installation of an element call is still tricky (although there is a demo docker image now, rectifying this), here are my notes on how I installed element call (or rather its backend) on a Debian box using a mix of local services and a docker image: https://sspaeth.de/2024/11/sfu/

🔗Dept of SDKs and Frameworks 🧰

🔗Trixnity (website)

Multiplatform Kotlin SDK for developing Clients, Bots, Appservices and Servers

Benedict announces

I released a new version of Trixnity. It now supports Ktor 3 including an up to 90% performance boost for IO operations.

🔗Dept of Services 🚀

🔗etke.cc (website)

Your matrix server on your conditions

Aine [don't DM] reports

🔗Synapse Admin Updates

A while back, we at etke.cc announced our Synapse-Admin fork, and this week we're excited to share more new features and QoL changes!

Prevent accidental user overwrites

The Synapse Admin API endpoint for creating new users and updating existing ones is actually a single Create or modify endpoint, that means you could accidentally overwrite an existing user when you don't mean to. This change adds a username availability check to the user create/edit form that will warn you if you're trying to "create" a user with a username that's already taken. If you accidentally ignore this inline warning message, you will see a modal window upon saving which will ask if you really intend to overwrite the existing user or not.

Why not just disable overwriting completely and only allow editing via the proper "edit user" UI? Because overwriting an existing user is the only user-friendly way to reclaim an erased user / MXID, so completely removing this feature is not a good idea!

Allow providing login form details via GET params

This is a small QoL change - now you could bookmark Synapse Admin URL with prefilled username and homeserver, e.g. https://admin.etke.cc/?username=matrixadmin&homeserver=matrix.example.com. Not a big deal, but nice to have.

Automatically check for updates

The Synapse Admin will do the same thing as Element Web by asking for static files in the background (every hour). If the index page is changed, it will show a notification with a button to reload the page - yep, another small quality-of-life improvement

Source code, admin.etke.cc (CDN version), say hi in the #synapse-admin:etke.cc

🔗Dept of Events and Talks 🗣️

🔗Fedora launch with Matrix Automation

Adrian says

This week, (basically right now) Fedora is running a Virtual event to commemorate the release of Fedora 41.

This year we're continuing to use Matrix as the chat platform for the event and my Pretix invite bot (https://github.com/fedora-infra/maubot-pretix-invite) has been slowly gaining improvements and has been fairly useful in bulk inviting people from this registration form to the Matrix rooms.

If you're able to sign up before noon Eastern, U.S. time, here is the link: https://rsvp.fedoraproject.org/releases/f41-latam-na/

If not, you can join the live stream on Fedora's YouTube channel or wait for the recordings to come out after the event.

Happy F41!

🔗Matrix in a Podcast

@mcnesium:matrix.org says

Last week a friend and I were invited to join this podcast show to talk about Matrix and what makes it different from XMPP. The show is a rather casual chat and in German, but HarHarLinks suggested to announce it here anyway.

🔗FOSDEM Fringe

HarHarLinks announces

Last TWIM we announced the Matrix Devroom at FOSDEM 2025. Two years ago, the Matrix community started a FOSDEM fringe event: The Matrix Foundation and Community Meetup and BarCamp (what a mouthful!). We are happy to announce to be continuing this series!

Like the last times, the fringe event will take place at the local hackerspace HSBXL hackerspace - but if you were there last time, ⚠️ be aware that they moved to a new location! ⚠️ You can find everything about it at https://hsbxl.be/enter/.

The event will start around noon and run until the evening. The last two times we were incredibly happy to find amazing sponsors that enabled us to provide free drinks and pizza for attendees, and we would like to stick to that tradition! If you are interested in sponsoring the fringe event, be it for pizza, drinks or another idea you have, please approach us on Matrix through the Community Events room, the Foundation Office room or by email at mailto:events-wg@foundation.matrix.org.

Beyond that, watch this space for more FOSDEM news to be announced!

🔗Dept of Interesting Projects 🛰️

🔗TARDIS - Time Agnostic Room DAG Inspection Service

Kegan reports

tl;dr - there's a new room DAG visualiser called TARDIS that can do real state resolution.

I've always struggled to properly understand how the state resolution algorithm works. I find it hard to understand the specification, and various blog posts didn't really make things click for me.

With that in mind, I recently spent some time working on a visualisation tool based on a project Matthew first wrote back in 2020 called TARDIS - Time Agnostic Room DAG Inspection Service. The backronym is surprisingly accurate. With this tool, you can step through "debugger-style" events in a room, seeing the shape of the DAG change. Originally this was all it could do, but I knew it could be so much more, so I set about prototyping the improvements I would make to it.

The main thing I wanted to add was the ability to actually perform state resolution on the DAG as it appeared at that point in time. Being able to do this would unlock a number of possibilities:

• Teaching: example DAGs could be loaded to explain how state resolution really works.
• Debugging: developers can load existing rooms into TARDIS to debug incorrect room state calculations.
• Testing: drop the UI and DAGs could be automatically loaded, resolved and asserted that the state at each event is correct, effectively making a server agnostic state resolution test suite.
• Performance: complex graphs can be repeatedly resolved, and the architecture would allow us to calculate and visualise how the algorithm is walking the DAG to see how efficient it is.
• Experimentation: any state resolution or DAG changes to the protocol could be visualised.

I wasn't given a lot of time to work on this, but I did manage to achieve the teaching/debugging aims. I didn't manage to add all of the teaching scenarios, so for now there's only ones explaining the various sort orders used in the state res algorithm.

What's more, this is all hosted so you can try it out without needing to install anything.

🔗How it works

TARDIS gets its data from JSON5 files. These files are intended to be hand-crafted, which is why they aren't pure JSON files. It includes a set of preloaded files to explain parts of state resolution. Each file contains a single "Scenario" which includes:

• The events in the room, already sorted in processing order.
• Annotations for when TARDIS steps into a given event, if any.
• Precalculated state at a given event, if any.

The scenario is then processed and rendered using d3-dag, just like Matthew's original prototype. To perform state resolution at the current event, TARDIS extracts the state sets for the event and makes a WebSockets connection to a "shim server". It is the shim server's job to perform state resolution. TARDIS comes with a Synapse shim, which imports the internal packages required to do state resolution, so it is using the same code paths as a real Synapse server. You can independently run a shim server locally, either in a virtualenv or as a docker container.

The magic happens when you press the "Resolve State" button which:

• Makes a WS connection to the shim server,
• Sends the state sets for the currently selected event,
• The shim server asks TARDIS for the event JSON for certain event IDs (this is why it uses WebSockets and not HTTP),
• The resolved state is returned to TARDIS,
• The resolved state is shown as green nodes on the graph.

State resolution relies heavily on event IDs, and event IDs are calculated fields. The JSON5 file format allows placeholder fake event IDs e.g $JOIN which are preprocessed into real event IDs. Rather than reimplementing canonical JSON, redaction algorithms, and room version handling in TARDIS, it uses gomatrixserverlib as a WASM package to handle this.

🔗What's next?

Unlocking the ability to automatically test state resolution would be a huge milestone, and complement (pun intended) other server-agnostic test suites I have developed in the past (Complement and Complement-Crypto). The test suite would read a JSON5 file to pull out the test DAG, which would have an additional key which has the assertions for that DAG, automatically talk the WS protocol to the shim server to get the resolved state for each event, and check it matches the assertions in the file. This would make it significantly easier for people to reimplement the state resolution algorithm correctly in non-Synapse homeservers.

Performance wise, the shim server is asking TARDIS for event JSON mid-algorithm. This provides a unique insight into the workings of the algorithm. Whilst the original drawings had the idea of "flashing" the nodes as they are requested, a more useful goal would be to just tally up how many times the shim server asks TARDIS for an event. This would allow TARDIS to visualise algorithmic complexity. We could then have a representative set of "realistic" DAGs and test changes to the algorithm for speed e.g given a DAG of n events, Algorithm 1 requests n and Algorithm 2 requests 2n therefore Algorithm 1 is faster.

🔗Matrix Federation Stats

Aine [don't DM] reports

collected by MatrixRooms.info - an MRS instance by etke.cc

As of today, 10361 Matrix federateable servers have been discovered by matrixrooms.info, 3181 (30.7%) of them are publishing their rooms directory over federation. The published directories contain 21664 rooms.

Stats timeline is available on MatrixRooms.info/stats

How to add your server | How to remove your server

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	girlboss.ceo	210
2	puppygock.gay	234
3	bark.arf.wf	251
4	awawawawawawawawawawawawawawawawawawawawawawawawawawawawawawaw.gay	254
5	transgender.ing	261
6	ncat.cafe	324
7	nexy7574.uk	345.5
8	constellatory.net	383
9	pissing.dev	563
10	nexy7574.co.uk	633

We will be decommissioning the sliding sync proxy next week (21/11/2024) and Element are removing client support in mid-January (17/01/2025).

Sliding Sync is designed to provide a significantly faster and more scalable sync experience in our clients. The initial implementation was first prototyped in Element Web backed by an entirely experimental server proxy. The implementation had half an eye on low bandwidth use cases, and the prototype led to MSC3575. We then realised that a simpler approach would be beneficial, and reused the same (experimental) proxy concept to facilitate beta testing with Element X, this time making it available on matrix.org. In doing so, we learned valuable lessons, leading to a refined and simplified API design in MSC4186. The proxy itself was only ever considered as a temporary arrangement to aid speed of development, rather than being a long term solution.

Simplified Sliding Sync MSC4186 (also known as native sliding sync), has since been implemented in Synapse, with encouraging results. Now that we don’t expect the API shape to change significantly, we recommend homeserver developers to implement MSC4186 natively.

The Matrix.org Foundation does not have the resources to keep up maintenance of the proxy service or its codebase, and plans to decommission the proxy from Mid-November and archive the sliding-sync repo.

Recognising that the community needs time to adopt sliding sync natively, Element will keep client support for the old API (MSC3575) until the 17th of January, 2025.

🔗The Timeline

1. Now: EX Apps support migrating from the proxy server to native Sliding Sync. The apps automatically detect when the homeserver supports native Sliding Sync and offers the option to migrate. If users choose to migrate, they will be prompted to log in again. This migration is optional, as the apps continue to support both native Sliding Sync and the proxy.
2. November 21st: Service decommissioning. We plan to decommission the proxy service on Matrix.org and archive its codebase.
3. January 17th: Element X stops supporting MSC3575. EX apps (and matrix-rust-sdk) will remove proxy support, fully shifting to native SS. The migration on EX apps will be forced. Users will get logged out so that they can log in again using native Sliding Sync. We encourage server developers to implement Sliding Sync natively by this point.

🔗What This Means for Users

To continue enjoying the speed of Sliding Sync your homeserver and client must support the native Sliding Sync implementation (MSC4186).

At the time of writing, the latest versions of Synapse support native Sliding Sync, as do the Element X clients. There may be other server / client implementations that also have or are in the process of adding support. If you do use Element X apps, native Sliding Sync is used for every new login. For those currently using Element X through the proxy service, the app will prompt you to log out to switch to native Sliding Sync. While this migration is optional for now, it will become mandatory on the 21st of November for those on Matrix.org, when the proxy will be decommissioned. Element X will discontinue support for the previous Sliding Sync implementation (MSC3575) entirely by January 17th.

🔗Guidance for Server & Client Developers

Server & Client developers are encouraged to implement MSC4186 for native sliding sync. Server developers should be aware that by the 17th of January Element clients will drop support for MSC3575, marking a transition to the native system.

We appreciate your understanding as we take this step forward for the Matrix ecosystem.

🔗Matrix Live

Today's Matrix Live: https://youtube.com/watch?v=HmoVN1x4kO8

🔗Dept of Status of Matrix 🌡️

🔗Matrix at FOSDEM 2025

Thib (m.org) says

We're happy to announce that this year again we will have a DevRoom at FOSDEM!

We have half a day to talk about all the great projects we have been working on as a community. Our devroom should be on Sunday afternoon, even if it's not completely set in stone for now.

You can submit a talk following one of the two formats:

• 20 min talk + 10 min Q&A, for topics that can be covered briefly
• 50 min talk + 10 min Q&A, for more complex subjects which need more focus

Be quick, the Call for Proposals ends on December 1st and we can't extend it. FOSDEM organizers will close all DevRooms CfPs, and we can't bypass it!

Find all the dates & details on our Call for Proposals

🔗Governing Board Meeting

Nico says

Next Friday (November 15th) the governing board will have its first official meeting! Topics include the governing structure (how do we decide stuff), forming committees (how do we work on topics and who participates where), selecting a chair and vice chair for the board (to steer meetings) and define how we want to communicate. Some of those topics are still in flux and will be defined further throughout this week. If you are interested, your representatives might be able to tell you more and answer your questions!

We are looking forward to having our first official meeting as the board and hopefully we will have productive results to share with you all soon!

🔗Ecosystem Governing Board Members Office Hours

HarHarLinks reports

Earlier this year, the members of the Matrix Foundation voted for members from their own constituency to represent them at the Governing Board. Nico, Bram and myself were elected to represent the Ecosystem.

While we are usually approachable and responsive in all kinds of ways, there are some topics or situations better to discuss synchronously. We therefore starting today Wednesday 6th November start with weekly office hours every Wednesday at 17:00 German time (CET = UTC+1 during winter). 🐸 We will be responsive to chat in the Ecosystem Public Forum room and will also share a link to a (video) call there.

Please find more detail in the announcement post over here.

Update: Our first office hours went great! We covered quite a lot of topics both between us representatives and the community members who joined - so much so that we overran our time slot by 50% 😅 There is going to be one more office hour next week before the first official governing board meeting, so join the office hour (or write us async) if there is any topic you want us to bring up with the governing board. We would also like to emphasise that we are offering this way of communication for you, the community, so please give us feedback over at the Ecosystem Public Forum in regard of the choice of time slot, etc.

🔗Dept of Spec 📜

Andrew Morgan (anoa) {he/him} [back Nov 5] reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4225: Specification of an order in which one-time-keys should be issued
• MSC4224: CBOR Serialization

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• MSC2781: Remove the reply fallbacks from the specification 🎉

Closed MSCs:

• No MSCs were closed/rejected this week.

🔗Spec Updates

There was a flurry of PRs to the spec website itself this week. In addition to the myriad of fixes and clarifications, the underlying technology got an update!

https://spec.matrix.org is a static site generated with Hugo, and we use the docsy Hugo theme. Matrix.org has their own fork, with minor changes to self-host all third-party JS/CSS assets instead of downloading them from CDNs.

This fork had gotten a bit outdated however, mostly because updating it and re-downloading the CDN assets was a bit of a pain. This week Kévin Commaille both automated this task and subsequently updated our docsy fork to the latest and greatest. Thank you!

We'd also like to call out @Johennes, @bnjbvr, @AllMightLegend, @uhoreg and @dkasak for their contributions to the spec this week. Thanks all!

🔗Dept of Servers 🏢

🔗Synapse (website)

Synapse is a Matrix homeserver implementation developed by Element

Devon Dmytro says

There was no new release this week, but we have been working hard on getting a few specific things ready to go for the release. You can expect the v1.119.0rc1 release to be out early next week.

Alongside the usual allotment of new features and bug fixes, we have been working hard on:

• Lifting the minimum supported Python version to 3.9
• Updating Synapse test infrastructure in order to pull in the latest version of Twisted (24.10.0)

Thank you to all our contributors for helping to make Synapse the best it can be. As always, feel free to stop by #synapse:matrix.org to join in on the discussion and if you encounter a bug make sure to report it here.

🔗Dept of Bridges 🌉

🔗Parsee

LDA announces

Oyé, oyé, nouvelle alpha sur le plus petit pont ! I just released the Parsee v0.2 alpha today. I've not being able to work as much on it as before, but I did get quite some bugsquashing features, and plain dumb experiments like getting it to build and start on an (emulated) DEC Alphaserver with some minor changes to Cytoplasm, more commands to make admins' lives easier, and reworked Matrix->XMPP formatting in order to make it more pleasant.

I've also dabbled in some MbedTLS support, but it is still unstable(and slow), done slightly more work with avatars, and fixed some known bugs that would make handling Parsee annoying.

As of next(v0.3 will probably be out by 2025), I am mostly working on optional Janet extension support, to make Parsee even more powerful and extensible.

We're still available over at Matrix and XMPP(xmpp:marsee@conference.monocles.eu) if you want to try it out.

🔗Dept of Clients 📱

Benedict says

We released a new version of Tammy including some UI fixes for older Android devices. For those who are hearing about Tammy for the first time: Tammy is a new multiplatform Matrix messenger powered by Trixnity Messenger.

🔗Quaternion (website)

A Qt5-based IM client for Matrix

kitsune says

This is the first 0.0.97 pre-release primarily focused on migration to libQuotient 0.9. Not much to talk about aside from this. The release notes and some prebuit binaries can be found at the usual place.

🔗Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Mauro Romito says

• A new RC for EX iOS will soon be released 1.9.5
• In the new RC EX iOS will be capable of also receiving verifications requests through the SAS protocol (while before was only able to send them)
• We also added a toggle to enable media optimisation that will process media files, to save up data and memory space by compressing them. The option is on by default but can be turned off
• The work for implementing sending, receiving and accepting/declining knocks on rooms is progressing
• Alongside knocking we are also implementing management of room aliases

🔗Dept of Services 🚀

🔗Synapse Admin Updates

Aine [don't DM] reports

A while back, we at etke.cc announced our Synapse-Admin fork, and this week we're excited to share more new features, QoL changes and bug fixes!

We'll begin by discussing technical and under-the-hood updates before moving on to UI features.

SYNAPSE_ADMIN_VERSION env variable

Starting from the least interesting - if you want to build Synapse Admin yourself in an environment where git is unavailable, you can now use SYNAPSE_ADMIN_VERSION env var to set version, instead of relying on git tags.

Logout that actually does the job

Earlier, the logout did send a request to the Matrix logout API endpoint, but didn't clean up things like local storage that is used as a state/session store. Well, now it does 🤷

Proper restrictBaseUrl despite its type

Previously, you could limit Synapse Admin instance to work with specific homeserver(-s) using the restrictBaseUrl config var that accepted both string (like "restrictBaseUrl": "https://example.com") and slice (like "restrictBaseUrl": ["https://example.com", "https://example.net"]). Such an approach has proven to be problematic in multiple cases, but today the last inconvenience with it has been solved - now single-item slices will be treated the same way as the string does (and yes, they are treated differently in the UI), using the only value of the slice.

Configuration in /.well-known/matrix/client

We found out that people tend to use Synapse Admin instances hosted outside their actual servers, and even use a single Synapse Admin instance to manage multiple servers. Unfortunately, such a setup means you can't rely on the config.json file that comes with Synapse Admin instance because it won't contain server-specific configuration… So, here is the solution - just add configuration to your /.well-known/matrix/client file under cc.etke.synapse-admin key, here is an example of how to mark mautrix-telegram puppets as appservice-managed users:

{
  "cc.etke.synapse-admin": {
    "asManagedUsers": ["^@telegram_[a-zA-Z0-9]+:example\\.com$"]
  }
}

works for any config option

Generate random passwords with ease

when creating or updating users. With this change, a new button has been added to the user's create/update form where you can generate a random password in 1 click.

Experimental Features and Rate Limits controls are here!

Now you can enable specific Experimental Features per user, and adjust user's rate limit overrides on the user's page.

Source code, admin.etke.cc (CDN version), say hi in the #synapse-admin:etke.cc

🔗Matrix Federation Stats

Aine [don't DM] announces

collected by MatrixRooms.info - an MRS instance by etke.cc

As of today, 10391 Matrix federateable servers have been discovered by matrixrooms.info, 3184 (30.6%) of them are publishing their rooms directory over federation. The published directories contain 22281 rooms.

Stats timeline is available on MatrixRooms.info/stats

How to add your server | How to remove your server

🔗That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

To learn more about how to prepare an entry for TWIM check out the TWIM guide.