Hacker News new | past | comments | ask | show | jobs | submit login

I am thrilled to be one of the newly announced Guardians of the non-profit foundation. I'm happy to answer any questions people may have, though bearing in mind that I'm going to be a little distracted for the next while until my son goes to bed.

Are there any firm plans for what happens to the matrix.org matrix server in the future? I worry that all the friends and family that I've been convincing to register an account on matrix.org are going to one day be asked to migrate their account to somewhere else, and that feels like it could be a big bump in the road for the non-technical ones.

So, New Vector (the for-profit org that the foundation has just spun out of) operates the matrix.org homeserver on behalf of the community.

With that said, though, I don't think it is going anywhere any time soon. Portable accounts/identity is on the spec roadmap and is a personal passion of mine, so moving servers while keeping all of your identity will hopefully be possible in the not-too-distant future.

Yup, to echo this: the matrix.org homeserver isn’t going away anytime soon.

One of the problems we saw with other protocols when starting Matrix was that often it was hard to pick a good server to host your account, and the project’s “ground zero” server was often overloaded or unavailable. So we consciously made the decision to keep the matrix.org server running to help bootstrap Matrix - but the second we have decentralised accounts we will gently start encouraging users to migrate off to alternatives, assuming that good trusted public alternatives exist. We envisage this to be seamless though; users will just need to click something to opt into storing their account on their new server, and their account will then replicate across the servers where it is hosted. Over time, we might then ask people to stop using the matrix.org server if they empirically are using other servers too, and hopefully eventually get to the point where we have both closed signups on matrix.org and even turned it off. But we are categorically not going to leave any users high & dry.

It’s worth noting that running a massive server like matrix.org is a significant burden and distracts badly from actually building Matrix (especially when things go wrong), so we would love to spread the traffic out as soon as we can.

All this remains scifi for now though, although MSC1228 gives some hints on how it could evolve.

Thanks, that's very encouraging to hear and exactly what I would hope for.

That also sounds like it would solve my biggest issue with running my own server; if my home internet drops or I spill coffee on it I can't talk to anybody until I get it fixed. Having an alternative way of accessing my account would solve that entire worry.

Does MSC1228 speak about zero-trust initiatives?

Not really. MSC1228 is specifically about decoupling all the IDs in Matrix from DNS, switching to strictly key-based IDs - https://github.com/matrix-org/matrix-doc/issues/1228 is the MSC.

P2P Matrix could perhaps be layered on top of this, using some kind of overlay to route the traffic around such that you no longer have to trust any server. We have some ideas around this, but need to write up them up as an MSC. https://matrix.org/blog/2019/03/12/breaking-the-100-bps-barr... has some thoughts on what the transport could look like for this.

Where can I learn about your proposed path to decentralization of control, custody, costs and accountability given that it is, (as with any novel initiative), it is currently centralized on the dozen or so members who form the core of your foundation.

I used to be very enthusiastic about projects like this but AFAICT, decentralized governance ultimately amounts to a contradiction in terms.

We don’t have any plans for formal decentralised governance at this time; it’s hard enough making rapid progress with an open standard with ~12 people helping steer it without opening it up to the whole world to bikeshed.

Instead, we clearly define the terms under which new folks can join and leave the spec core team, code core team and Guardians in https://github.com/matrix-org/matrix-doc/blob/matthew/msc177... and more formally in https://matrix.org/media/2019-06-10%20-%20Matrix.org%20Found....

So this defines how the wider community can get involved at the top level; and in turn, anyone is welcome and encouraged to submit patches (for implementation) and proposals (for spec) - thus providing a relatively decentralised end result. Our emphasis is more on open governance than decentralised governance for the sake of it.

That said, if Aragon or some similar project came along and convinced us of a better governance model, we’d of course consider it :)

Finally read through the faq. It is a bit 1990s.

In those days we worry about how to talk with each other. Share info. In fact find friends. Or server.

Whilst the the technology moves on you have E2E in beta and bridge to join other communication technology but is this addressing the more fundamental question of today’s real internet.

<driver of my worry you can skip>

The internet now is fragmented by either firm (Facebook) or country bloc (Eu data and copyright law; china e-wall).

The internet is great to share but also a great way to isolate and record and arrest people. China is a good example of what is great and nasty of this IP protocol in the real world. Social credit system where you are not allowed to sit in train (or lately bus) and suppressing of freedom of speech is hard in the real world but with internet it is so much easier.

A global communication media without firm and country is what we dream of. Yes there would be troll. But we can find ways to anti-spam, may be using lisp like Paul has done. But we can dream to hack our way back to the original free internet.

I use this to measure everything. Can it help us or empower us to program, to hack, to share and just to chat freely

<end of driver>

Can you work in today world?

Have you listened to the call for national internet by supreme leader of china or the cut off of internet link by Russia. Can you work in Eu data privacy and copyright law?

Can you empower individual... is there essentially a tor mode there?

Or even better can client talk to client direct without server so no one can have a record of what any guy (or girl as trinity would have said) said so to arrest him (or her).

Can we interop freely is my real question?

First, for the record, I find it unfair to compare EU copyright laws to China e-wall. China blocks connections. People who block connections because of GPRD are people who oppose it, without good reasons IMO. To be in compliance, don't invade people privacy. That's it. Things only get complicated if you do.

"Or even better can client talk to client direct without server so no one can have a record of what any guy (or girl as trinity would have said) said so to arrest him (or her)."

On Internet as we know it, even P2P does not implement that. Any router you bounce on can be an eavesdropping server. Actually we now know that some of them are, thanks to wikileaks and Snowden.

Server-less is just a guarantee against a narrow range of blocking techniques. To prevent eavesdropping by governments, you need end-to-end encryption. If you have a good encryption technique, using gmail is not a problem.

"Can we interop freely is my real question?"

It took me a while to realize that no technical hackery will ever guarantee that. This is not a technical problem. The incredible power of asymmetric cryptography gave us the dream that we could evade any kind of surveillance, but in the end, a government can always outlaw crypto and arrest people who use it. There is no technical way around it. Using Tor in China may protect your data but will put you on a suspect list.

A government may install spyware on every communication device that are sold nationally (as Syria did on smartphones) and record screenshots or cleartext messages as they are typed.

You can't solve this problem without doing some politics. Crypto needs to stay legal, governments need to refrain from installing spyware and privacy violations need to be seriously prosecuted.

We have the tools to get around surveillance in a state that guarantees some kind of freedoms, or that is clumsy in its implementation of surveillance techniques, but the gap between hackers and authorities have closed in many dictatorships and is very small in democracies as well.

If the problems you mention are of real concern to you, get involved in politics, donate to EFF and FSF.

Yup, the FAQ needs some love.

I think your question boils down to: do you have to trust a server? Today, the answer is yes. In future, the idea is to have a hybrid p2p and client-server architecture where users can participate simply from an app if they want... but if they want to trust a server to also replicate their account, they can.

However, if you are capable of running your own server today (or know a trusted person who can), you can still have autonomy. For instance, there look to be many autonomous servers running behind the GFW.

> Can you empower individual... is there essentially a tor mode there?

Not at the moment really. There is a tracking bug for it[1] (which includes the idea of supporting .onion homeservers). The main issue I found when digging into it is that Twisted doesn't appear to have a way to set a SOCKS proxy for requests (there are several open bug reports about it) -- meaning that you couldn't get the hidden homeserver to proxy all their connections through Tor nor could you get the other servers to use Tor to contact the hidden homeserver.

But I am hoping this could be done eventually.

[1]: https://github.com/matrix-org/synapse/issues/5152

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact