FOSDEM 2024 Wrap Up

08.02.2024 16:00 — FOSDEMThib

This year again the Matrix.org Foundation was at FOSDEM, and what a huge energy boost it has been for us! Between a Fringe Event for the Matrix community to gather, a booth where the vast majority of people came by to show their support for our work, a devroom with four hours of awesome Matrix content, and last but not least a main track talk where Matthew covered what we had been doing for the past year… It has been a very intense weekend!

Continue reading…

This Week in Matrix 2024-02-02

02.02.2024 00:00 — This Week in MatrixHubert Chathi

Matrix Live

No Matrix Live this week, but there will be plenty of Matrix talks (live!) on Sunday at FOSDEM in the Matrix devroom, and at Matthew's main track talk. The talks are livestreamed, so you can follow even if you aren't at FOSDEM (or if you are in FOSDEM but the room is full). If you are at FOSDEM, you can also find live Matrix people at the matrix.org stand in Building K, level 2.

Dept of Status of Matrix 🌡️

Josh Simmons announces

Announced today during the EU Open Source Policy Summit in Brussels, the Matrix.org Foundation and Mozilla have joined OpenForum Europe as supporters. OpenForum Europe has proven an effective convener and advocate for open source and open standards in Europe, and we’re glad to help further that work.

Josh Simmons announces

This week the Matrix.org Foundation launched a new fundraiser, shared some high level budget figures, and kicked off a series diving into our emerging roadmap!

We’ve made huge strides over the last year, with the Foundation more robust and independent than ever before, and there’s a lot to be excited about in the future. Critically, we still need more organizations to step up to fund our work before January 2025.

Huge thanks to Beeper, Gematik, Fractal Networks, Fairkom, Thunderbird, and the hundreds of individuals who have already stepped up! Learn more in our blog post and become a member today 🚀

Continue reading…

A roadmap and appeal for help from The Matrix.org Foundation

30.01.2024 17:00 — FoundationJosh Simmons

A new fundraising drive

Today we launch a new fundraising drive, talk about the scope of the Foundation's work, and begin to unpack our emerging roadmap for the future. There is a lot going on and we need your help to keep it going!

At the end of 2022 Matthew and Amandine sounded the alarm: the Foundation needed more support. To deliver that, they launched the Foundation's membership program. They also introduced open governance, and committed to hiring a Managing Director to act as a robust, neutral steward.

You can help: If you are already sold on Matrix, become a member today. To find out how the last year has gone, and how your support helps us to serve the Matrix ecosystem, read on.

Over the last year, there are lots of positive, healthy signs for Matrix. New members like Beeper and gematik — and hundreds of individuals ​— boosted our annual revenues from £82K to £364K. The open network has grown from 80.3M to 115M addressable users. We've invested in long-term interoperability efforts at the IETF. And we've shifted focus from experiments to polish, usability, and advocacy.

We've supported development of core libraries, and subsidize hosting for FOSS communities like GNOME and KDE. The Foundation runs the Matrix.org homeserver, with over 250K daily active users, and operates several public bots and bridges. And indeed, the Foundation hired a Managing Director 👋.

You'll find a full accounting of our 2023 activity and finances in our first Annual Report, slated to come out around April 2024.

Continue reading…

This Week in Matrix 2024-01-26

26.01.2024 00:00 — This Week in MatrixThib

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

  • There were no new MSCs this week.

MSCs in Final Comment Period:

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Update

For those familiar with Travis' weekly task lists of MSCs for the Spec Core Team to review in the Office of the Matrix Spec Core Team room, a new weekly list is now being posted in the Matrix Spec & Docs Authoring room. This list is aimed at technical writers who can help by converting MSC authors' words into PRs against the spec text itself.

This is the final step for getting an MSC integrated into a new release of the Matrix spec, and anyone can try their hand at it! It would also very much help the Spec Core Team by freeing up more bandwidth for review of the MSC backlog, as well as push forward the protocol itself. Thank you!

If you have any questions, feel free to ask them in the relevant Matrix rooms.

Random MSC of the Week

The random MSC of the week is... MSC4003: Semantic table attributes!

This MSC proposes expanding the set of suggested, interpreted HTML tags in Matrix clients to include additional tags related to tables. With them, more control over table rendering is possible. The proposal itself includes one such (albeit fairly arbitrary) example

The proposal is well-written and straight-forward, so do feel free to have a look if the subject interests you!

Continue reading…

Open letter to EU Member States on the proposed CSA Regulation

22.01.2024 00:00 — FoundationDenise Almeida

We join our voices to technology companies, trade associations and other supporters in asking EU member states to align the Council's position on the CSA Regulation to the position agreed by the Parliament.

Safeguarding encryption should be a priority in negotiations, ensuring the protection of rights and freedoms around privacy and security of communications.

A copy of the open letter sent to ministers can be read below.

Open letter to EU Member States on the proposed CSA Regulation

Dear Ministers of the Interior, Justice, and Economy of EU Member States,

We write to you as small and medium-sized companies and organizations from Europe, concerned about the proposal for a Regulation on Child Sexual Abuse (CSA). Collectively, we call on you to ensure that your country’s position on this file is brought as close as possible to the European Parliament’s (EP) one. We all agree that ensuring children are safe online is one of the most important duties of tech companies and for this reason, we find the European Commission’s proposed Regulation extremely worrying. If it were implemented as proposed, it would negatively impact children’s privacy and security online, while also having dramatic unforeseen consequences on the EU cybersecurity landscape, on top of creating an ineffective administrative burden1. The European Parliament recently adopted its position on the file, acknowledging that scanning technologies are not compatible with the aim of having confidential and secure communications. The crucial changes it therefore puts forward for the proposal reflect the opinions of the European Data Protection Supervisor (EDPS), the Council legal services as well as countless experts in cryptography and cybersecurity2. It also reflects the opinion of between 63% and 69% of the companies, public authorities, NGOs and citizens consulted by the European Commission in its Impact Assessment3. As small and medium-sized tech companies and organizations, we share their concerns as we know that looking for specific content – such as text, photos and videos – in an end-to-end encrypted communication would require the implementation of a backdoor, or of a similar technology called “client-side scanning”. Even if this mechanism is created with the purpose of fighting crime online, it would also quickly be used by criminals themselves, putting citizens and businesses more at risk online by creating vulnerabilities for all users alike.

Data protection is a strong competitive advantage

As tech companies operating within the European Union, we have built products and services in line with the strong data protection framework of the EU which still serves as an example and inspiration across the world.

The GDPR allowed for the creation of ethical, privacy-first tech companies in Europe, that would otherwise never have been able to compete against Big Tech. It gave European companies a strong competitive advantage in that field internationally and allowed consumers to finally be able to find alternatives to American and Chinese services. Our users, both within the EU and beyond, have come to trust our commitment to safeguarding their data and this trust is a key driver of our competitiveness. The learning curve for adapting to the necessary administrative burden brought about by the GDPR was high but was worth it. However, the CSA Regulation could threaten this unique selling point of European IT companies and would also add a new administrative burden which we fear could overwhelm both our companies and law enforcement bodies. Considering the volume of communications and content transiting through our services, even an insignificant error rate of the technologies applied to scan for abusive material would result in millions of false positives to be manually reviewed every day.

The CSA Regulation could erode trust and safety online

In a world where data breaches and privacy scandals are increasingly common, the EU's reputation for stringent data protection is a unique selling point for businesses operating within its borders. It provides us with a competitive edge, assuring our customers that their information is handled with the utmost care and integrity. This trust, once eroded, is challenging to rebuild, and any measures that compromise it such as mandatory scanning, or mandatory age verification have the potential to harm businesses both large and small. Furthermore, the EU has recently adopted Regulation 2023/2841, which mandates that EU Institutions and bodies to consider the use of end-to-end encryption among their cybersecurity risk-management measures. There are also multiple ‘cyber’ EU proposals currently on the table, such as the Cyber Resilience Act and the Cybersecurity Act. Supporting an opposite approach for the CSA Regulation would only undermine the EU cybersecurity framework creating a contradictory, incoherent and inefficient new set of measures that companies would not be able to enforce without putting citizens and businesses at risk.

The EU Parliament's proposal goes in the right direction

Therefore, we applaud the European Parliament for its resolute stance in defending the European citizens' right to privacy and secure communication. The European Parliament’s commitment to these principles is not only a testament to its dedication to human rights, but also a beacon of hope for businesses like ours that prioritize data protection and security. The position of the Parliament includes alternatives to scanning which have a minimal impact on cybersecurity and data protection, and which experts believe would be both more effective and more efficient than mandatory scanning. Such changes of paradigm would mean going beyond the false dichotomy between privacy and security, while also making the proposal respect the proportionality principle, as requested by the Regulatory Scrutiny Board. Even if not perfect in our eyes, the changes the European Parliament made in its position are a good compromise to maintain digital security and confidentiality and to better protect children online. We believe that these changes strike the right balance between child protection and safeguarding privacy and cybersecurity.

As representatives of the vibrant European small businesses community, we encourage EU Member States to continue championing the values of privacy, cybersecurity and data protection. These principles not only align with the EU's commitment to human rights, but also serve as a foundation for a thriving and competitive business environment. Let us defend and strengthen these principles, ensuring that the EU remains an advocate of privacy in the global marketplace.

For these reasons we call on you to:

  • Ensure that Council’s position is aligned as closely as possible to the European Parliament’s. This will allow for a swifter adoption of the Regulation while building on the important work of the European Parliament.
  • Maintain the high level of fundamental rights - and in particular data protection – enjoyed by citizens in the European Union.
  • Refrain from forcing companies like us to conduct mass surveillance of private correspondence on behalf of law enforcement agencies.
  • Guarantee a high level of cybersecurity in the EU by protecting end-to-end encryption and bringing the necessary safeguards in the text. Client-side scanning and backdoors in particular should not be mandated.
  • Preserve the confidentiality of correspondence.
  • Minimize the administrative burden of the proposal by making it more effective and efficient, through alternatives to mass scanning.

Signed,

  • Blacknight Solutions (Ireland)
  • Element (United Kingdom)
  • Mail.de GmbH (Germany)
  • Matrix Foundation (United Kingdom)
  • Nextcloud (Germany)
  • Open-Xchange (Germany)
  • Renvis (Greece)
  • TelemetryDeck (Germany)
  • Tresorit (Switzerland)
  • E Foundation (France)
  • Logilab (France)
  • Mailfence (Belgium)
  • Murena (France)
  • Olvid (France)
  • Proton (Switzerland)
  • Surfshark (Lithuania)
  • Threema (Switzerland)
  • Tuta (Germany)

Trade associations and supporters:

  • ACT | The App Association
  • Defend Democracy
  • Gate 15
  • Myntex
  • Quilibrium
  • Studio Legale Fabiano
  • Cyberstorm
  • Encryption Europe
  • ISOC-CAT
  • Privacy & Access Council of Canada
  • SecureCrypt
1

A detailed summary of the proposal, drafted by the NGO EDRi, is available here: https://edri.org/our-work/private-and-secure-communications-put-at-risk-by-european-commissions-latest-proposal/

2

For more information, you can read their statement from July 2023: https://edri.org/wp-content/uploads/2023/07/Open-Letter-CSA-Scientific-community.pdf

3

See in particular page 134 of the impact assessment: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52022SC0209

This Week in Matrix 2024-01-19

19.01.2024 00:00 — This Week in MatrixThib

Matrix Live

Dept of Status of Matrix 🌡️

Josh Simmons announces

Have you seen the Stack Overflow Developer Survey results for 2023?!

Of the 83,830 folks surveyed, Matrix was the #1 chat tool in terms of current users' satisfaction. It was also rated as the most desirable among the open source tools with open governance, but there is a lot of room for improvement in awareness. We’re excited to build on this 2024! 🚀

Continue reading…

This Week in Matrix 2024-01-12

12.01.2024 00:00 — This Week in MatrixThib

Matrix Live

No Matrix Live this week, but a YouTube playlist of the Matrix talks given at FrOSCon!

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

  • There were no new MSCs this week.

MSCs in Final Comment Period:

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Update

For those familiar with Travis' weekly task lists of MSCs for the Spec Core Team to review in the Office of the Matrix Spec Core Team room, a new weekly list is now being posted in the Matrix Spec & Docs Authoring room. This list is aimed at technical writers who can help by converting MSC authors' words into PRs against the spec text itself.

This is the final step for getting an MSC integrated into a new release of the Matrix spec, and anyone can try their hand at it! It would also very much help the Spec Core Team by freeing up more bandwidth for review of the MSC backlog, as well as push forward the protocol itself. Thank you!

If you have any questions, feel free to ask them in the relevant Matrix rooms.

Random MSC of the Week

The random MSC of the week is... MSC4003: Semantic table attributes!

This MSC proposes expanding the set of suggested, interpreted HTML tags in Matrix clients to include additional tags related to tables. With them, more control over table rendering is possible. The proposal itself includes one such (albeit fairly arbitrary) example

The proposal is well-written and straight-forward, so do feel free to have a look if the subject interests you!

Continue reading…

Migrating from EMS to self-hosted Matrix

04.01.2024 17:00 — GuidesJosh Simmons

Running my own Matrix homeserver

I confess I'm awfully chuffed with myself as we return from the holiday break. I just completed a successful migration of my main Matrix account from managed hosting to a homeserver that I run for myself on a virtual private server (VPS).

The whole experience has been illuminating, and there are some specific details that are timely for people like me who needed to migrate off of Element Matrix Services (EMS) as they pivot to focus on enterprise.

Thus, this blog post. I'm going to share my experience in hopes that it'll help some folks with that migration!

Continue reading…