Decentralizing Social Media and E2EE Communication with Matrix

This is my rambling before linking to a guide I wrote in how to spin up a homeserver. I made it separate to save you from the long drawn out story before getting to the recipe like in so many cooking blogs. For a guide on how to spin up a Matrix homeserver very quickly, click here.

Since around the beginning of COVID, I’m found myself in the unique position where I have a foot in a number of different chat circles and discord servers and group chats on varying services. While at the same time I’m on the journey to deactivate and end my usage of Facebook only to pop back in a few months later. I’ve been moving my conversations around from various places, and then to eventually signal, which I still like, but I found it limiting besides generally 1 to 1 chat. While at the same time I have interest in moving to a decentralized approach to chat and feeds. I originally looked at matrix a while ago an passed on it, but upon circling back. Once I discovered bots that can be utilized in matrix to create custom feeds of whatever the room creator wanted from Reddit to YouTube to RSS or even Twitter feeds, I realized that matrix could replace all the various sites I would doom scroll through algorithmically and be fed curated crap rather than controlling what exactly I want to see. One app to rule them all, or at least until RSS gets killed off even more.

So what is Matrix? Matrix is an open network for secure, decentralized communication. There is a server at matrix.org that speaks this protocol, but you’re free to run your own server on your own if you want. Within matrix, all users have the ability of creating rooms where people can have a conversation, ranging from 2 to many, and those creators have completely control over who has access to it from invite only to having it publicly listed. Rooms are fully E2E encrypted by default and not even server admins can see the content of rooms they are not invited to which greatly ensures the privacy of all conversations. All rooms can accept media such as photos and videos. Voice and video chat is possible as well.

Diagram courtesy of matrix.org

Matrix is decentralized like email, all users get an address like @user:exampledomain.com where they can talk with any other user of any other homeserver. The improvement compared to signal is the ability for users to create rooms private or public rooms that any other user of my homeserver can see or even open it up to users from other homeservers.

Because of that decentralization, Matrix can combat censorship if charlie.com for example, was taken down by a government. Rooms encrypted between homeservers synchronize the chat, and if there are other room admins in the rooms they could technically invite #charlie:charlie2.com at his new homeserver in another country. There, he should still be able to communicate in the same encrypted room.

Now what if someone seizes the physical server hosting charlie.com and attempts to read the message? Well, in matrix, all rooms are encrypted by default and cannot be decrypted by anyone not explicitly invited to those rooms. If all users in a room are from the same homeserver, the entire encrypted chat log is only on that server and no where else.

All new rooms have encryption setup by default, but if a user wants to make a publicly accessible room, they can do that as well if the homeserver’s settings do not prevent it. There’s not really a point in encrypting a publicly accessible room though.

The real downsides to Matrix are that Federated protocols are much slower to evolve and add features over time compared to a centralized service. Users have to trust the server admins of a homeserver, which is me for mine or the admins at matrix.org if you make a free account there. If you don’t trust anyone else you can always spin up your own version to cut out everyone else. But remember, our use of all of these other centralized services also involve a multi fascinated examination of trust as well, it’s just slightly different from trusting a company from trusting a person or groups of people. All require that little assessment to think about and which one of the different cans of worms and the pros and cons of dealing with each.

Also if I’m the sole server admin and I get hit by a bus and the server eventually goes down, no one else with their account in my homeserver will be able to connect to send or even see their messages. They will have to make a new account elsewhere. Tradeoffs come with all. These are the logistical difficulties that come with using a decentralized service, but with that also comes more ownership. Over the last couple decades, we’ve gotten so used to the simplicity of free email or other service offered by big tech only to consent to data collection and monetization of that data that spending that effort or money up front to protect or move your use to a decentralized service feels foreign.

Even worse is adoption. Adoption is the inherent roadblock since people normally join a service because their friends are on it. Facebook’s foot in the door was colleges. With matrix, it’s starting from the bottom. Wow within matrix I can make E2EE chats, but who in the hell do I even know with a matrix account? Signal is great for this reason because you can easily install and have your account up in seconds with quick verification. “Download signal” peeps would say, doing that and then opening it the first time, it practically hand walks you through registration and verification. That easy entrance is inherent to mass adoption and installing and using matrix is a tad step up, even using it with the various settings on rooms and the overall architecture of it is extremely complicated for some to digest.

There also is the question of the homeserver and admin itself in the reliability, is this a dude keeping it in his basement? Is this a company that will keep the lights on? This is a tad more of an assessment than when compared to how a typical user approaches using a centralized service. Hell, even the names and their exact definitions are a little confusing. Matrix, Synapse, Element, Riot, Vector. (For their definitions, see the bottom of this blog). This circle has a marketing problem and it’s extremely confusing for many to know even where to get started. I’ve even seen rants on forums from users looking for instructions, because some of the first introductions are walls of text.

All social media networks are running, at a foundational level the same thing. Just a proprietary combination of feeds of various content. Facebook, Twitter, Reddit, Instagram, TikTok and others all have various things within the feeds you follow, but the social media organization will decide what is best for you to see. Here they can place their ads and offer a precise number of views to it to advertisers. The more and more complicated and granular profiles that can be generated on users based on their history, it is statistically higher number of interactions than normal and can be sold for even more. Imagine having an algorithm where you could guarantee 10,000 visits from an advertisement for users within the targeted demographic, age range, and also within users that the system had identified as more susceptible to buy something. This creates a problem where user influence and control is essentially up to the highest bidder.

On Facebook, you might have 500 friends but only generally see probably around 50 intermixed with a lot of news and advertisements. But it’s not just ads, algorithms can be biased and facilitate the explosion of controversial group activity that lead to radicalization on a massive scale. Ask yourself why is holocaust denialism and the belief in a flat earth growing rather than waning. Twitter isn’t immune from this, I have constantly found myself angrily turning back on “latest” in an attempt to avoid that curation and get to most recent. I feel like the most beneficial feature of twitter is the speed. Anyone else remember following the Boston Bomber investigation back on twitter? That was some hot shit, but twitter now wants to constantly fill my feed with tweets up to 15 hours old. That conversation is over, it happened yesterday! Reddit allows for some more configuration, but generally it guides users to want to depend on reddit’s algorithm as well.

On matrix, there’s none of that. Which on one hand is great for privacy implications, but on the other hand is a little more time consuming refining the feed to exactly what you want. When i went to add my subreddits, I noticed there were a lot of subreddits I actually subscribe to that I have no interest in continuing to follow. However, this is a way about being more explicit about what I want to see which I feel is also a good thing. Consider this a nice spring cleaning.

That automation, is that convenience we get from social media websites. Showing you new photos that your high school friends just added to facebook so you’re reminded of them and that they look happy. Without it, you have to manually check in on them which requires a lot more manual effort, but at the end of the day is more worthwhile to meaningful relationships than by chance of seeing their update.

Technically, there is a way for matrix to entirely replace this and give someone the ability to create a public or invite only feed that could be used in the equivalent as following someones page. The creator of the room could use it as their feed for updates and kick anyone out they don’t want to access it. The big gap would be to normalizing the process for everyone to use it in that way. I mean someone could possibly add a feature to it, but currently, Matrix users by default don’t have profile pages, however, if there was a way for it to have a profile feed or profile room that users could treat as equivalent to Facebook or Twitter feed that could easily serve as a replacement. If everyone had a #profile-username:domain.com room that they could set access to and set visibility, public, private, or invite only, they could essentially share any other contacts or keys with other members in or outside of the homeserver that they choose. How does this interact with decentralized finance in the future? Combine all of that with the RSS feed bots that can turn a room into all of your YouTube or Subreddit updates. Slack has the ability to combine see all threads into one page, Element currently doesn’t but if it did, a thread view would essentially be a fully decentralized social media feed. Imagine giving a prioritization of rooms within that feed. If there was simpler process for people to spin up a homeserver akin to signal that would clear out a lot of roadblocks, but time will tell with everything.

Despite understanding the long term privacy implications of surveillance capitalism, there was odd comfortable resignation in me that some “Good” Facebook or Twitter company will eventually come along and fix social media and everything will be fine, but I think that way of thinking has made me hesitant in finally diving into decentralization and that’s essentially the barrier in getting to that world.

When it comes down to it, it’s a very simple question. Do I feel as though spinning up a matrix homeserver at a custom domain is worth it? Worth not just in money, but time as well. Do I feel as though jumping through the hoops in order to aggregate my feeds, use as an E2EE chat amongst friends, save time in visiting separate sites, minimize my privacy exposure, and offer this up to friends as well? Absolutely. It probably wont replace all my other messengers, yet but this might the be first step in a better direction for everything.

So here’s what I’m going to do. I’m going to spin up a Matrix homeserver and setup a number of public rooms as feeds to essentially replace my feeds from other sites in a way that Feedly cant and open those up to any of my friends who join. I could create a replacement for my use of discord, and allow any of my friends the ability to make any rooms they want and even upload larger content rather than paying for discord. All without even exploring bridging yet (the ability to connect a room to another message service and text people on signal or Whatsapp from your matrix account for example).

We will see how this goes.



If you want to setup your homeserver, here’s my guide.
If you want to create a free user account at the matrix.org homeserver, here’s a link to element. Yes that is a photo from death stranding, a game you should play. Not directly related here, but the game involves building infrastructure so people can communicate with eachother.

Definitions:

Matrix: This is the protocol used. (Think email protocol like POP or IMAP)
Synapse: This is the server running the matrix protocol (Think Gmail,O365, or Tutanota)
Element: Element is a client (one of many) that can be used to interact and send messages with a synapse server running on matrix (Think Outlook or Thunderbird)
Riot: Element’s former name, in this blogpost they explain the name change to element.

Share:

75 Posts

Information Security Engineer based out of Long Beach, California
View all posts