Foundation

A new fundraising drive

Today we launch a new fundraising drive, talk about the scope of the Foundation's work, and begin to unpack our emerging roadmap for the future. There is a lot going on and we need your help to keep it going!

At the end of 2022 Matthew and Amandine sounded the alarm: the Foundation needed more support. To deliver that, they launched the Foundation's membership program. They also introduced open governance, and committed to hiring a Managing Director to act as a robust, neutral steward.

You can help: If you are already sold on Matrix, become a member today. To find out how the last year has gone, and how your support helps us to serve the Matrix ecosystem, read on.

Over the last year, there are lots of positive, healthy signs for Matrix. New members like Beeper and gematik — and hundreds of individuals ​— boosted our annual revenues from £82K to £364K. The open network has grown from 80.3M to 115M addressable users. We've invested in long-term interoperability efforts at the IETF. And we've shifted focus from experiments to polish, usability, and advocacy.

We've supported development of core libraries, and subsidize hosting for FOSS communities like GNOME and KDE. The Foundation runs the Matrix.org homeserver, with over 250K daily active users, and operates several public bots and bridges. And indeed, the Foundation hired a Managing Director 👋.

You'll find a full accounting of our 2023 activity and finances in our first Annual Report, slated to come out around April 2024.

Continue reading…

We join our voices to technology companies, trade associations and other supporters in asking EU member states to align the Council's position on the CSA Regulation to the position agreed by the Parliament.

Safeguarding encryption should be a priority in negotiations, ensuring the protection of rights and freedoms around privacy and security of communications.

A copy of the open letter sent to ministers can be read below.

Open letter to EU Member States on the proposed CSA Regulation

Dear Ministers of the Interior, Justice, and Economy of EU Member States,

We write to you as small and medium-sized companies and organizations from Europe, concerned about the proposal for a Regulation on Child Sexual Abuse (CSA). Collectively, we call on you to ensure that your country’s position on this file is brought as close as possible to the European Parliament’s (EP) one. We all agree that ensuring children are safe online is one of the most important duties of tech companies and for this reason, we find the European Commission’s proposed Regulation extremely worrying. If it were implemented as proposed, it would negatively impact children’s privacy and security online, while also having dramatic unforeseen consequences on the EU cybersecurity landscape, on top of creating an ineffective administrative burden¹. The European Parliament recently adopted its position on the file, acknowledging that scanning technologies are not compatible with the aim of having confidential and secure communications. The crucial changes it therefore puts forward for the proposal reflect the opinions of the European Data Protection Supervisor (EDPS), the Council legal services as well as countless experts in cryptography and cybersecurity². It also reflects the opinion of between 63% and 69% of the companies, public authorities, NGOs and citizens consulted by the European Commission in its Impact Assessment³. As small and medium-sized tech companies and organizations, we share their concerns as we know that looking for specific content – such as text, photos and videos – in an end-to-end encrypted communication would require the implementation of a backdoor, or of a similar technology called “client-side scanning”. Even if this mechanism is created with the purpose of fighting crime online, it would also quickly be used by criminals themselves, putting citizens and businesses more at risk online by creating vulnerabilities for all users alike.

Data protection is a strong competitive advantage

As tech companies operating within the European Union, we have built products and services in line with the strong data protection framework of the EU which still serves as an example and inspiration across the world.

The GDPR allowed for the creation of ethical, privacy-first tech companies in Europe, that would otherwise never have been able to compete against Big Tech. It gave European companies a strong competitive advantage in that field internationally and allowed consumers to finally be able to find alternatives to American and Chinese services. Our users, both within the EU and beyond, have come to trust our commitment to safeguarding their data and this trust is a key driver of our competitiveness. The learning curve for adapting to the necessary administrative burden brought about by the GDPR was high but was worth it. However, the CSA Regulation could threaten this unique selling point of European IT companies and would also add a new administrative burden which we fear could overwhelm both our companies and law enforcement bodies. Considering the volume of communications and content transiting through our services, even an insignificant error rate of the technologies applied to scan for abusive material would result in millions of false positives to be manually reviewed every day.

The CSA Regulation could erode trust and safety online

In a world where data breaches and privacy scandals are increasingly common, the EU's reputation for stringent data protection is a unique selling point for businesses operating within its borders. It provides us with a competitive edge, assuring our customers that their information is handled with the utmost care and integrity. This trust, once eroded, is challenging to rebuild, and any measures that compromise it such as mandatory scanning, or mandatory age verification have the potential to harm businesses both large and small. Furthermore, the EU has recently adopted Regulation 2023/2841, which mandates that EU Institutions and bodies to consider the use of end-to-end encryption among their cybersecurity risk-management measures. There are also multiple ‘cyber’ EU proposals currently on the table, such as the Cyber Resilience Act and the Cybersecurity Act. Supporting an opposite approach for the CSA Regulation would only undermine the EU cybersecurity framework creating a contradictory, incoherent and inefficient new set of measures that companies would not be able to enforce without putting citizens and businesses at risk.

The EU Parliament's proposal goes in the right direction

Therefore, we applaud the European Parliament for its resolute stance in defending the European citizens' right to privacy and secure communication. The European Parliament’s commitment to these principles is not only a testament to its dedication to human rights, but also a beacon of hope for businesses like ours that prioritize data protection and security. The position of the Parliament includes alternatives to scanning which have a minimal impact on cybersecurity and data protection, and which experts believe would be both more effective and more efficient than mandatory scanning. Such changes of paradigm would mean going beyond the false dichotomy between privacy and security, while also making the proposal respect the proportionality principle, as requested by the Regulatory Scrutiny Board. Even if not perfect in our eyes, the changes the European Parliament made in its position are a good compromise to maintain digital security and confidentiality and to better protect children online. We believe that these changes strike the right balance between child protection and safeguarding privacy and cybersecurity.

As representatives of the vibrant European small businesses community, we encourage EU Member States to continue championing the values of privacy, cybersecurity and data protection. These principles not only align with the EU's commitment to human rights, but also serve as a foundation for a thriving and competitive business environment. Let us defend and strengthen these principles, ensuring that the EU remains an advocate of privacy in the global marketplace.

For these reasons we call on you to:

• Ensure that Council’s position is aligned as closely as possible to the European Parliament’s. This will allow for a swifter adoption of the Regulation while building on the important work of the European Parliament.
• Maintain the high level of fundamental rights - and in particular data protection – enjoyed by citizens in the European Union.
• Refrain from forcing companies like us to conduct mass surveillance of private correspondence on behalf of law enforcement agencies.
• Guarantee a high level of cybersecurity in the EU by protecting end-to-end encryption and bringing the necessary safeguards in the text. Client-side scanning and backdoors in particular should not be mandated.
• Preserve the confidentiality of correspondence.
• Minimize the administrative burden of the proposal by making it more effective and efficient, through alternatives to mass scanning.

Signed,

• Blacknight Solutions (Ireland)
• Element (United Kingdom)
• Mail.de GmbH (Germany)
• Matrix Foundation (United Kingdom)
• Nextcloud (Germany)
• Open-Xchange (Germany)
• Renvis (Greece)
• TelemetryDeck (Germany)
• Tresorit (Switzerland)
• E Foundation (France)
• Logilab (France)
• Mailfence (Belgium)
• Murena (France)
• Olvid (France)
• Proton (Switzerland)
• Surfshark (Lithuania)
• Threema (Switzerland)
• Tuta (Germany)

Trade associations and supporters:

• ACT | The App Association
• Defend Democracy
• Gate 15
• Myntex
• Quilibrium
• Studio Legale Fabiano
• Cyberstorm
• Encryption Europe
• ISOC-CAT
• Privacy & Access Council of Canada
• SecureCrypt

Forging our future with Matrix

As 2023 winds down and I find myself in the thick of planning for 2024, I’d like to start preparing all of us in the Matrix ecosystem for what is to come.

Next year will mark a number of important milestones in the history and evolution of Matrix: the protocol will mark its 10th birthday, we’ll see key initiatives in the spec cross the finish line, and we’ll seat the first ever community-elected Governing Board.

The election of our first Governing Board is what I’d like to focus on today, because it is a huge milestone on the path to an independent, self-sustaining, and self-governing ecosystem. When we celebrate Matrix’s 20th birthday, we’ll look back and our history will be divided much the same way it is in other ecosystems: before and after incorporating a foundation, and before and after introducing community governance.

Let’s talk about what the Governing Board is, why it matters, and how to get involved!

Continue reading…

A letter from the Managing Director

Hello, world! My name is Josh Simmons and it is a joy and a privilege to introduce myself as the first Managing Director of The Matrix.org Foundation. While I’m no stranger to open source and I have been a Matrix user for several years, I am new to the Matrix community and so I’d like to share a little about myself and the work we have ahead of us.

Continue reading…

Hi all,

Today is a big day! As you know, over the last few months we’ve been searching for a Managing Director to join the Matrix.org Foundation full-time, focused on managing the Foundation’s finances, organising the Foundation’s membership programme, helping raise funding to support Foundation work, working with the Guardians to ensure the Foundation stays on mission, and ensuring the Foundation can operate successfully as a fully independent entity.

Continue reading…

We were already proud to announce that the national agency for the digitalisation of the healthcare system in Germany (gematik) had selected Matrix as the open standard on which to base all its interoperable instant messaging standard, back in 2021.

We are now delighted to let the world know that they are doubling down on sovereignty and sustainability: gematik is the first organisation of the public sector to join the Matrix.org Foundation as a Silver member.

Collaboration in the public sector

Our friends at the FSFE have been calling for software used in public services to be free software in their Public Money Public Code campaign. As advocates of open standards and an open source project ourselves, this is something we can get behind.

Software development can be an impenetrable world for people who don’t work in the field. It can sometimes be difficult for people outside of our industry to understand the importance of bitrotting and refactoring. One very unfortunate effect of this is that new features are easy to fund because they feel very tangible, but the most critical housekeeping work is not as appealing.

Yet, without regular refactoring to clean things up, it gets increasingly costly and difficult to add new features. Counterintuitively, spending money on “the boring tasks” is the most efficient use of money: without it the technical stack would become either obsolete, bloated, or both, and it would be much more costly to move to something else or maintain an in-house fork.

We’re very happy gematik is doing the right thing by supporting the technical stack it builds TI-Messenger on. By supporting the Matrix.org Foundation, gematik contributes to the sustainability of the protocol powering the communications of the German healthcare system… but not exclusively.

Sharing costs across public services, and with the private sector

Matrix is an open standard, which means not only everyone can use it: when someone contributes to Matrix, everyone benefits from it. This makes Matrix particularly interesting for the public sector: if the German healthcare contributes to Matrix, the German Armed Forces benefit from it, and the other way around. It allows both to contribute less of their budget, instead of contributing each to an entirely different product. The German Federal Ministry of Defence already actively contributes to Matrix development and funding via its public IT services provider BWI GmbH, who relies on Element’s consulting services to develop their own Matrix-based messenger.

But Matrix being open source, it also allows the public and private sector to share the costs of maintenance by design. The public sector benefits from the contributions of the private sector to Matrix, and the opposite is true as well.

The Foundation plays a critical technical and social role in this system: it centralises and curates contributions to the protocol so it remains unbiased, coherent, and efficient.

This is just a beginning

We’re extremely happy to welcome the first public sector organisation in the Matrix.org Foundation! Given how popular Matrix is among governments and the public sector in general, we know this is just a beginning: it would be illogical to deploy any solution at a large scale without contributing to its sustainability.

Whether you’re an organisation from the public or the private sector, looking to cut costs down by building on a common, standard and reliable foundation, you can support Matrix and join the Foundation today.

We're proud to announce Beeper is the first member to join the Foundation! Beeper is a universal chat app, built on top of Matrix. Beeper is strongly committing to support Matrix by becoming the first member in the Gold tier as well.

Matrix is a strategic choice

Beeper allows you to connect accounts from up to 15 different chat platforms to get a unified inbox in a single app. The core business of Beeper is to provide a polished app and service to their users. Beeper is built upon Matrix: behind the scenes, a Beeper account is a Matrix account on the Beeper homeserver, and the company hosts bridges for its users. The experience is completely transparent for them.

Matrix was an obvious choice in Beeper's stack because of its interoperable nature. Bridges are the core of Beeper's business: they are the most active bridges maintainer of the Matrix ecosystem, and most of them are open source too. It makes a lot of sense for Beeper to build on top of Matrix so they don't have to reinvent the wheel: homeservers exist, the AppService API that allows them to create bridges exists, and maintaining an in-house solution for this all would cost more than their contribution to Matrix.

Matrix also solves the difficult problem of End-to-Bridge Encryption: it allows bridges to decrypt messages from a third party platform like WhatsApp and re-encrypt it for Matrix users. This makes the homeserver completely oblivious to the content of the messages. It protects customers against passive leaks, and the most privacy conscious ones can even self-host their bridges to get total control of the messages making it through.

Mission aligned

Beyond the obvious business choice of relying on Matrix, Beeper and the Foundation have a lot of values in common. The Foundation is fighting for interoperability possible at a technical level… but it's also fighting to make it possible at a legal and systemic level. We've been very vocal in the Digital Markets Act discussions In Europe. Beeper's CEO Eric Migicovsky also took part in the consultation launched by the EU in the hopes of opening up the walled gardens of Gatekeepers. The regulation change brought by the DMA will accelerate the adoption of interoperability across the board, bringing the tools to make it sustainable and reliable, which is a direct business enabler for Beeper.

Join us

We once again welcome Beeper and congratulate them for being the first member to support the stack they rely on! As for organisations who depend on Matrix: we still need your support to make Matrix sustainable.

Join us in our mission to make Matrix the ubiquitous foundation for respectful products and services, become a member today!

We shared back in December how we wanted to find a way for people and organisations to support Matrix in a more impactful manner. We wanted it to also enable the Foundation to be more autonomous and more powerful in growing the ecosystem. Well the day has come: the Foundation is now able to formally accept members!

So what is a member of the Matrix.org Foundation? It's an organisation or individual who financially supports the Foundation by paying a yearly membership fee, and in return gets some influence in driving the direction of Matrix and the Foundation's activities.

The key has been to create a balanced governance model, to make sure the Foundation stays aligned with the Matrix manifesto. For this we've created a Governing Board to set the direction of the Foundation whilst the membership fees will fuel our efforts to get us there.

So why become a member?

A common, durable platform

Matrix is an open protocol everyone can contribute to. However we believe that to remain healthy, a protocol is better off having a single spec that needs to be curated. The additions need to be debated, implemented in actual software, and the rest of the specification needs to be adapted to the new changes. Such curation and edition work take time and effort, but the benefits of it are enormous.

A curated protocol benefits individuals, digital rights activists, and philanthropic investors who believe in the fundamental right to control and privacy in online communication. As an open standard for real time communications, Matrix brings the sovereignty, security and interoperability, which are key to having full control over one's own communication. By financially supporting the project, people who are aligned with our beliefs allow us to keep fighting for our collective rights, be it by providing secure software or persuading regulators to protect their citizens (such as our DMA promotion work or our fight against the Online Safety Bill).

A curated protocol benefits profit-making companies building communication products and services. Decentralisation is a hard problem. End-to-end encryption is a hard problem. Decentralised end-to-end encrypted communications are a very hard problem. Matrix is doing the heavy lifting in these areas so companies can focus on building what they do best: creating great user experiences on top of it. By financially supporting the project, organisations building on Matrix rest assured it keeps evolving, being patched and staying secure. In short it ensures Matrix remains a competitive advantage over other products, at a fraction of what it would cost to maintain an in-house solution.

A curated protocol benefits entire governments, and large parts of the public sector, who have both adopted it widely. Public organisations can not only benefit from a sovereign, secure and interoperable solution - they can also ensure public money is spent for public good, not shareholder wealth. By joining the Matrix Foundation, public sector entities contribute to the stability, security and performance of Matrix. Investing into the project ensures that the open standard that is supporting their healthcare, defence and public administration continues to benefit from innovative open source software development.

Stay unbiased & vendor neutral

The Matrix manifesto hasn't changed. We still believe people should have full control over their own communication, not be locked in silos, be able to converse securely and privately, and that communication should be available to everyone as a free and open, unencumbered, standard and global network.

The Foundation maintains the Spec, which formalises the behaviour expected from the various software components of the Matrix ecosystem. We believe it's important for both individuals using the protocol - and organisations building products on top of it - to be part of the decision process when it comes to shaping the evolution and features of Matrix. So we have designed membership tiers catering for all budgets, and mapped the Governing Board representatives evenly across the tiers.

The Spec Core Team appointed by the Foundation's Guardians is particularly vigilant against features which only benefit particular players, or are designed to somehow cripple or fragment the open protocol and ecosystem in favour of competitive advantage. As such it is a guardian of the neutrality of the protocol, making sure it will serve the general public's interests and be a solid base to build robust products on for commercial organisations.

Delivering from the get go

The Matrix.org Foundation wants to take a more active stance in supporting the protocol. The Foundation needs to respond appropriately to the Governing Board's recommendations. We are hiring a Managing Director who will be in charge of identifying and building programmes the Foundation can deliver, obtaining funding for it, building a team and overseeing the delivery with the approval and support of the Governing Board.

Such programmes could include an accreditation process, to give more visibility and credibility to the organisations adopting Matrix seriously, organising more Matrix events, to promote the standard and share experiences amongst the community etc. Their mission will overall be to make the ecosystem thrive and grow.

A Managing Director working full time will also allow us to increase the Foundation's transparency by allowing it to report more often on such programmes, independently from any vendor.

Going where we're expected to

The Governing Board is the new compass of the Foundation: it refines the vision of the Foundation and steers the Managing Director and Spec Core Team in the right direction.

This gives the Governing Board a lot of power over the Foundation and Matrix, so we've put in place several safeguards to ensure the Foundation remains healthy.

For example, the Guardians remain the ultimate authority, should the Governing Board take decisions against the interest of Matrix, and the Governing Board cannot appoint or remove members of the Spec Core Team.

To ensure that the Governing Board is representative from every stakeholder in the ecosystem, we've included both representatives from every membership levels, including individuals, but also representatives of those who are rooted in its day to day operations (i.e. the MD and the Spec Core Team), and of the Guardians.

Since the Governing Board sets the direction for the Foundation, continuity is important. Therefore, members of the Governing Board are serving for two years, with yearly elections renewing only half of the board at once. This makes room for fresh ideas without losing context of the previous decisions.

Finally, this membership scheme is also meant to formalise and better distribute the relations of power in the Matrix ecosystem, to make it more independent of specific vendors. We believe this is a major next step to make Matrix thrive, and welcome everyone to join us in our mission. You can also check our Prospective Members presentation here for more details.

In short, become a member today!

Send an email to [email protected] or browse matrix.org/membership