
Automattic invests in Matrix - ptman
https://techcrunch.com/2020/05/21/automattic-pumps-4-6m-into-new-vector-to-help-grow-matrix-an-open-decentralized-comms-ecosystem/
======
tmikaeld
Good news!

Now if only they can figure out how to make Riot usable with Encryption
enabled without pulling your hair out every time you enter a room or chat with
non-matching keys.

While Riot has a lot of features, it is also not easy for new users.

I've tried to convert at least 10 persons and none of them use it any more,
citing not being able to figure out how to use it or simply not having the
time to waste figuring it out.

It needs to be intuitive out of the box, how to contact people, how to find a
room, how to chat.

~~~
Arathorn
Have you tried since we relaunched encryption and turned it on by default 2
weeks ago? The UX has _completely_ been rewritten and it should now be
transparent - see [https://blog.riot.im/e2e-encryption-by-default-cross-
signing...](https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-
here/).

edit: To be clear, we no longer nag whenever there's an unverified login
present - and unverified logins should increasingly be a thing of the past
anyway given we now have cross-signing and so let users verify their own
sessions at login.

~~~
erdii
Wait... Naive question: shouldn't you, especially in this case, still nag the
account owner about his own unverified sessions? What if a bad-actor
homeserver slides in a new session to snoop around?

BTW: I absolutely love the cross-signing move and riot/matrix in general! :)
Thanks for your great work on this!

~~~
Arathorn
We do nag, in that all the green shields will suddenly go bright red. But we
don't block the user from being able to send messages until they've resolved
the problem.

It's possible we'll reintroduce this once cross-signing has been fully adopted
though; it's tricky because we need to distinguish between encrypted rooms
where you simply don't care if random users have unverified slides... versus
ones where it's a disaster if an unverified session slides in. Finding the
right UX for that is tough, but we think the current balance is an
improvement.

~~~
erdii
Alrighty, thanks for your answer :)

That is really a tough UX problem... Maybe a room could have a "sensitive
content" flag that is enabled by default for one-on-one chats and can be
manually enabled for group chats.

------
Boulth
VC money mixed with open source software again. It didn't end well for
Keybase. I hope Matrix has a monetization strategy.

Edit: for people interested there are company docs at
[https://beta.companieshouse.gov.uk/company/10873661/filing-h...](https://beta.companieshouse.gov.uk/company/10873661/filing-
history) eg. "25 Mar 2020 Total exemption full accounts" document (2.2) shows
a yearly loss of almost 2M pounds.

Edit 2: it seems Matrix people no longer control 50% of their company shares,
or I'm reading it wrong:
[https://beta.companieshouse.gov.uk/company/10873661/persons-...](https://beta.companieshouse.gov.uk/company/10873661/persons-
with-significant-control)

~~~
mawalu
But keybase still has their server software that people depend on and that
isn't open source. Worst that could happen with New Vector is that they stop
paying developers to work for the Matrix.org foundation but that would not
prevent anyone from continuing to use the existing software

~~~
Arathorn
Yeah, we (Matrix) have a fundamentally different model to Keybase. The
Matrix.org Foundation
([https://matrix.org/foundation](https://matrix.org/foundation)) is an
independent neutral entity that safeguards the protocol and ecosystem, with
the mission to protect it from being sabotaged by any actors in the ecosystem
( __including New Vector __-[https://vector.im](https://vector.im), the
startup founded by the team who created Matrix).

Even if New Vector did go evil (e.g: bought by EvilCorp; coerced into adding
backdoors; tried to monetise user data/metadata; tried to relicense opensource
stuff as proprietary; tried to add core functionality as paid-only) then both
the Foundation and the wider ecosystem would fight back; rejecting the
obnoxious changes to the spec, or simply going and supporting an alternative
provider.

Meanwhile, if New Vector did implode, the team could still go elsewhere and
keep working on Matrix if they wanted to - and there are an increasing number
of folks who might hire them to do so. <plug>e.g. Automattic's new Matrix job
opening! [https://automattic.com/work-with-us/matrix-integrations-
engi...](https://automattic.com/work-with-us/matrix-integrations-
engineer/</plug>)

edit: the monetisation strategy for New Vector is selling Matrix hosting
([https://modular.im](https://modular.im)) and helping out big folks like
Governments who want to jump on board Matrix. While the company is certainly
not profitable yet, it certainly has a path to being sustainable (otherwise
folks like Automattic wouldn't invest!)

~~~
Boulth
> the monetisation strategy for New Vector is selling Matrix hosting
> ([https://modular.im](https://modular.im)) and helping out big folks like
> Governments who want to jump on board Matrix. While the company is certainly
> not profitable yet, it certainly has a path to being sustainable (otherwise
> folks like Automattic wouldn't invest!)

Thanks for this info! Exactly what I was looking for.

------
Ebenus
With E2E encryption in place by default is there any real advantage in using
Signal instead of Riot client for everyday communication with my friends? Riot
desktop app is definitely more polished and customizable, video quality on all
of my devices also seems to be a lot better.

Surprisingly the only thing that I am really missing is the ability to use
custom sticker packs which got added to Signal a few months ago.

~~~
tgsovlerkhgsel
A short while ago (maybe 2 months?) I tried an audio call from Android and
while I don't remember the details, the experience was bad enough that we both
agreed to not do that again and use Signal in the future.

RiotX Android doesn't support calls at all according to the Play store page,
while the old Riot Android client doesn't support cross-signing, search
doesn't work, and it overall feels unpolished. It's still very much beta
software.

~~~
Arathorn
VoIP has historically been a second class citizen in Riot, but we're trying to
fix that right now. The implementation in RiotX is in mid flight up at
[https://github.com/vector-im/riotX-
android/compare/feature/v...](https://github.com/vector-im/riotX-
android/compare/feature/voip?expand=1) and Riot Android will be killed off
shortly in favour of RiotX.

------
ValentineC
> _Talking of moving, Hodgson says he expects Automattic to move over from
> Slack to Riot following this investment._

Here's hoping Automattic has enough influence to move the WordPress.org open
source and community discussions (which are currently hosted on Slack, but
used to take place on IRC) to Matrix too.

~~~
Arathorn
That's the hope - the pressure is on the Riot/Matrix side to ensure that the
transition is a no-brainer in terms of UX :)

~~~
buboard
Are we currently able to easily integrate an existing community (usernames) to
a matrix server?

------
olah_1
> Imagine if every WP site automatically came with its own Matrix room or
> community? Imagine if all content in WP automatically was published into
> Matrix as well as the Web?… Imagine there was an excellent Matrix client
> available as a WordPress plugin for embedding realtime chat into your site?”

I want to imagine it, but I really struggle to. Matrix is just too slow,
bloated, and heavy. I cannot even fathom what a snappy experience with Matrix
would be like. I look forward to something like this if it happens though!

~~~
justaj
The main Matrix.org homeserver is pretty slow because it's usually overloaded:
[https://matrixservers.anchel.nl/783115140](https://matrixservers.anchel.nl/783115140)

This is IMO mainly because they've stuck with the main implementation of the
homeserver (Synapse) being written in Python. Had they've gone through with
developing Dendrite as the main implementation, or perhaps even gone with one
written in Rust, all of this would feel much snappier.

In a way, Dendrite is now being primed to be compiled to WASM and used in a
p2p setup of Matrix, but hopefully we'll also see it running on servers
instead of Synapse one day.

Although, to be fair, you can't really blame them too much though, they're a
casualty to the Coronavirus effects like a lot of similar services are
currently.

~~~
Arathorn
There are a bunch of Dendrites already running serverside on the public
network there - it's almost out of alpha.

Meanwhile Conduit ([http://conduit.rs/](http://conduit.rs/)) is a new
implementation in Rust which is making spectacular progress (it's overtaken
Dendrite in some places already).

Both of them are _unrecognisably_ snappy, relative to Synapse - even when
Synapse isn't completely overloaded.

~~~
http-teapot
Conduit looks fantastic, I might start using it and possibly contribute.

On that note, is hosting a git GUI a trend? If I want to contribute I have to
sign up. I’d have dozens of logins if projects started doing this.

I wonder if matrix could work as a decentralized git.

~~~
timokoesters
Hi, you should be able to log in with your GitHub account on this page:
[https://git.koesters.xyz/user/login](https://git.koesters.xyz/user/login)

------
TekMol
Has this ever worked out?

1: A new technology is being worked on by enthusiasts. Nobody knows if it will
get mainstream traction or not.

2: A company puts in a siginificant amount of money to accelerate development
and marketing.

3: The new technology gains mainstream traction.

Two examples I can think of for point 1 are Linux and PHP. I think both grew
without money coming in, right?

~~~
morsch
Those criteria are so vague that they could apply to all technologies; or none
of them. What separates a tech from another, who's considered to be a
enthusiast and who isn't, what is traction and when is it mainstream, at what
point does a pile of money stop being insignificant, ...

------
vertex-four
Every individual Matrix room is a multi-master, non-ACID database which uses
its own data as security- and privacy-related configuration. Given how hard
this is to get right, I'd really, really like to see Jepsen tests and a
security audit done on more than the crypto aspect of Matrix.

~~~
Arathorn
There's a massive academic paper dedicated to Matrix's theoretical correctness
(and the correctness of the Synapse implementation) going to be published in a
few weeks. Wish it was already out, because it's spectacular :)

That said, nobody's done any Jepsen tests yet as far as we know, but we'd
really welcome them!

~~~
vertex-four
Getting a Jepsen test done involves paying Aphyr for it, which I imagine you
could do with this lovely new investment. Information here:
[https://jepsen.io/analyses](https://jepsen.io/analyses)

~~~
Arathorn
The first thing we earmarked the new investment for is doing a proper audit on
the full stack - not just libolm (the e2ee ratchet implementation), but
ideally an end-to-end audit of a typical best practice setup (e.g. E2EE-
enabled registration/login/msg flows for Riot Web <-> Synapse <-> Riot Web),
so we can then stamp a LTS label on it. We'll want to finish sorting teething
problems on the new E2EE stuff though, as well as the scaling mess on Synapse
first.

Sounds like Jepsen could certainly be part of that; we'll ping Aphyr when the
time is right.

------
david_draco
I wish they would help fix/maintain the Matrix-Purple bridge, which would
allow more people to use riot servers with clients such as pidgin.
[https://github.com/matrix-org/purple-
matrix/issues/95](https://github.com/matrix-org/purple-matrix/issues/95)

~~~
benparsons
libpurple bridging support is being achieved through matrix-bifröst
([https://github.com/matrix-org/matrix-bifrost](https://github.com/matrix-
org/matrix-bifrost)), this is via node-purple.

~~~
Arathorn
Much confusion here. There are three different Matrix projects related to
libpurple:

[https://github.com/matrix-org/purple-matrix](https://github.com/matrix-
org/purple-matrix) is a very basic proof-of-concept PRPL plugin that lets a
libpurple client like Pidgin or Adium or Purism's Chatty connect to Matrix. We
wrote it as a demo to inspire others hoping that someone from the Pidgin
community might pick it up and polish it, but sadly there hasn't been much
progress. We don't have bandwidth to finish it off ourselves.

Then there was matrix-appservice-purple ([https://github.com/matrix-org/node-
purple/tree/f5ad4ef798904...](https://github.com/matrix-org/node-
purple/tree/f5ad4ef7989046bb1c1e963a0a7510737d527eef/appservice)), which was a
proof of concept bridge using node-purple which let Matrix connect to anything
that libpurple can speak. We used it to demo bridging from Matrix into Skype
via the skypeweb PRPL - but it was a _very_ fragile quick hack demo.

Then this was replaced by Bifrost, a proper production-grade bridge engine:
[https://github.com/matrix-org/matrix-bifrost](https://github.com/matrix-
org/matrix-bifrost). It supports different plugins for the bridging, one of
which is libpurple via node-purple (although most people use it as an XMPP
bridge, via the xmpp.js plugin). This lets you connect from Matrix into any
protocol supported by libpurple - effectively an equivalent of Bitlbee, but
for Matrix rather than IRC.

------
xondono
Can someone give the “elevator pitch” of what sets Matrix apart?

~~~
bertman
Apart from what? Compared to xmpp: Marketing mostly.

~~~
Arathorn
From a technical perspective, Matrix & XMPP are about as different as you can
get. It's __not __just a marketing thing.

Matrix is a decentralised encrypted conversation store; where all conversation
history gets replicated across all the participating servers/nodes. It's a bit
like Git, or NNTP (Usenet) or possibly IMAP, depending on how you squint.

XMPP is a message-passing protocol; where stanzas get passed between
servers/nodes. It's a bit like SMTP or SIP.

There are a bunch of other differences philosophically (Matrix is one big
monolithic versioned spec; XMPP is a cloud of XEPs, etc) too.

The only similarity in the end is that you can use both to build chat systems
(and you can use both to build a bunch of other things too - e.g. IOT use
cases).

Another way of thinking of it is SVG versus Canvas. Or OpenGL versus a Scene
Graph library (Open Inventor, or whatever that's become now). Sure you can use
both to draw pretty pictures, but architecturally they couldn't be more
different.

------
dnpp123
Let's hope they use that money to make synapse more lightweight...

Synapse plus a few bridge just eats all my server's resources. Go wonder why
they chose to do it in python...

------
acd
Glad to see this, I hope open source communication will be the preferred first
choice.

Why? openness Archiving Enabling access to all

IRC used to be used open I hope Matrix and IRCv3 takes over.

------
jondubois
This will not work. There are no incentives for different groups of people to
collaborate on a single shared communication standard. The incentive is for
entities to keep data to themselves. Also, this standard is too complex and
unclear. Complex standards which try to bring together many different
technologies under one abstraction never seem to work.

Also, universal standards are not necessarily a good thing. Decentralization
with multiple competing tools and standards is good as it provides redundancy
and opportunities for specialization.

~~~
ijpsud
> This will not work.

They seem to be doing fine:

~10.0M global visible accounts

~2.5M messages per day

~4.5M unbridged accounts

~500K unbridged messages per day

~2.1M rooms that Matrix.org participates in

~20,000 federated servers

~3000 msgs/s out, ~30 msgs/s in on Matrix.org

~400 projects building on Matrix

~70 companies building on Matrix

[https://matrix.org/faq/](https://matrix.org/faq/)

They're up to 20k visible servers from about 5.5k servers in September 2018,
and if you look here:
[https://youtu.be/1TPICntbC5w?t=1692](https://youtu.be/1TPICntbC5w?t=1692) you
can see the growth curve looks pretty good.

> Also, universal standards are not necessarily a good thing. Decentralization
> with multiple competing tools and standards is good

Matrix explicitly _doesn 't_ try to be "the one true standard". That's the
whole idea of their bridging model:
[https://youtu.be/1TPICntbC5w?t=296](https://youtu.be/1TPICntbC5w?t=296)

~~~
Markoff
10M accounts with 2M rooms sounds odd, any explanation?

~~~
Arathorn
10M (nowadays 16.8M) is the total number of matrix IDs we can see from
matrix.org based on phone-home stats from Synapse. 2M (nowadays 5.18M) is the
total number of matrix rooms from Synapse.

The ratio is about what we'd expect - there's a mix of DMs, private rooms, and
massive public rooms; the DMs will dominate, hence this ratio. Every
conversation in Matrix happens in a "room" (even DMs), under the hood, which
might be the point of confusion here.

~~~
Markoff
OK, didn't know you call private conversation room

------
tmwed
i think this is great, VC $ aside. my biggest issue with contributing to Riot
or Matrix ecosystem from a Client UI perspective is (from what i remember) the
weirdness of the Riot client being half separated into two repos. it makes the
barrier to entry seem too high. my hope is that this investment can resolve
these concerns

------
Markoff
is there some Matrix Android app with SMS support to replace Signal?

------
skbohra123
Reading the headline I thought Matrix is acquiring Automattic.

------
dang
We changed the URL from [https://matrix.org/blog/2020/05/21/welcoming-
automattic-to-m...](https://matrix.org/blog/2020/05/21/welcoming-automattic-
to-matrix) to an article that gives more background. (via
[https://news.ycombinator.com/item?id=23256180](https://news.ycombinator.com/item?id=23256180))

~~~
gravitas
I disagree with this editorialization. You have driven clicks away from the
source website (content origin) over to a 3rd party entity running ads and
writing their own narrative "Automattic pumps...").

uBlock has blocked 31 (actually, 38 and counting - dynamic while open - oops,
up to 41 now) intrusive ads/trackers on your new link to a commercial website,
and zero on the original link to the source of information. I do not want this
as a reader and feel given the subject matter (privacy, e2e chats, etc.) that
this move is not in the best interests of the people reading this link or
article.

~~~
dang
Generally we prefer original sources, of course
([https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)),
but corporate press releases are special in a bad way. They tend not to
contain background or interesting detail. They are written in bland PR
language that surely every intelligent reader finds gross. (I'm by no means
saying that media articles are great, but PR language is truly the bottom of
the barrel.) Whatever _is_ interesting in a new development, they often
obscure. They lead to more generic discussion, which is worse discussion for
HN
([https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...](https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=by%3Adang%20generic%20discussion&sort=byDate&type=comment)).
So they're more or less deprecated here.

I hear you about the ads etc. and agree in principle, but it's a separate
issue. That's how media work right now. We may not like it but it doesn't mean
we should bite our nose off to spite them.

Btw, it's possible that I made the wrong call in this case. I didn't look
closely either at the PR release or at the TC article—I just skimmed them. But
the above is the heuristic we use, and I'm pretty sure it's the right one for
HN.

~~~
Arathorn
I think the confusion might be my fault in this instance, as the author of the
original Matrix.org blog post. The post wasn't a PR or written as a PR (and I
hate PRs like the best of them)... but in retrospect I see that the headline
and the banner image could make you think that it was. Hopefully the contents
of the blogpost itself wasn't bland & gross tho :/

Ironically, the /actual/ PR for this was at the bottom of
[https://blog.vector.im/automattic-backs-matrix-
investing-4-6...](https://blog.vector.im/automattic-backs-matrix-
investing-4-6m-in-new-vector/) \- which indeed is bland PR language, intended
to convey the bare facts to journos rather than actually be read by normal
folk :)

------
rambojazz
Excuse me... what am I missing here? Is this just some sort of donation or
does Matrix have plans to make money (how?)?

~~~
Arathorn
It's not a donation to the Matrix.org Foundation, it's an equity investment in
New Vector ([https://vector.im](https://vector.im)), the startup that the
folks who created Matrix began in order to make money to support Matrix
development. New Vector makes money by selling Matrix hosting
([https://modular.im](https://modular.im)) and providing
consulting/support/services to large folks building on Matrix.

------
7532yahoogmail
Off topic but the language here ... What is it about it that makes it plastic?
For example it employs the phrases "that said" and "not least" which are
generic, throw aways.

New projects are a kind of success itself so we expect the principals to be
ebullient. But the prose is over the top. It gushes. Quantum computing wasn't
invented here.

It's the IT corporate form of Hollywood but in words: Another theoretically
innvoative industry except it isn't: It largely can't make an original film.

The older I get, the more I am in agreement with English Profs: use a better
adjective, could you? Don't repeat. Avoid generic over used phrasing. In
short: is it too much to ask that your language had a pulse? Game?
Personality?

