[messaging] Matrix.. is Federation at odds with Privacy?

Matthew Hodgson matthew at matrix.org
Fri Apr 17 04:49:02 PDT 2015

[liberal trimming to prevent exponential quoting blow-up...]

On 17/04/2015 08:03, carlo von lynX wrote:

> - And, cherry on top, we still need a strong motivation for a new
>    generation of users to install our software. Actual privacy during
>    sexting could be one such motivation. It boosted SnapChat even if
>    there is no guarantee the sexting is safe on it.

Sadly, users still don't care particularly about privacy, even for 
sexting.  The reason SnapChat took off wasn't because it gave any 
privacy guarantees, but because it was the new shiny: ephemeral 
messaging and really really simple UX.  The strong motivation for mass 
market users to install an anti-pervasive-surveillance chat app needs to 
be more than anti-pervasive-surveillance.

>> My point was more that expecting *all* users to jump into a *single*
>> new total-privacy-secure ecosystem is impractical.  Which means
>> federation may still be useful as a way to defragment the overall
>> picture (at the expense of compromising privacy when you federate
>> with a legacy network).
> As I said people happily use several systems and they do NOT want
> their parents to show up on SnapChat. Parents belong to Facebook.
> Professors belong into e-mail. Your ideal of defragmentation is
> not what power users want.

I agree that there are some scenarios where people deliberately use 
different apps for different communities.  SnapChat v. FB v. LinkedIn v 
Tinder all have totally different communities, for instance.

However, I'm afraid the world is not so black and white - there are also 
scenarios where it's frustrating for users that their contacts are stuck 
in different apps.  For instance, 
Viber/WhatsApp/Messenger/Kik/WeChat/LINE are all incredibly similar, and 
I have friends on all of them.  Forcing everyone to install all apps and 
having group chats scattered across them is creating a completely horrid 
UX for end users.  Users should have freedom to choose their preferred 
UX if they desire.

> If people want to reach *any* other user, they pick Facebook or e-mail.
> An additional federated system stands no chance of getting established
> here since Facebook is already reducing the importance of e-mail. So
> the great integrating platforms are already there.

Again, I think this is an errantly black & white interpretation:

  * Facebook could easily move from dominance, just like the many waves 
of change that have preceded it.  There's absolutely room for new comms 
technology, whether it obfuscates metadata or federates or whatever - so 
long as it actually differentiates and builds a community.

  * Facebook may be replacing email for social contact (alongside a 
whole range of technologies like SMS, WhatsApp etc), but email is here 
to stay just as much as the PSTN as a genuinely ubiquitous federated 
technology for a huge range of other use cases - for instance, it's 
literally still the only standard federated technology out there for 
businesses to exchange data!

>> For friends staying in touch, I genuinely believe that many users
>> get frustrated between having to juggle 5 or more different
>> messaging apps of differing quality.  It's not such a pain point
>> that there's rioting in the streets, but it's more of a "slowly
>> boiled frog" problem - it's just an ambient inconvenience that keeps
>> slowly rising so you don't realise just how inconvenient it is.  If
>> you could only mail Gmail users from Gmail and Hotmail users from
>> Hotmail, users would squeal with pain.  So why accept it for
>> IM/VoIP?
> Well, ironically the people that seek out strange islands of
> communication where they can be by themselves, distant from peers
> they would not want to socialize with - are exactly the cool influencers
> that make such strange platforms a hip place to be, so more and more
> people follow, but the isolation from the regular platforms such as
> Facebook was essential in this becoming a reality in the first place.
> It is therefore pointless to later complain that the market is fragmented
> if the users seeked out for such a fragmentation in the first place.

Again, *some* trendsetting users seek out fun new silos to trailblaze 
(e.g. crypto enthusiasts proudly enthusing about their latest 
metadata-obfuscating messaging app ;)

The majority of the rest of the population get pulled behind, trying to 
keep up, and it creates a problem of creeping terrible UX; inextensible 
and closed communication platforms; vendor lock-in; and is completely 
contrary to the idea of data liberation and letting users pick the apps 
& services *THEY* want.

> And among all the huge problems we have with the Internet.. the
> threats it is posing to democracy (see Assange/Appelbaum/Maguhn/Zimmermann
> 2012), crying about the cool kids having forced you into installing
> 5 different chat apps is quite a distraction in the area of irrelevance.

Well, I genuinely applaud you & GNUnet for your mission to give folks 
the ability to protect themselves from malicious governments.

Meanwhile, Matrix's mission is to provide a simple extensible platform 
to allow realtime data interchange with decentralised persistence: 
basically a read/write Web with pubsub.  And just as the Web itself is 
huge vehicle for social justice and democracy (even without metadata 
obfuscation and even without crypto!!), I believe Matrix can make the 
world a better place too.

This is simply orthogonal to metadata privacy: if folks want metadata 
privacy they should use a different system (for now).  And hopefully 
down the line Matrix can sprout metadata-protecting flavours (just as 
PSYC1 is evolving to PSYC2), or we can work out a way to make PSYC2 and 
Matrix play nice together whilst not compromising the security model, or 

But I don't buy that metadata privacy should be table stakes for any new 
communication tech.  Sure, it's a great differentiator for GNUnet.  But 
there are other useful features users might value too.


>> should be able to choose what client they use to communicate via,
>> and what services they trust with their data, without being locked
>> into specific vendors and having their communication fragmented all
> I don't know of any case where this old federation legend actually
> proved true. Did federation ever help people getting out of the
> stranglehold of a specific service provider? Migrating your email
> address is a pain in most cases, even if you pay for .forward services -
> you still have large parts of your social surroundings using that old
> address rather than your current one. XMPP has never had a functioning
> and generally implemented protocol for migrating accounts. PSYC at least
> has the necessary _redirect_permanent message code, but even we left
> the implementation of that in the TODO file.

This is a failure of old-school federation systems like SMTP/XMPP/PSYC. 
  To be honest, we've also punted on the migration/porting question in 
v1 of Matrix (but it's on the radar for v2 or v3).  It's worth noting 
that it's a *really* useful feature (however painful the process is) for 
consumers on GSM.

It's worth noting that Matrix's semantics of federation really are 
nothing like SMTP and XMPP.  The building block in Matrix is 
*synchronising history*, not message passing.  This makes both 
interoperability and federation much more compelling: if I'm basically 
using different apps as different UI/UX for viewing the same 
decentralised conversation database, the motivation to move between apps 
(or services, in future) and pick the best app becomes much stronger. 
Just like users love picking their preferred email client or GSM 
handset, I expect them to love picking their favourite Matrix client... 
without losing their identity or conversation history.

>> Meanwhile there are use cases like workplace communication where
>> users *definitely* want all their comms in a single tool of your own
>> choice, rather than fragmented all over the place.
> So they'll start using a new one.

Have you ever seen how painful it is to migrate users to new intranet 
tools?  Not to mention that the world of business (by which i basically 
mean 'professional interaction') is dedicated to millions of different 
islands (organisations) desperately trying to collaborate on different 
projects, and discovering that email is still about the only thing they 
actually have in common which lets them own and manage their own IP/data.

>>> So what exactly is Matrix doing? Giving the entire WebRTC
>>> community a sense of togetherness until the next Faceboogle
>>> takes over WebRTC and turns it into a de-facto closed system
>>> because all my friends are on it, so I won't be using your
>>> little webserver to call them...?
>> Well, Hangouts & FB Messenger are both WebRTC-based these days, so I
>> don't have to wait for a new Faceboogle :)
> Why on Earth should they care to interop? One of them is the stronger
> and has an interest in draining the other. And they both have no
> interest in letting small businesses have a piece of the cake.

FB makes its money by selling ads through its apps; it clearly has no 
incentive to support 3rd party apps.

Google makes it money by selling ads across the whole internet; its main 
incentive is to grow the internet in general.  Investing in open 
technologies like WebRTC or perhaps Matrix is part of that.  The 
monomania of trying to compete with FB via G+ seems to be fading.

>> Matrix simply defines an easy HTTP API for storing & synchronising
>> communication history in a tamper-resistent decentralised manner.
>> And we obviously are trying to bridge in as many conversations as we
>> can.
> Yes, but they could have come up with that themselves if it
> served them a purpose. Hell, I even coded a WebRTC signaling
> protocol myself... a year ago with fippo. It didn't need any
> of the advanced features of PSYC or Matrix, so we did it with XMPP.

Sure, everyone and their dog can design their own signalling scheme. 
And if you categorically will never need persistence, federation, e2e 
crypto, or any of the other goodies that Matrix provides, then perhaps 
it'll be quicker to write your own rather than use an existing library. 
  Arguing that "anyone can invent their own library if it serves their 
purpose" seems a little specious ;)

>> Honestly, if it means only that my workplace IRC server can
>> collaborate easily with the corporate Lync and Jabber servers, I'd
>> consider it a win.  If it means that random WebRTC sites get easy
> psyced has been integrating IRC, XMPP and native PSYC for about
> fifteen years now, bridging among worlds - giving IRCers a
> culturally acceptable way to talk to Jabber folks. So what?
> Only some thousand nerds ever cared to have that. The rest
> has installed something like pidgin and let the worlds co-exist
> without gatewaying or federation.

So, the reason I came across PSYC however many years ago was (briefly) 
running a psyced for precisely this purpose.  I think the main reason 
why it had limited uptake is that the UI/UX of the app felt aggressively 
non-mainstream: an extreme poweruser tool without any reassuring visible 
end-user facing benefits/community/glossiness to showcase its benefits 
on make anyone but those 1000 geeks want to use it.  Also I seem to 
remember that there were some weird impedance mismatches between the 
various protocols - I forget the specifics now, but I ended up writing 
off the XMPP<->PSYC<->IRC bridging as an interesting experiment that 
wasn't really intended for primetime, and that the majority of the 
effort looked to be going into the pure-PSYC side of things.

> If we want open standards on the Internet, we need to influence
> our governments to impose such standards by law. Anything else
> does not work neither with the customers nor with the companies,
> unless in very very rare constellations when companies indeed
> agree to make an open standard to attack the market leader.
> But then the political condition is relevant, not the standard.
> And the standard they will choose will always suck. And it will
> always lose its relevance once the market leader got defeated.

I agree that regulation is one way to force folks to use an open standard.

But the assertion that open standards formed to attack market leaders 
will always suck and lose relevance is just bogus.  If a standard 
exists, works, and it brings value to members of a community, they will 
use it.  Whether it takes over the whole world or not is another story 
of course, but the whole internet owes its existence to IP federation 
between organisations, just as much of the modern Web exists thanks to 
HTTP API federation between organisations.

Providing competent tools for building extensible decentralised 
federated platforms like IP and the web is something worth fighting for.

> And who is the market leader that would motivate Google and Apple to
> team up with a common standard?

Perhaps Facebook.  Perhaps the long-tail of next-generation 
WebRTC-backed solutions which happily interoperate via Matrix, leaving 
Google & Apple to really look like dinosaurs who refuse to join in the 

Just as even Microsoft eventually ditched X.400 in favour of SMTP when 
it became apparent that SMTP had won the mail protocol war, it's 
possible to consider that Apple might open up FaceTime if its users were 
voting with their feet and buying other hardware because it seemed 
archaic and over-controlling to be trapped in the FaceTime silo.

> Who is the regulatory body that
> would enforce such a standard on them?

A forward-looking government who wants to avoid monopolies or protect 
citizens from vendor-lock-in might consider enforcing interoperability. 
  Just as telco regulators enforce GSM portability.

> It's always the small guys joining the open standard, then taking
> it over. Think Microsoft when the chat market was split among ICQ,
> AOL and IRC. They ran all around IETF recruiting people to join
> them in making the largest IRC-compatible open standard new
> messaging system. Once Messenger took off, all the "open" and "IRC"
> rhethoric disappeared since they managed to get a large chunk of
> the cake without all the political correctness, instead they added
> compatibility in the clients by hacking the AIM protocol - against
> the will of AOL.

This is why we're just putting the tech out there as a de-facto 
standard, just as you did with PSYC, or the XMPP guys did with XMPP. 
And obviously we will fight to the death to keep it open and not annexed 
by any closed forces.

> So if you want to play this game, you first need to find a way to
> HACK both Hangouts and FaceTime without Google and Apple liking it!

We're not in the business of rev-enging into anyone's platforms.  If 
Google/Apple feel that participating in the Matrix ecosystem is of 
benefit to them, then they'll join.

Otherwise, hopefully, the ecosystem of smaller and newer players will 
make the most of Matrix and showing that consumers /can/ care about 
interoperability if it's clearly linked to improved UX, and eventually 
Google/Apple will reconsider.

>> My point was more that *any* constructed language is never going to
>> conquer the world, no matter how easy to learn and elegant it is,
> You can't compare any language that takes learning to a piece
> of software that just needs a click on the install button.

Okay, fair enough - i misunderstood that you were adovcating for users 
to ditch all their existing comms channels for GNUnet.

>> So, my argument is we need to fix both
>> problems: providing options for folks to use which are resilient to
>> pervasive surveillance... as well as provide a modern way to link
>> the islands together for those users & islands who care about this.
> Get friends with regulatory bodies. I don't think anything else can
> force companies into playing this game.

It certainly wouldn't hurt.  But the other body who can force companies 
into playing this game are the end-users. *IF* one can find a way to 
show clear benefit to doing so.  And yes, this is hard, but just because 
everyone else has failed so far doesn't mean that we shouldn't try :)

>> And even if Matrix doesn't end up being used for federation, it's
>> still a pretty useful decentralised persistent messaging bus :)
> If it weren't yet another threat to democracy for its
> lack of metadata protection.

Perhaps we'll get there in the end :)

Matthew Hodgson

More information about the Messaging mailing list