Welcome to the Matrix 1.12! It’s been just over 3 months since Matrix 1.11 introduced authenticated media, and today we’re bringing more Trust & Safety features to the ecosystem, alongside the normal clarifications and general improvements to the protocol. This release is also technically a few days late on the quarter, but it’s for good reason! Folks from across the ecosystem got together in Berlin for the Matrix Conference, and after things wrapped up we were busy following up on ideas started on site. We can’t wait to see all of these ideas materialize as MSCs, but in the meantime, back to the honorary Q3 release of the spec:
Matrix 1.12 marks the recommended date for all servers to enable their media freeze, similar to matrix.org’s back in early September 2024. Servers which haven’t yet enabled their media freeze are strongly encouraged to do so, if it makes sense for their users. Matrix 1.12 also brings some improvements and clarifications to authenticated media, and a total of 9 MSCs covering a wide range of features.
Read on for a few highlights, and the full changelog at the end of this post.
Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.
Lots of interesting MSCs came in this week! Note that last week's are also listed as the spec update was skipped.
A swath are looking to improve moderation in Matrix, while others aiming to improve the story around notifications and end-to-end encrypted bridges. There's also been lots of discussion on the hot MSC4133: Extending User Profile API with Key:Value pairs, which can be built upon with spec'd profile fields such as m.timezone (MSC4175).
MSC4208 is the result of splitting out the custom fields portion of that MSC, as it was determined that that portion of MSC4133 needed further discussion before merging.
...and a whole lot more. Check out the release notes for the full set of changes!
Thank you to all our contributors for helping to make Synapse the best it can be.
As always, feel free to stop by #synapse:matrix.org to join in on the discussion and if you encounter a bug make sure to report it here.
We had our first Governing Board gathering today at the Matrix Conference in Berlin, with 17 of the 20 members present (4 of which joined remotely)! We got to know each other a little better and discussed many things including Trust & Safety and how we communicate with each other and with the community.
Since this wasn't an official meeting, no votes were taken. The first official meeting of the Governing Board will be taking place soon!
The Matrix Conference 2024 is over, the videos are being cooked and the slides are being uploaded.
We'll be sharing the recordings with you as soon as they're ready.
In the meantime, a big thanks to everyone who attended, spoke, and helped make it happen. We hope you had a great time and learned a lot about Matrix and the community. We hope to see as many or more of you next year!
Back at FOSDEM in February we showed off how Matrix could be used for E2EE-preserving messaging interoperability as required by the Digital Markets Act messaging interoperability - and we announced that Element had been working with Meta on integrating with its DMA APIs in order to connect WhatsApp to Matrix. You can see the video here, and we also demoed interop working at the technical level to the European Commission a few days beforehand.
Subsequently WhatsApp launched its DMA portal on March 8th, and the proposed Reference Offer (i.e. the terms you have to accept as a Requesting Party in order to interoperate) was revealed. The Reference Offer for Facebook Messenger was launched on September 6th. At the time of the WhatsApp launch we flagged up some significant unresolved questions - the main points being that:
WhatsApp would require their users to manually enable DMA in settings before they can receive any traffic from interconnecting service providers (e.g. Element) - meaning that WhatsApp users would not be reachable by default.
WhatsApp would require the client IP of any interconnecting users, in order to apply ‘platform integrity’ anti-abuse / trust & safety controls.
WhatsApp would not allow an interconnecting service to buffer messages serverside.
WhatsApp would require each Matrix server provider to sign a separate agreement in order to interconnect - i.e. you can’t bridge other server’s users unless those servers have signed a contract with Meta.
Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.
A further call to developers, protocol designers, and future MSC writers to attend the "Authenticated media & how to ship spec features" and MSC Process Guidance talks in LAB 4 at this year's Matrix Conference! We'll be discussing the spec process itself, as well as how large features (and breaking changes in the spec) get designed, developed, and deployed with support from the MSC process.
If you're thinking about how to get your idea for a feature out in the hands of users, these talks are for you!
Earlier in the week matrix.org started requiring authentication to access media, and it looks like most users didn't notice (a good thing)! Smooth rollouts like this are thanks in large part to the developer ecosystem preparing users for the change with code - thank you to everyone who has been working hard at improving how media is shared in Matrix ❤️.
There's always going to be problems which reveal themselves after the deployment happens, and it looks like most of the issues we're tracking have workarounds or patches on the way. If you're seeing errors for images/files, please update your client. Web users may need to refresh the page multiple times before things start working because of how browsers (don't) work. If you're still seeing issues, it may be a bug in your client: please report it to the developers so they can take a look.
Developers, protocol designers, and future MSC writers may also be interested in "Authenticated media & how to ship spec features" in LAB 4 at this year's Matrix Conference in just a couple of weeks! We'll be discussing how such a massive feature (and technically breaking change in the spec) gets designed, developed, and deployed with support from the MSC process - if you're thinking about how to get your idea for a feature out in the hands of users, this talk is for you. The advice should be transferable to features smaller than authenticated media too, hopefully 😇
Something we're excited to see is several servers have already enacted their media freeze for unauthenticated media! Matrix.org is doing so on Wednesday, September 4th, 2024 (just a few days away) during UK business hours. Other Synapse admins can enable this freeze on their servers by setting enable_authenticated_media: True in their homeserver.yaml. Admins using other server projects should consult their documentation, though please note that some projects are actively working on adding relevant support.
For those interested in statistics, matrix.org is seeing about 80% of requests being authenticated so far. We anticipate this number will rise before Wednesday, but not significantly.
It’s been a few weeks since we announced the deprecation of libolm. Since then, we’ve fielded some questions on the subject and thought it would be helpful to collect this context in a blog post.
Since then, various client implementations have migrated to vodozemac. Notably, all versions of Element, Element X, Fractal, iamb and other matrix-rust-sdk based clients and their forks already use vodozemac, and platforms using matrix-js-sdk can also use vodozemac instead of libolm.
