Hacker News new | past | comments | ask | show | jobs | submit login
Status.im Invests $5M in Riot.im (status.im)
212 points by dyukqu on Jan 29, 2018 | hide | past | web | favorite | 86 comments

I have never heard of Status.im[0], but I'm glad that the Matrix protocol[1] and it's major[2] client implementation Riot.im[3]—received significant financial resources.

We, a small group of tech-savvy people, tried to use Riot client in the early summer of 2017, but it was far from being convenient for work needs. Poor UI/UX, overcomplicated E2E-keys sharing, sluggish interface (Electron, as you might have guessed) and awful mobile app. I'm not sure of the current status, but I hope now they'll be able to increase the pace of development and quality of the product, since Matrix is an excellent, federated post-XMPP/IRC protocol, which we lack today.

Upd: references and clarifications.

[0] https://wiki.status.im/The_Status_Network_Whitepaper

[1] https://matrix.org/docs/guides/faq.html#what-is-matrix

[2] https://matrix.org/docs/projects/try-matrix-now.html

[3] https://riot.im/

Hey there! Sounds awesome, I'm with Status and would love for you to check out more about what we're all about. https://wiki.status.im/The_Status_Network_Whitepaper

We're super supportive of matrix and their protocol, Riot will be getting a huge overhaul from how I understand


their latest blog post on this investment goes over the details of what all they are hiring for.

I don't know how this will end up, but thank you for taking risks supporting open-source federated comms. I hope this will give a mature, free alternative for those of us who are not enthusiastic about the ubiquitous centralization and vendor-locked technologies.

>Matrix is an excellent, federated post-XMPP/IRC protocol

I have my doubts about this. So many IM systems have got this wrong before that there's no reason to give anyone the benefit of the doubt.

I, too, have looked at matrix at some point. I setup a server, created a user, joined a couple low traffic rooms in their main server, and found major practical issues on their protocol's behaviour.

It had problems with signatures when messages contained a certain field, so some messages appeared and others were missing. This seemed very unorthogonal (why is the payload not just a field of its own? Why do messages have so many fields? Why is the signature code different on both ends?) and left a bad impression. To top it off, the server was making me hit my ISPs (pretty bad ISP) connections per second limit. It was opening connections to hundreds of servers, constantly, which seems like seriously bad for scaling, considering I had only joined two low traffic rooms.

So, I fear this is going to be the same Jabber/XMPP bullshit all over again.

Apparently, development focus isn't on making the basic protocol perfect, but on UX nonsense and adding features (think "reaction animations" and other such crap) to try and attract the riffraff. No better than your average commercial IM "app".

I do strongly hope I'm wrong, but I'll stay in the sidelines for now; I did shut my server down because of the connections per second problem. I might give it another go in the future, once their golang server implementation gets there.

> It had problems with signatures when messages contained a certain field, so some messages appeared and others were missing.

Did you file a bug on this? We're not aware of any signature problems whatsoever in Synapse (or Matrix).

> Why do messages have so many fields?

So looking at a message like this:

    "origin_server_ts": 1517313544657,
    "sender": "@kitsune:matrix.org",
    "event_id": "$15173135441073284GrtsX:matrix.org",
    "unsigned": {
      "age": 277
    "content": {
      "body": "Yep, almost a year ago.",
      "msgtype": "m.text"
    "type": "m.room.message",
    "room_id": "!eUGMvloIjhBoAwlyRh:matrix.org"
You get:

* `origin_server_ts`: the absolute TS the sending server claims * `sender`: the matrix ID of the sender * `event_it`: the UID of the event * `unsigned.age`: a relative TS for receipt on your local server (added by your local server, hence being unsigned) * `type`: the namespaced type of the event. In this instance, `m.room.message` is the general purpose Instant Message event type. * `content`: arbitrary JSON to describe the contents of this type of event. In this instance, it's a plain text message with a given body. * `room_id`: the room the event's been sent in.

This doesn't seem unreasonable? (but I may be biased thanks to working on it).

> To top it off, the server was making me hit my ISPs (pretty bad ISP) connections per second limit.

Oops. This might have been a while ago before we improved the connection pooling for federation traffic? What's the limit?

> Apparently, development focus isn't on making the basic protocol perfect, but on UX nonsense and adding features

We're trying to do both. A perfect protocol is useless if it doesn't have flagship apps which make it usable by normal people. Right now the protocol is relatively good; the Python/Twisted impl is very heavyweight (but getting better); Riot (as a flagship app) also has perf problems but it hopefully headed in the right direction.

Dendrite should be an enormous improvement on the serverside when it gets there however!

> issue

To be clear, it got solved, and it happened several months ago.

> the Python/Twisted impl is very heavyweight (but getting better)

Constantly near-saturating rpi2 cpu while doing effectively nothing last time I turned it on. (70%+ cpu time). This is why I'm thinking I'll wait for golang until I try again.

>Right now the protocol is relatively good

Couple questions:

- If I delete my server database, start anew, and join a room I used to be in, will I end up in a bad state, or are things more robust these days? I remember reading about it somewhere.

- Does the server _still_ solve a bunch of names and open hundreds of connections / server event interval or whatever it was called?

> If I delete my server database, start anew, and join a room I used to be in, will I end up in a bad state, or are things more robust these days? I remember reading about it somewhere.

It should end up (eventually) in a consistent state, but it can take a while to sync up again.

> Does the server _still_ solve a bunch of names and open hundreds of connections / server event interval or whatever it was called?

It's still full mesh, so whenever you send a message in a room, your server has to make a HTTPS hit to every other server which is participating in that room. In a massive room like Matrix HQ, this could mean 800 hits or so. It shouldn't do DNS every time, and it shouldn't open a new connection every time, but haven't checked the connpooling recently; hopefully it hasn't regressed.

>whenever you send a message in a room

Just to be clear, I saw this behavior without sending anything to any room. Just by being in the room.

If the server interval setting was 5 seconds, it'd literally do hundreds of connections every 5 seconds.

there is no such server interval setting, and there never has been? i can only assume that this was the retry schedule doing exponential backoff, trying to contact servers that are down. currently we don't have the concept of shared retry hints (as deciding whose hints to trust would be hard), so every server has to work out which servers are available in the mesh itself. After about 10 minutes it calms down.


# The federation window size in milliseconds

#federation_rc_window_size: 1000

federation_rc_window_size: 60000

That's how high it needs to be set, apparently.

That doesn't control how aggressively the server connects out to other servers though - it limits how rapidly the server processes inbound requests; upping the window from 60s to 1s means that it will only process 10 requests from a given server in a 60s window (rather than 1s window) before deliberately falling behind. Interesting if changing it helped your problem; not sure how to interpret that.

Been using Riot for a couple months. The web app can be a bit sluggish, but I can't think of a single complaint about the mobile app.

My biggest concern at this point is that messages seem delayed sometimes by a few seconds. I don't know if this is an optimization issue, or some deeper problem with Matrix's protocol/distributed nature, but it can be annoying if I'm trying to carry on a real time conversation with someone.

It hasn't affected me too much overall, and I'm optimistic it will eventually be sorted out.

As far as I can tell (and from asking the developers), this is simply caused by the matrix.org servers being overloaded. Other homeservers don't seem to have this issue.

Good to hear. I was hoping that would be the case, and obviously it's not bothering me enough to do more than a cursory google search.

I’ve been running my own homeserver for over a year now. As long as I’m not joined to the “giant” rooms like #matrix:matrix.org and #riot:matrix.org, my user’s messages send instantly. Definitely recommend running your own server if you can manage it

Excellent. I can and will soon. That's actually how I started out, but had some other performance issues. After a bit of googling I realized I'd need to read a bit more before running my own copy of synapse (was also uneasy about the security implications of all the federation stuff and want to make sure my server is hardened enough before I open those ports).

There's a Weechat plugin [1], however I remember it having problems with UI lags. In addition, the official Freenode bridge on matrix.org often has problems as well, but that's what I get for not bothering to run my own bridge. At least it seems like the Weechat plugin is under active development. [2] I should give it another try.

[1] https://matrix.org/docs/projects/client/weechat.html

[2] https://github.com/torhve/weechat-matrix-protocol-script

I think they fixed the Freenode bridge recently.

You don't need Electron. It's just a web app. I just run Riot as a pinned tab in Firefox.

That doesn't make it any less clunky or sluggish.

Eh, it reduces the memory overhead to run it in your existing browser rather than run a separate browser runtime just for Riot.

Status is one of the first "mobile chat app" cryptocurrencies to be funded with a ton of money via an ICO. It's actually why I was saying here about a year ago that Moxie the team should be putting Signal on the blockchain somehow if they want serious funding.

Once again we see that cryptocurrencies can be an extremely positive influence on open source projects through the funding they can provide.

As an alternative, we've worked really hard on making E2E key management super easy: https://github.com/amark/gun/wiki/auth

It is P2P not federated though, and the UI might be worse or better depending on your tastes. ;)

Yes, riot sucks both in its current "desktop" implem (electron indeed) and the web version - tried it about two months back. You can tell there's possibly something worthwhile there though; eventually it may become usable for work.

I found the way the software tries systematically to push the user towards the "official", centralized matrix server distasteful though.

> I found the way the software tries systematically to push the user towards the "official", centralized matrix server distasteful though.

Seems like they're simply trying to reduce friction for the on-boarding process to me. Characterising it as distasteful is taking the piss a bit.

Indeed, trying to find the balance between "accessible for your average WhatsApp user" and "powerful for more advanced users" is still something we're working on. Nothing deliberate here.

- Matrix team

It is already usable, try it now and you'll be surprised.

Web version works smoothly on my 2009, 4gb ram laptop and the android version is faster than Whatsapp on my samsung galaxy 1.

Had no idea there was a desktop app, will try it out but why use that when the web version works so well?

While it's great that they found a way to keep working on the project, it leaves a bad taste in my mouth personally because it feels like ultimate capitalism in play even when it comes to protocols like this.

Status.im hasn't done much other than raised a huge round of ICO, so they're sitting on all this money they can use to buy out other "competitor" protocols. Sure, they have a prototype beta and I guess beta testers are using it, but they don't even have a working app on the appstore.

Their (Status.im) strategy seems to be use their treasure chest of money and gain traction by acquiring other protocols (It may sound like a "partnership" but essentially the whole deal seems to be that these projects that received investment are expected to integrate with Status token)

I would have no issue with this approach if they actually HAD launched a product, but like I said, they don't even have a production app.

Riot has been around for a while, and they have an actual product. I think it sucks that an organization with more money can just buy out another org with less money. I would have loved to see Riot build their own destiny with their own tokens instead of raising capital from a competing messaging protocol.

[disclosure: I work on Matrix]

There is no acquisition here, nor any expectation to use Status token. The only idea is for both projects to help each other, and if Status can help financially Matrix might help otherwise (e.g. provide a bridge to Whisper, Ethereum’s own real-time communication protocol and as such exposing all of the Matrix ecosystem into Ethereum and vice versa; continue working on Olm/Megolm such that it could be used for E2E encryption in Status etc).

As Jarrad says in their blog, we are all trying to provide a decentralised Web and no one knows today how it will look like in the future. By supporting other opensource projects Status is only trying to move the needle and promote open solutions rather than proprietary ones.

We at Matrix are very glad that some projects use their ICO money for the greater good, and in this case it will allow us to spend all our time and focus on polishing Riot, getting Matrix out of beta, finalising end-to-end crypto, rather than open yet another battle front by doing an ICO, or getting distracted by raising more funds or doing too much consulting work. Matrix might get to an ICO some day, and/or New Vector might get enough revenues to be sustainable and able to support both Riot and core devs for Matrix. But these are later steps.

Our side of the story is here fwiw: https://matrix.org/blog/2018/01/29/status-partners-up-with-n...

Hey there! Status is acctually making this investment not in the traditional capacity, but rather allowing New Vector (matrix, riot) to continue their development on their own terms.

Status has a very close to working MVP; developing an application completely based off of new protocols and a decentralized environment is no easy task and much R&D still has to be done with Ethereum and the whole ecosystem in general before any of these new systems are production ready; and Status aims to stay true to the ethos of keeping a completely decentralized interface and system while supporting others in the ecosystem that share that same vision.

If you sign up for our alpha on status.im you can test out our (already functional) product. The majority of work left to be done is in performance and security audits.

But has riot.im really been bought? Isn't this just providing the riot.im developers with more time and developmental resources to push forward with?

It hasn't been bought, Status had contractually selected some features/bugs that they wanted fixed but apart from that they do not control riot.im's roadmap.

- Contracted Matrix Dev

Cool. I just set up my own Matrix server (Synapse) the other day and have been using Riot.im on my iPhone. To be honest, everything works much better than I expected.

Right now, my only complaints are that there are some notification settings that you can't change from the app, and that the user interface is a little redundant. I'm highly optimistic though.

And who are you talking to? The problem with Matrix (or other messenger technologies) is not that they're not good enough (in most cases nowdays) but that if not enough people are using them, they're useless, even if technically superior. I have pretty great working Jabber server but the issue is I have literally 2 people left I can talk to using it nowdays and both hardware and maintenance costs when compared to benefits are not looking good.

In my case, I became "that guy" and aggressively pressured people I know to switch to it, even if it's just to communicate with me. The way to get people to switch is one person at a time.

I know it's annoying, and I do avoid doing such things in general. I'd have never done it to get people to switch from proprietary centralized service X to proprietary centralized service Y.

But Matrix/Riot is special and worthy of such evangelism. It's the first federated secure IM system with a good user experience and instant messaging desperately needs to move away from today's proprietary walled garden hellscape.

I had hoped XMPP would pull it off, but it didn't. For a time it seemed Google Talk would make that happen, but Google bait and switched us.

I'm hoping that Matrix/Riot can pull off what XMPP failed to do (and Google arguably actively sabotaged), and I'm willing to strain friendships with social pressure to convert people one person at a time.

Because that's how you build movements. One person at a time.

I use Matrix as a glorified IRC bouncer, since matrix.org has bridges to freenode and mozilla IRC networks :)

There are some rooms that bridge IRC, Gitter and Telegram using Matrix, of course providing native Matrix access too.

Matrix has a big community of people with a lot of active rooms to chat in, and beyond that it has bridges to other networks like IRC, Gitter, and Slack. See voyager.t2bot.io for a graph of a whole lot of public Matrix rooms (created by a crawler bot).

This doesn't change a lot. This makes it at best Slack competitor (and I am aware of the gateways plugins being worked on) and not WhatsApp/Skype/iMessages competitor.

What's wrong with being a Slack competitor? Your perspective here seems to be "it's useless if it can't take on WhatsApp", which I think is overly pessimistic.

I use it primarily as a Slack alternative, for coordinating with people on Free Software projects.

Basically this. One of my favorite insights from an episode of Masters of Scale about Slack[0] is that products like Slack don't necessarily have to achieve huge network effects in the traditional sense to be successful, because you can convince companies to use it for specific teams, projects, or even company-wide, and then grow one company at a time. I'm currently using Riot/Matrix for things I'd usually set up a Slack/Gitter/Discord room for. For most of my friends they associate Riot with whatever the purpose of the chat room is, but at least it's a foot in the door from my perspective.

[0] https://www.stitcher.com/podcast/stitcher/masters-of-scale/e...

Sorry for the late response, I just saw this. I'm currently in a group chat with two other close friends. We were originally using GroupMe, but I convinced them to switch and register on my server (after I made sure that it was working reliably myself).

At the moment, it's the only messaging platform that I use. I use regular texts to talk to everyone else.

In my case, I don't need everyone to be invested into the network for it to be worth it. I'd say that around 95% of my daily communications are in the one Matrix group chat, so I've reduced my reliance on centralized services quite a bit.

I've set a general long term goal for myself to gain more control over my own data. The first step was purchasing my own domain and migrating away from Gmail. This is just another small step.

Check out public rooms directories, right in the app/webapp. Plenty of users and public channels, mostly IT oriented.

> if not enough people are using them, they're useless

I feel like it only takes a handful of active users in your network to make the app worthwhile, though. I use a variety of messengers (including Riot) to talk with different people and don't find it burdensome, even if it is suboptimal.

It's hard for me to really know what status.im is. It bills itself as an OS, but it's not because it runs on iOS and Android. Is it a separate app store and platform? Is it a collection of apps? Is it a library or a set of protocols?

Is this a problem with the blockchain community? Repurposing long-established words for their own use ("crypto", "os")?

yeah, the naming.... it's basically a client app for the ethereum ecosystem, much like the role a web browser has

Its good that Riot gets money, but its incredibly damning for Status, an ICO that was meant to produce its own chat platform. This shows status has no technical ability of their own, and has to ride on existing open source products.

The status investors paid to build a new platform, and the team is unable to deliver this.

By paying an existing open source project, yes we all win, but that is not what people (not myself, are you crazy... lol) paid for.

Status isn't actually using Matrix in its own tech - they seem to be getting on great with their own React Native / ClojureScript / Whisper/PSS stack :)

Why reinvent the wheel when a superior open source solution is in development?

How are they supposed to make money?

I distrust for-profit messenger apps, no matter how good their intentions are. Sooner or later, they'll sell my data :(

The reason we can trust Matrix is that it's free software, and it's decentralized.

I share your distrust, which is one of the reasons I'm not a big fan of Discord. I don't know where Riot's revenue will come from, but Matrix [1] (and Riot by extension [2]) support end-to-end encryption. As others have said you can also set up your own server.

[1] https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-en...

[2] https://medium.com/@RiotChat/exciting-new-riot-release-get-r...

I absolutely wish Matrix could crush Discord. An entire generation of users came out burned by programs like Skype, Hangouts, MSM, Facebook Messenger, etc and then threw themselves eagerly into another closed ecosystem messenger just because it was one of the first to manage a really performant web client.

I think it can, but it will take time. It is up to the community and userbase to adopt it as much as it is up to the team behind the software.

Yeah I think the potential is there, but Riot will probably need features like Push to Talk and other gaming-oriented stuff.

The original plan was to sell related software and services to telecoms companies. The parent company that funded development of Matrix already has similar business relationships with them. Think e.g. a Brazilian phone company.

I think the idea is that those phone companies are scared of WhatsApp and Messenger. It's to their advantage to fund an open, federated messenger bus, so their attempts to compete with them work well globally.

This B2B market has the virtue that it allows improvement and maintenance of an open, consumer application, without contradicting revenue from business uses.

I'm not sure if this is still the ultimate revenue plan, would love to know!

We are not going to sell your data, nor can we (especially if it’s end-to-encrypted or sitting on someone else’s server)! The plan for making $ at New Vector is to provide paid hosted services of various kinds instead. (I work on Matrix).

I'm not sure.

But I'm also not sure they need to have any of your data.

The riot.im client lets you connect to your own Matrix server rather than an "official" one, so they're not really able to monitor your usage or know who you are unless the app is phoning home.

Maybe it's collecting analytics data? Would love to know. I only use the Riot.im app on mobile and use other clients for desktop usage.

Analytics is there, depending on platform it's either opt-in or opt-out. Android is opt-out for now, desktop seems to be opt-in. Not sure about web.

web and desktop are opt-out, but it all is very minimal and redacts anything personal

- Dev who wrote Riot's Analytics

Also the latest development version adds transparency as to exactly what it collects

Does riot.im will support 2FA?

> Sooner or later, they'll sell my data

Digital oil. Makes the world go 'round.

As a backer of the Purism Librem 5, it's nice to see some funding money for Matrix.org, especially after their recent financial troubles. Good stuff!

Any investment in open source makes me happy, especially if there are 5 zeros or more, that means things can get done for a while, which makes things better, longer.

The Riot IM site confuses me a bit, I had thought it was an open source client you could run on own server - but I don't see anything about that there. Did some digging on matrix and found one mention of vector code on github - not many details...

Is there someone I can send $100 that can spend some time explaining to me how to set this up on my own server, and how to mod it a bit so that for example, most logged info is destroyed after 24 hours and things like that?

After spending time and money on rocket chat I've come to find the value in hiring an expert / professional in the sphere to consult with before drinking the koolaid and going all in on the flashy promises on home pages.

added contact info to my profile thing here, I hope it works.

Now if someone would put $2 million into buddypress, and mastadon (I think that's what its called) I would think we have a future that is possible without the F and G overlords.

The RIOT (used to be known as Vector) is just main client. There are many more clients. All listed here https://matrix.org/docs/projects/try-matrix-now.html

Matrix is the protocol - it is a standard. So there are many servers being implemented. But most of them are Alpha/Beta software. The server from matrix org everyone uses now is called Matrix Synapse. It is written in python. If you don't need extreme performance (thousands+ clients) then go with that. On debian/ubuntu it is simple as apt get matrix-synapse but it can be installed as any other python app. Then it is basically about setting one config yaml file (homeserver.yml) and you are done. Lots of guides here https://matrix.org/docs/projects/server/synapse.html

I run matrix synapse for smallish org and we also tried rocket chat and mattermost. Riot was by far most stable and fastest. Rocket chat was very sluggish and mattermost had problems with mobile notifications (i think you have to pay them for notifications or something like that).

Oh sorry you want to hire someone. I did not understand.

Good. Seeing how XMPP basically came to a complete stall, may be Matrix can progress further.

I wonder why did you get that impression about XMPP, for me it's quite the opposite. Have you seen https://conversations.im/ ?

No progress on Muji XEP for years or stagnation of clients like KDE Telepathy and etc. all gives the impression that things aren't moving anywhere. Also, servers closing down (DDG one), Google letting federation rot by not enabling server to server encryption and etc. and etc.

Don't get me wrong, I'm a big fan of XMPP, but the lack of progress is quite upsetting.

It's true that not every XEP moved out of draft status and that big players closed federation but there are new XEPs that are being worked on (OMEMO, HTTP Upload).

Google and DDG do not provide Matrix servers and probably will never do (big players are not interested in federation in general, not just XMPP), but isn't the entire point of federation that you host your own?

Check out conversations.im and dino.im for modern clients.

What does this product do?

Riot.im is an open source Android/iOS/web messaging app. It uses the Matrix protocol, which is also open. There is a reference Matrix server called "Synapse", which I actually just started running the other day.

With these components, you can host your own messaging platform.

Who will I message?

I use it as an IRC/Slack alternative, and it's pretty good - especially for the equivalent of public channels. The apps are better and easier to explain than IRC ones, and it is easier to join and more open than Slack.

Naturally, if you're making a new channel for a group, you have to ask everyone in the group to join it. That's the case whatever messenger you use.

There is crypto now for private messages, but it is a little clunky to setup still. I hope that the funding helps make this better!

For friends I've shared keys with, it works really well. Of course, right now people will only join for ideological reasons. That's OK though!

I'm connected to Discord, Slack, and irc chats from Matrix/riot.im. It's working great for me after about a year of use.

I also invited some friends to join my Matrix server directly, but there wasn't much pickup yet. But that doesn't matter since I'm already connected to the places where people are via Matrix.

Check voyager.t2bot.io for a big list of different public Matrix rooms. There are lots of active rooms, as well as bridges to the biggest IRC networks, Slack, Gitter, Discord, and more.

It's federated.

One of my biggest concerns with Matrix was the amount of device data that it exposes.

It's extremely easy to fingerprint the devices that someone is using (it literally tells you right within Riot) and by design could make it easy for someone to track you or target your device if there are any known exploits for it.

We've already fixed this - devices are now described as "Desktop", "Mobile" or "Web" by default. It was a thinko (mine actually) that we put too much detail in the device descriptions originally :(

Matrix is a good product. I am glad they got finally funded!

I've always resisted commenting on project names, but Riot? I was thinking re flash mobs. But OK, it's some sort of joke.

Great, another messaging app. My phone and desktop are overrun by them.

Let me know when it is overrun by open, federated ones.

Blame those who don't support the idea of IM federation.

My friend recommends something called Franz. I havent tried it.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact