Hacker News new | past | comments | ask | show | jobs | submit login
Element (Matrix chat app) suspended from the Google Play Store (twitter.com/element_hq)
2009 points by redsolver on Jan 29, 2021 | hide | past | favorite | 940 comments



So we got notified by the developer console at 21:45 UTC that the app had been suspended, but still haven’t had an email to explain why - it’s 02:24 now.

Our assumption that this is due to someone reporting abusive content in Matrix to Google, and Element catching the blame — although this is currently speculation.

To be clear: Element is a Matrix client just as Chrome is a Web browser, and just as it’s possible to view abusive material via Chrome, the same is true of Element.

However, we abhor abuse, and on the default matrix.org server (and other Matrix servers the core team maintains) we have a fairly strict terms of use at https://matrix.org/legal/terms-and-conditions#6-play-nice-cl... which we proactively enforce. Meanwhile we have a comprehensive toolset at https://matrix.org/docs/guides/moderation to help folks moderate, and are making good process with decentralised reputation to empower users and admins to filter out stuff they don’t want to see, as per https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix....

So, it’s very unfortunate and frustrating that we’re in this position - hopefully Google will explain what’s going on shortly.


UPDATE: I just got a call from a VP at Google who apologised for the bad communication around this and explained the situation, which related to some extremely abusive content which was accessible on the default matrix.org homeserver. We don't want to go into specifics, but suffice it to say that it's not related to WallStreet Bets or anything like that, but instead is the sort of thing that causes you to get locked up for life.

We spent today doing an audit by revisiting recent issues reported to abuse@matrix.org, which had already identified and acted on the content in question. We also took the opportunity to explain how Element and Matrix fit together, what decentralisation is, and the steps we take to mitigate abuse on the servers we run.

As a result, it looks like the app has just been reinstated while I was typing this message: https://play.google.com/store/apps/details?id=im.vector.app.

Thanks everyone for your patience and support while we sorted this out (and huge thanks to the overall Element team who spent their Saturdays on the audit).


But I can visit sites and do things in chrome that will get me locked up for life as well yet it's still on my phone.


You could also load the webbased element client in Chrome and use Matrix in Chrome. In theory at least, not sure how it holds up on mobile but you can definitely use it in Chrome desktop browser.


https://hydrogen.element.io/#/login works on mobile. It's their experimental light-weight web client.


Element, the matrix protocol, and matrix.org are all tightly linked together. Matrix.org is the default server in Element. With them so interconnected, I understand why matrix.org issues would affect Element.


Not that tightly linked. Whilst the Element client does offer Matrix.org as a signup/login as the first page you see, you're also just one single click from signup/login to any of the other servers. Nothing about that page really feels locked or branded to matrix.org.

I don't see how that makes Element responsible for matrix.org content. Thunderbird offers getting an email address via gandi.net in their new account page. Does that mean that Mozilla is suddenly responsible for all emails (like spam) coming out of gandi?


New Vector leadership holding key decision-making positions on both Element and Matrix.org could be seen as a distinguishing factor. It feels subjectively like more entanglement than the Mozilla/Gandi combo.


We’ve very consciously tried to separate The Matrix.org Foundation from Element (previously known as New Vector), despite both Matrix and Element being created by the same leadership (myself, my co-founder Amandine, and the rest of the core Matrix team). To be clear: we started Matrix in 2014 as a pure R&D project, and then created Element (then NV) in 2017 to keep the core team employed to work on it fulltime.

However, the non-profit Foundation (https://matrix.org/foundation) was set up in 2018 with myself and Amandine deliberately in a minority control position (2 of 5 directors, called Guardians) specifically to address this concern - to protect Matrix from Element’s commercial activity, in case we ever went rogue.

As it happens, The Foundation farms out hosting and admin of the matrix.org homeserver to Element (which makes sense, given the Foundation doesn’t have employees and Element was already running the server), but if Element ever went evil, i am very confident that the Foundation Guardians would kick in and make a course correction.


But can you host content with chrome that will get you locked up for life? Because that's the issue here: the official default home server was serving that content. Now, yeah, decentralization but apparently the people handling abuse reports of stuff in the play store don't know what this means, hence GP saying they explained what decentralization is and the relation between Element (open source project) and Matrix.org (the 'offending' service).


I think this is the problem, if you treat every client as a host it becomes the client’s responsibility to police the host which is wrong.


Wait until Firefox gets taken down for the same reason and chrome starts blocking things


A better analogy might be your ISP blocking google.com because of heinous content visible on the search screen. Yeah it would be weird, but I doubt anybody would have a real problem with that happening.


Thank you for all your efforts. The way you appear to have handled google's unjustifiable action is really impressive. Clearly that's one of the main reasons to be optimistic that matrix has a bright future - if I was in charge it certainly wouldn't. Due to incidents like this I simply ditched google completely. (OK, to be honest I sometimes watch videos on yt but without having an account.)


Challenges - like this google fiasco - really test the merit of a person and org...and you @Arathorn and the rest of the Element team as well as the Matrix org/Foundation team have shown to be really great stewards and leaders for Matrix, as well as great actors for open source and internet-at-large software. Kudos to you and the teams for the great job at managing this challenge (that never should have been created by Google in the first place)!! I've been a fanboy of matrix since the beginning (both the protocol and the teams building it), and it is behavior like yours and the related teams (incljuding all contributors!) that keep me as a fanboy for both the protocol stack and the software. Keep on truckin'!!! :-)


> Kudos to you and the teams for the great job at managing this challenge (that never should have been created by Google in the first place)!!

You're suggesting the challenge was created by Google and that so and so managed to navigate it successfully by obeying Google.

But we don't even know what the issue was. And if the issue isn't available to the general public through transparency or something like an FOIA request what is really being celebrated is the power of a corporation to control free speech over a protocol intended to wrest control of free speech back into the hands of people in the first place.

Limiting access to information such that it cannot be independently verified is far more sinister and nefarious — not to mention consitutionally unsound — than the threat of the bad actor sharing the info in the first place.

In the wake of the temporary Parler shutdown all of us need to be paying close attention to how we receive information. These things cannot be left up to anecdotal stories which delve into little to no detail.


Very happy for you guys. But do take this as a shot across the bow, if and when it serves Google's agenda to shut you down they will. You have a great service, don't let Google control you and be beholden to them.


We have put all of our eggs in the iOS and Android basket. It looks like this year we’ll see a few Linux phone come to market... can’t come soon enough


While it’s old now, the Nokia N9 proved to me a long time ago that the Linux phone idea has true merit. Harmattan was a brilliant UI!


I think you mean the N900, which I'd still be on if it did all the bands in my area. You're right though... probably the best Linux phone so far in terms of UI (I think the Ubuntu phone was too complex)


No, I mean the N9 :)

https://wiki.debian.org/Mobile/Nokia_N9

I loved the N900 to, of course, but as a phone the N9 running MeeGo v1.2 Harmattan was superior day to day (for me anyway).


Ironically if they put the app on Huawei's AppGallery, it would have been up the whole time on a very non trivial amount of phones outside China where the AppGallery is preloaded before and after the Google ban.


Did your abuse team email the site that you removed from your home page, explaining your policies and telling them exactly why it was removed?

Did the VP offer any explanation as to why you had not received any communcation from Google?


this is still a joke you have to post on hn and hope to get high enough up to nastygram someone over 'my app connectsto the internet like yours' level of shit


Exactly. I'm happy that the app was reinstated, but this solves nothing in the long run.


> We don't want to go into specifics

This kind of language is very wishy-washy and leaves everything to the imagination. 9/10 times the issue is terrorism or CP. So which of the two was it? And why aren't you comfortable enough to share that reason with your prospective users?


Why should the details of the Matrix.org server moderation be of significance to Element users? We are talking about a decentralized and optionally end to end encrypted chat client.

Anyway, Matrix.org is hosted by a foundation with an independent board. You can ask them if you want but given your post you already know full well why they are not sharing. No one is going to do a press release to say they were involuntary hosting CP or helping terrorists. What good would come out of it?


Sounds like CP ... cp is a real issue when it comes to crypto.


I’ve had to deal with a situation once where a user received spam containing links to CP via a major IRC network. Weeks of paperwork and trouble, caused by a few seconds of work for the spammer. Spammers abuse this imbalance of work to easily take down services, many of which won’t ever come back online (I certainly won’t ever host free IRC bouncers again, it’s definitely not worth it).

This is what truly destroyed the open, federated web: humans being disgusting animals.


CP is a very touchy subject. But if we really wanted to solve the problem we shouldn't focus on someone accidentally seeing (and thus caching) CP on their device.

CP should be removed at the source, by doing everything we can to take care of kids and preventing abuse and related photography. And CP trading rings should be busted.

But individual pedophiles should be helped with their mental health issues before they act and become pederasts. The subject is so toxic that nobody dares go to a therapist with their issues. There was a recent documentary about it: https://www.idfa.nl/en/film/bb3cd43c-169a-48db-9fd6-e4cbae0d...

Coming back to crypto. Who cares if the images are shared using crypto or on paper or on usb sticks? Once you find a pederast, law enforcement should convince (without torture or similar tricks, offering therapy and help will probably be more effective) them to help expose their network. Same with any activity that is using encrypted communications: https://edri.org/files/encryption/workarounds_edriposition_2...


https://www.theatlantic.com/health/archive/2016/01/can-child... https://www.researchgate.net/publication/299657027_Non-Offen... According to Dr. James Cantor (a world leading pedophilia expert), and The Atlantic here, child sex dolls may be able to serve as an outlet to prevent pedophiles from acting out on their desires.


If it was encrypted, it wouldn't have been discovered in the first place. At least, not by google app reviewers.


You can take screenshots of encrypted content and the whole aspect of encryption is basically defeated if the channel itself is open to the public. This might not have been the case here, but there are people that infiltrate channels like this on purpose to report them to authorities and Google(?).


Why the lack of transparency about exactly what content triggered this response?


> extremely abusive content

This phrasing suggests it was probably not even illegal to publish.

What if this content had been something that Google finds politically or commercially disfavorable to its interests, rather than something we would all think is intolerable? What if it _is_ like that?


To the extent Google can lock you up for life for being inconvenient for their business model, I suppose it could have been innocuous content.

Oh, wait. We’re still a decade away from that particular dystopia, so I’ll guess kiddie porn or actual planning of terrorist attacks.


Wait, if CP and terrorist attacks are posted in the open, then what FBI wants to read in e2ee traffic?


> so I’ll guess kiddie porn or actual planning of terrorist attacks.

It seems you guess wrong. The Element guy did not mention any illegality, which is what makes me suspicious.


I'm really upset that this happened to you folks, and it's scary, because incident could just as easily have happened to us at Zulip (or any other OSS app that connects to self-hosted servers!).

I expect we'll never get a useful explanation from Google for why this incident happened -- abuse teams, like fraud teams, are worried about the bad guys using the explanations to tune their tactics and so tend to never explain anything.

But the details of how Google screwed up here also don't matter. A sudden Friday night suspension of a popular, legitimate app is insane! That possibility shouldn't be in the flowchart.

I get that for malware/spam/etc., it's important to immediately suspend, but I don't understand why Google doesn't take more seriously the very negative harm caused by doing that to a legitimate app. Some notice and appeal opportunity should be required before suspending a popular app by a legitimate publisher.

I'm upset, and a bit scared, but I can't say I'm surprised. This sort of random/erroneous/arbitrary punishment without explanation happens all the time with Google and other major tech companies. And every app developer I've met has experienced _significant_ disruption to their app publishing efforts due arbitrary/random rejections by an Apple app store reviewer, and this has been the case for years, so we can pretty confident that the vendors won't improve unless they are forced to do so.

There needs to be regulatory oversight of the Google/Apple app stores and the negative consequences for everyone else of their error-prone and ruthless enforcement processes.


> There needs to be regulatory oversight of the Google/Apple app stores

The regularity oversight needs to address a different aspect: google is world-wide de-facto monopoly for people not owning an iPhone. At least for the most part of the freer world, China is different story.

Until Google is broken up or fair competition is not achieved, content regulation does not help. As a European I want to care about US regulation as much as about US tax laws: not at all. The US is not the world-regulator. We elect governments in Europe that have no power to do anything in this sector. I don't say Google should be forbidden in Europe, we are not China. But competition and more choice for users needs to be guaranteed by effective legislation, in practice that against Google and Apple.


> freer world

I guess that's sarcasm? I can't even eat a sandwich outside without fearing that it will be considered a picnic and get me arrested.


This principle should be applied to all sectors. Basically capitalism is still young and we didn't have situations in the past were small companies could consolidate indefinitely so that they can at some point get so big they have more money than some countries. I think there should be a cap that beyond certain point company will have to be divided, so we never get companies too big to fail and being able to afford buying law to suit them.


I’m somewhat certain that the east India company, the VOC etc., had wealth surpassing many countries by the time their consolidation activities reached their peak, though. This isn’t a new phenomenon I don’t think.


Yeah, but those companies were de facto monopolies created by their governments. When they no longer served their purposes, those governments stepped in, defanged them, and took over their operations. Those companies may have been larger in terms of net worth, but their relationship to government was fundamentally different.


This was more like a state sanctioned oligarchy, whereas this loophole kind of gives anyone a chance to start EIC if they find a niche, exploit and then expand. Beyond certain point you buy laws so that nobody else can copy your steps. Rinse and repeat. This should be stopped.


> But the details of how Google screwed up here

They didn't "screw up". Or rather, that's not the main problem. The problem is that Google has the power to block the main channel of distribution of a piece of software.

Now, it's true that you can "just" get Element elsewhere, but the effective user lock-in into a single-corporation-controlled download hub ("app store") - that's the problem. And Google has gotten that quite right... for itself.


Legitimate app yes, but was it actually popular? The cached copy of the Element store page says 100k installs, <2k reviews. Compare to e.g. Signal at 50M installs and 1.2M reviews. Or WhatsApp with 5B installs and 130M reviews.


This is in part because we had to replace the app in 2019, and also because it's not the only client for Matrix - many deployments are actually forks of Element (e.g. France's 5.5M user deployment of Tchap).


If you accept that (1) there is a substantial amount of mal-content that Google should censor, and (2) a key use case for federated messaging platforms is to evade censorship, and that (3) client applications can be functionally part of a federated messaging platform while legally separate from it, then those client applications are fair game to be censored when they deliver mal-content.

Now I may disagree with parts those precepts in stronger or weaker forms, but it is disingenuous to claim that the client application is exactly as legitimate as a web browser just because the client application is legally but not functionally separate from the federated network.


While we're at it, should we ban email apps as well? And probably the Internet itself and go back to "safe" walled gardens like AOL, since there are almost certainly bad people on the net?


We try to rationalize this when it affects apps we don't use. But censorship is a very slippery slope. No single company should have this level of power. Browsers will be next. Solidarity is the only answer to abuses as such. Shade Freud always begets irony.


> should we ban email apps as well? And probably the Internet itself and go back to "safe" walled gardens like AOL

Huh? The AOL you're thinking of included an enormous cross-section of the population, with no controls on who could talk to who. If the Internet is unsafe, then so is AOL, because they're the same thing.


Right, that was the point. You can never get rid of "bad actors", and even if possible, that would have a myriad of unintended consequences (such as living under authoritarianism).

The irony in this case is that the speech that is attempted to be censored isn't even illegal. (at least in the U.S., where our liberal, cherished "anything goes" approach is enshrined in the Constitution.)


That's a textbook example of the logical fallacy commonly known as the slippery slope.


No it’s not — it’s pointing out that those arguments fail when looking at existing systems, and would trivially deny things that we know we want. A slippery slope would be that the reasoning lends itself to more extreme reasoning down the line. You don’t need to bother with that here, we’re already arguing from the bottom of the slope.

This simply argues that they’re special-casing against non-established systems — if you applied it uniformly, you’d trivially lose things you obviously want to keep.

That is, this is a stupid operation that is at best sponsored by “think of the children!” Mothers Against Everything foundation.


My assertion was a narrow one: the client application of a network designed to avoid censorship of bad actors is not exactly as legitimate as a web browser that is not designed to avoid censorship of bad actors.

To go from that narrow assertion to "ban email apps and probably the Internet itself" is fallacious reasoning at its finest.

There's no rebuttal by refuting any of the premises or finding logical flaws, just straight to the end of the world as we know it.


> the client application of a network designed to avoid censorship of bad actors

You didn’t argue this, and I’m not clear that matrix or similar technology makes any direct, intended or significant effort to do so beyond the much broader, all-encompassing goal of “let nothing be unavailable”. But if true, I might be more inclined to agree with you.

What you did argue is that

    a key use case for federated messaging platforms is to evade censorship
Which is wholly different, in that the usage is at fault, not the protocol in and of itself (in the same fashion that Bitcoin was not designed to facilitate drug trade, even if it’s a key use case driving its valuation).

But we also know that illegal activity is a key use case of the internet, of email, of encryption and a wide variety of other decentralized and federated technologies. This is hardly a good justification because you’ll ban all sorts of good things.

The only thing that protects your argument against everything else is that you arbitrarily limit it to non-established technologies — in the name of all that is good and wholesome, you would kill anything like the internet, email, etc, that is not itself the existing technologies.

A web browser is only more legitimate because the internet is more broadly used. Which isn’t much of a case for legitimacy.


This event is a textbook example of the slope already being slippery.


By the way, “malcontent” (no hyphen) is an English word that doesn’t mean “bad content” or “malicious content” like you’re intending.


I guess my dictionary is wrong then sense it seems to be referring to a person in both definitions that they give.


That would presumably include Chrome and https and enabling use through VPNs?

The above are use daily for extremist content, CP, circumventing numerous national laws in numerous places...

Hard to draw the line.


The line isn't that hard to draw.

If you run a monolithic, centralized service specifically designed to avoid censorship, and you don't moderate what users do on your service, and some of those users hurt people with your service, then you should expect your service will be shut down as Parler was.

And if you do the same thing, but separate the front end from the back end, and have different entities run them to provide legal separation, while practically and functionally the result is identical to that of the monolithic centralized service and your system is used to hurt people, then you should also expect that whatever components can be deplatformed will be deplatformed.


Your litmus test of 'is used to hurt people' is completely true of web browsers and email too.

Emails are always coming up in court cases etc. as people regularly use them to organise or discuss criminal acts, and it is sometimes used with E2E encryption so nobody can intercept and police the contents. I'm not convinced you've drawn a clear line. When is a protocol client responsible for the content shared or accessed with it, and when is a client not responsible for it.


How do you logically reconcile that what you say applies to Web Browsers as well?


I just want to chat with my friends without spooks putting it into a permanent database to later be used out of context against me. A crazy, dangerous idea, I know.

It's amazing to see how far we've fallen - to be at ease with the idea that there can be no such thing as a private conversation, and therefore that any private conversation is by definition illegal.

Any crime should require an actual victim. Which means there is evidence of it happening. You don't need a permanent record of everyone's conversations to uncover such crimes, police just need to do the job which we pay them for, which is to investigate.

CP and terrorism are both disgusting, horrible things, but even those are not worth losing all our basic human freedoms over, or we won't be left with a lifestyle worth defending.


By that logic, web browsers are not functionally separate from the federated Web, so all browsers should be banned until they start blocking objectionable sites.


The future: "it's the Internet Jim, but not as we know it" -Spock


> (2) a key use case for federated messaging platforms is to evade censorship

For some people (although maybe comparatively few) it's primarily about building a more robust Internet that works also if centralized service(s) disappear


> If you accept that (1) there is a substantial amount of content that Google should censor

Why would we accept this? We don't even accept the situation in which Google is _able_ to censor anything for the general public.


Why is this disingenuous? The web is decentralized in exactly the same way and browsers play exactly the same role of independent clients for accessing this decentralised network as do Matrix clients for the Matrix network.


I'm testing Element and Matrix at American Airlines.

There are big players with clout that take issue to instability such as this. How can I rely on my company using Element when it gets pulled? Not cool Google...

To the element team, reach out to me if you can't get the support you are looking for.


This comment alone should be reason enough for the company behind Element to sue Google.


Google may be able to control the Element app on the play store, but at least for the server side there's no way to do that with synapse (the official matrix protocol server side implementation), which is fully open source and distributed directly from the developers.


They are also working on a Go version called Dendrite - https://github.com/matrix-org/dendrite

The Matrix team is doing a LOT of cool stuff. :)


Yes, but IMO the Matrix team should _really_ focus on Dendrite since Synapse is extremely resource hungry and prevents a lot of people (including me) from running their own servers.


It's not that resource hungry anymore. Hovering stably around 500M RSS and 8% CPU for me right now. That's with ~25 users and a lot of federated, public rooms, some of them quite large.


What CPU are you running it on and how many cores are being used? Are you also in really large rooms like Techlore and Matrix HQ? Because I think I'm in all of the largest rooms (and a lot of the smaller ones)


I'm running my instance with lots of bridges in a 3-core 4GB server, paying about eight euros a month for it. Synapse runs just fine, but I'll probably switch to the Rust impl when it's done.

If you want to go cheaper and have only 300-400 Mbps of bandwidth, I've heard lots of good things about this provider:

https://contabo.com/en/vps/


Contabo is great: finally a provider that does not save on mem and disk space. I moved everything to them and I save tons of money. The 400mbps is only for the cheapest as well: you can pay more to get more. Not that most people would need more. Especially for running matrix for a company etc.


Not those two (and I know those are especially large), but we are in many 5-10k rooms, including bridged Freenode rooms which are known to be some of the worst offenders.

Note that many significant improvements have landed very recently, for instance the chain cover stuff which significantly improves handling of rooms with frequent membership changes (such as the aforementioned bridged IRC rooms).


8% CPU average actually sounds like a lot, unless your 25 users are chatting around the clock.


The federation is chatting around the clock. Remember, joining a Matrix room means that your server needs to handle all of the room's traffic. And 25 users can easily be in a lot of large rooms. However, each room only needs to be handled once, so if more of my users join a room in which my server is already participating, the cost doesn't increase.

That said, this isn't an average but a spot value. It frequently falls below 8% (though typically stays above 5%). Note that this is a cheap and relatively weak VPS.

I'm not saying Matrix is terribly lightweight. I'm saying you can easily run a small personal instance on a cheap machine without any performance problems.


If I run Weechat on my VPS, and join a few high-traffic IRC rooms, I expect my average CPU use to be 0%. Same if I run mailman with a few messages per minute, or an IRC server.

The fact that we can now run it on a VPS is an improvement, but it is still orders of magnitude heavier than equivalent non-decentralized systems.


How can you rely on the app/play store for any app? This suspension has nothing to do with element, it could have been any app.


Can't you just use a web app or any other matrix client if this happens?

If Google were to "ban" slack from their store, their browsers, etc. then you would be quite in trouble.

But with matrix, just pick a different client and move on.


Yes, I'm doing a custom react client integration. AA has to prepare for black swan events from every angle and this is a perfect example of one.

When you have 100,000+ employees, it's not trivial to just switch up communication platforms.


If you need to prepare for Black Swan events, doesn't it make sense to have your own channel to distribute APKs to all devices? Why would you rely on the Play Store at all?


that’s a lot of tooling to build for a single application—plus not everyone is tech savvy and installing from non-standard locations requires more user support


A 100K-sized company is going to have a BYOD or corporate device issuance program with tie-in to MDM, which effectively functions as a private appstore (the DPC (device policy controller) (itself an app) can silently install apps (as in, download APK from $anywhere, hand to PackageManager) without confirmation, etc).

MDM infra is big bu$ine$$, but DPCs are quite simple to write.

(Psst. They also let you read CPU usage on Android 7+ (sadly not per task, but at least with per-core granularity). The catch? Installing a DPC requires a factory reset. xD)


> A 100K-sized company is going to have a BYOD or corporate device issuance program

Some will, some might run a more open org, with a lot of rather independent contractors, focusing on providing services on standard platforms (email, chat, wiki, bugtracker etc).


Not every device is under MDM in a big corp. Often you have people like external consultants bringing their own devices, who need to participate in (semi-)internal communications. You cannot just MDM those and you cannot just issue bigcorp devices to them, so you need something like the normal appstore to distribute the software. Maybe you even have BYOD for internal people, so MDM could be hairy from a GDPR/employee rights/liability standpoint. And maybe you even have customers and partners who you want to communicate with, whom you have to provide with a viable option of communicating. You can (maybe) separate those into an internal and an external communication tool. But then you just have two different tools, one of which will have the exact same problem about needing installation via commonly available appstores.


It's easier to simply ensure that the apps you need are present in multiple stores.


I take your meaning, but pedantically I think the idea of black swan is that you couldn't ever see it coming, so the only way to prepare for it is some sort of general robustness (which to be fair Matrix does have).


Let each user pick among any of the multiple clients available. Don't design your system / process to only support one client.


It puts too much pressure on Helpdesk to provide the support needed when you don't have a common path.


This reality should be yelled by a death metal band singer 24/7 at every FOSS developer.


I laughed hard ... but actually no.

That should be yelled at every FOSS evangelist, those people who claim everywhere that no one needs Windows, because Linux has everything Windows has, just better, etc.

We FOSS developers are free to do what we want. Most of us develope mainly for pleasure, not to ease the workload of some corporate helpdesk.


I'm arguing against the hidden premise that "having a dozen different client thingies" is a potentially good thing for users. It nearly never is, and the fact that a dozen devs derived pleasure from creating them doesn't change that.

I'll go even further and claim that "user choice" is code for, "warning: nobody in this space is competent enough in UI/UX to derive pleasure from working on it." In fact in mastodon's design, it's not even code-- the "choice" of servers by topic is literally a limitation imposed on the user before even signing up. So the very first part of the UX has a circular dependency-- choose a server to try out the service and discover which server most suits your interests. It'd be like Google redesigning search so that you have to type subreddit-style topic into the URL before searching.

Additionally, this "choice" meme seems to conveniently disappear for software that has a thoughtful UI. I don't see anyone talking about the downside of Krita not having multiple other half-baked UI's than very impressive one it ships with.


There are debug version apks available here: https://buildkite.com/matrix-dot-org/element-android/builds/...

Click on "Assemble GPlay Debug version" (or "Assemble FDroid Debug version" if you don't have Google Play Services), then click on "Artifacts" and then choose your apk from there.


How is that a solution to the problem? Of course there's other ways to install software, just like you could build your own iOS app and sideload it with a certificate. If an app is gone from the store it's basically dead.


If I were to test the implementation of an app in my enterprise, then it would benefit me to cut down on the unnecessary dependencies. Being dependent on the Google Play Store has shown to be a liability in the past because there were moments where it became a single point of failure (as demonstrated in this thread)


Sorry for this :((


There are alternative clients: https://matrix.org/clients/

FluffyChat would be the main contender.


Big players with clout can commission their own closed access app. The C levels just need to take a $0.5M hit among themselves.


Reach out how? You have no public contact information in your HN profile.


We've already had conversations and I reached out personally.


That's why XMPP has been adopted for military and industrial use.


You can use FDroid though.


How are you going to explain that to your manager?


How does your manager explain to you that you must agree to TOS from Google to install apps necessary for your job?

In the explanation to a company I see nothing wrong. In the tendency to make employees agree to arbitrary ToSes, I see massive liability that should be dealt with using a massive class action lawsuit against some behemoth.

I actually think federated protocols are a get out of jail card for employers since making your job related to owning a car is reasonable, to owning a specific brand of car is not.


Hello employee,

We have a new corporate policy that removes your access to anything related to O365 by Date. The only way to remediate this issue is to install InTune and the corresponding corporate security office's profile so it can enforce our policy on the device. If you qualify for our corporate device program, we will cover the cost of the device and data plan.

Sincerely, CTO

Honestly, it's very common at the largest public corporations and most corporate r&d groups in the US. It's not like we don't already do black box development or have strict vpn only enforcement rules. I wonder how risk assessment sees these kind of federated protocols because in theory you are right about it reducing liability if they run the system.


You’re lucky if you work a place that even sends you an email when they make unilateral changes to the software that’s running on employer-owned hardware. Everywhere I’ve been has a management engine running with highest privileges that does whatever it wants, this used to be true only in industries like finance and healthcare but now it’s standard.

Maybe places like google are different, I would not know but I’d be surprised to learn that there’s any publicly traded company that does not exercise total control of their machines.


We received a generic update at 05:31 UTC confirming that the app had been suspended due to abusive content (Sexual Content and Profanity: https://support.google.com/googleplay/android-developer/answ... ); we're following up to explain how Matrix and Element works and get this resolved.


This is probably not a coincidence or an oversight, but rather a "what can we get away with" attempt, similar to previous efforts to remove UBlock Origin.

But why? Matrix is tiny and no threat to Google services.

I'd personally expect three letter agencies to be involved here. The US government has been aggressively going after encrypted communication for years, with extreme tactics like personal intimidation and secret courts. Read this story about a secure email provider if you doubt it. [1]

This doesn't work so well with EU based companies, even though they have been pushing EU governments to do the same. (There recently was a leak that the encryption ban currently discussed in the EU parliament has some roots in Five Eyes efforts and that governments were pressured by the US to support it. Published by FAZ or Sueddeutsche, I'm trying to find the article...)

I also doubt that iMessage and What's App gaining "backdoors" to their encryption is purely motivated by user experience.

At a time where a lot of people want to switch communication platforms, nipping any such efforts early might well be viewed as important.

"Abusive content" is a convenient excuse that can be arbitrarily applied.

[1] https://www.newyorker.com/tech/annals-of-technology/how-the-...


> But why? Matrix is tiny and no threat to Google services.

There is an absolutely unprecedented shift going on as we speak, one of those groundswell events that have the potential to shift usage habits of hundreds of millions of people.

We got a taste just recently with the shift away from WhatsApp based on a TOS update. Imagine arguing last year that ten million users would jump ship based on a TOS change?

Matrix, and services of its ilk, are absolutely an existential threat to Google in the next 20 years.

Don’t forget that Google has all the threat intel you could possibly imagine from their existing analytics platforms. They will see the shift coming before anyone.

I can absolutely see them acting now to try to disrupt the initial rumblings of a seismic event that has the potential to go totally viral and popular sentiment shifts against megacorps.

Killing them gets exponentially harder over the next 6 months if there were a successful campaign across the internet to switch to these services, and 2021 is very close to seeing a very significant grassroots campaign like that truly take off. Certainly the time has never been better and the populace never been more primed to make the move out of the walled gardens.


Google has no (competitive) horse in the messenger race, so while that theory might fit your ideological point of view, I don’t understand why Google itself would have any incentive (or grounds) to remove an open source chat app.

How is Matrix a threat to Google?


Google counts up every minute users spend using their electronic devices.

In their world view, every single minute per day spent looking at screens that don’t have Google ad targeting is a minute that a competitor is stealing value from Google.


> How is Matrix a threat to Google?

A matrix user identity will eventually compete with a google account.

When google accounts are considered as important as myspace accounts, then much of their surveillance loses relevance.


> How is Matrix a threat to Google?

Conjecture on my part: it's a threat to the ad spend Google gets from Facebook.


Facebook (24%) and Google (32%) compete pretty intensely for mobile ad spend. While we don’t know how much Facebook uses Google ads, that theory isn’t particularly satisfying because they compete so intensely.

https://www.fastcompany.com/4032442/its-still-pi-day-so-we-d...


> Facebook (24%) and Google (32%) compete pretty intensely for mobile ad spend. While we don’t know how much Facebook uses Google ads, that theory isn’t particularly satisfying because they compete so intensely.

And yet...

https://www.nytimes.com/2021/01/17/technology/google-faceboo...


Discord, a huge chat software, is hosted on Google Cloud. This might help explain why they tried to kill Element, a client for Matrix, a competing chat software with similar targeted user base.


This seems like a classic case of Hanlon’s razor and I don’t see any evidence to the contrary (yet).

An NSL would be handled a lot differently than removing an app from a single app store for sexual content. Every indication so far points to it being a mistake by Google.

From less than a week ago: https://arstechnica.com/gadgets/2021/01/googles-bots-decide-...


Maybe.

But if you always discount such events as coincidences, you risk remaining blind to emerging patterns.


The pattern is that their reviewers are really bad and the appeal process is almost nonexistent. Improving the quality would probably be a huge cost and they have no real reason to do that.


Having a appearantly random blackbox system is handy when you want it to do shady stuff. Just blame the algorithm!


The app is back up and the Element folks agreed that there was what sounds like child pornography reachable from their domain. Overzealous automation perhaps, but obviously not a conspiracy.


Element is not Matrix.org.

You can view child porn on Chrome, or receive it by email, or download it by Torrent. Yet I don't see anyone banning web browsers, email clients, and Bittorrent client.


And the takedown was reversed. It is clear that Google now believes that the app is not in violation.

The point is that this is well explained by something other than conspiracy.



We've just published an official blog post updating on the situation at https://element.io/blog/element-on-google-play-store/ which we'll keep updated as things progress.


Did you think to maybe give your article a more self-explanatory title? It's harder to spread the message when the primary qualified source for this is titled "Element on Google Play Store" instead of maybe "Element (Matrix chat app) banned on Google Play Store".


updated.


Will Matrix respond to this by pointing out that F-Droid is a viable option for people intending to publish or use FOSS apps?


good point; have updated the blog post.


FYI, unless you're providing reproducible builds to F-Droid signed by your key (which doesn't seem to be the case), that APK is going to be signed with a different key. So it's either uninstallable over top of a Play Store-derived APK, or if someone does install it who doesn't currently have Element installed, they won't be able to install a Play Store-derived APK later – at least not without uninstalling first, and unless they do that with the right adb option, they'll lose any app data they have.

Ideally you could set up reproducible builds and make sure that the version in the default F-Droid repo stays up-to-date, but reproducible builds may not be practical for you right now (I'm not sure). Barring that, as you mentioned in the blog post, setting up your own F-Droid repo with self-signed APKs is a good option.

I haven't yet played with Matrix nearly as much as I would like, but I love the vision. Thanks for your efforts!

Also nice plug for F-Droid; they're doing good work as well.


> We're also looking into running our own F-Droid repository going forwards

That's great to hear as well.


i disagree. the main repository enforces reproducible builds and restricts trackers. please keep the main repo up to date.


Well, I disagree with your disagreement. Part of the value of F-Droid is that the main repository can host packages that are vetted and maintained by uninvolved parties. Second, if the Matrix-run repository does reproducible builds, then... there's no problem. (That's the nature of reproducible builds.) Third, F-Droid was conceived to be distributed and decentralized. That's why it allows you to add other sources in the first place, there's even a feature baked in that lets you get/share apps (including F-Droid itself) in-person with people around you, and under the hood the whole thing uses a DVCS-style model where the package index is "dead" data and your device manages a copy. Fourth, an app author choosing to run their own repository means that they're invested in F-Droid, moreso than instances where F-Droid's role is to achieve "mere availability" for the package.

What's more, this incident is evidence that we need more decentralization, not less. In instances where decentralization is either already working or is up for consideration, we should encourage it, not try to eradicate it.


If they provide reproducible builds there's also no need for a separate repository.


Can you explain your reasoning?


The main repository also signs everything with f-droid keys, not the original developer's. This means any compromise in f-droid compromises everything.


actually, it turns out this is no longer a limitation: https://f-droid.org/docs/Reproducible_Builds/

"Publishing signed binaries from elsewhere (e.g. the upstream developer) is now possible after verifying that they match ones built using a recipe. Publishing only takes place if there is a proper match."


sounds like a problem to solve. build in both places, verify build hashes agree, upstream dev infra signs and sends signed build to f-droid, f-droid verifies hash against its own build, verifies upstream signature, signs and then lists. apks can have more than one signature.


Kudos on the quality of this post, makes me feel like the project is in level-headed hands!


FYI, there's a typo in the updates at the bottom: Yesterday and today is referred to as being in 2020 rather than 2021.


This is insane. This jeopardizes every email, xmpp, matrix, etc; basically any 3rd party application.


Being suspended for user generated content has been a rite of passage for third party reddit clients. It's crazy how this happens again, again and again.

https://old.reddit.com/r/Android/comments/96l0at/sync_for_re...

https://old.reddit.com/r/Android/comments/6dwv1f/boost_for_r...

https://old.reddit.com/r/Android/comments/5fqrr8/now_for_red...


There is a significant difference there though: reddit is still a single, central entity. Matrix, XMPP, email, (and activitypub based systems, ssbc, and anything federated) could be connecting to one's own server. It could be a machine in my basement.


I don't see the difference. "Sync for reddit" a custom client for reddit. It was suspended for "hate speech". Then why isn't the official reddit app not suspended?


> I don't see the difference.

?

1. I install synapse (a matrix server) on my own machine. I install Element on my own phone. I connect one to another, and via the server to other servers.

2. I install a client that connects to reddit. Same reddit as everyone else. Same reddit as the reddit website.

There is a rather significant difference, isn't there?

EDIT addressing the 'hate speech' part, you are correct. If one reddit client is banned, all should be banned. But that is not true for communication apps, like Element.


> This jeopardizes every email, xmpp, matrix, etc; basically any 3rd party application.

Except of course Google's own applications. Gmail, Hangouts/Meet/whatever-it-currently-is, Chrome.

Luckily it's not possible to display illegal content with Google's own apps /s

I remember when my nephew got groomed on Google Plus, I was way to naive to think that this would not be occurring in Google's walled gardens. But in there, it turned out to be quasi-public.


>Luckily it's not possible to display illegal content with Google's own apps /s

Perhaps one day they will make this argument to justify having to spy on everything you do with their software.


> my nephew got groomed on Google Plus

That is genuinely horrifying and I'm so sorry for him and your family.


Don’t worry. Google will kill it’s own chat apps. Sad but true.


The app in question wasn't suspended for illegal content, it was suspended for profanity.


That's ridiculous on it's own. I mean... got out on the street and listen to how people talk.


I pointed this out not long ago. When will it comes to Email? How is mailing list any different?

And what about Chrome or Web Browser? Or they going to have built in Filter for website? Although without the reach of Google Search Engine having a filter or not makes no difference anyway.

But it is great they are doing it, the more the better. People were extremely supportive on HN not long ago about banning speeches they dont like on Internet. Hopefully they finally learned something here. They opened the Pandora Box and there is nothing anyone could do until the Pendulum swing to its limit before swinging back.


History repeats over and over again: https://news.ycombinator.com/item?id=3597025

For all the chaos, the Internet continues to be surprisingly consistent with one set of rules for BigTech and friends and another set of rules for the rest.


It’s largely based on who has more lawyers. Google would never suspend Twitter because they would be instantly sued... like within 24 hours... and by a top tier law firm.


Update: from what I read, the reasoning can probably only effects systems where history is stored - slack, matrix, to name two. IRC most probably not, XMPP only if configured. Email: unlikely, it's a very different system.


All web browsers that are not Chrome, beware. You're next.


Those might be the exceptions, at least for now. Ever since Firefox's crusade against IE the majority of people seem to still know there are different ~programs~ apps to access the internet with. As long as Chrome is not the default in the overwhelming amount of the operating systems, this might even stay like this, which is why I'm extremely unhappy that Android ships with Chrome these days and not with a thin gui on top of the system webview, like it used to.

EDIT: this ties in to the conversation I had on different platform recently, that it's getting arduous to make people understand that an app is not necessarily the same as the system behind it. Choosing an email client used to be a thing (Thunderbird, The Bat!, Outlook Express, mutt, etc; to name some across contrasting needs) not even too long ago. I despise that we came to a world where even the tech moderation fails to understand an app != protocol.


> As long as Chrome is not the default in the overwhelming amount of the operating systems, this might even stay like this, which is why I'm extremely unhappy that Android ships with Chrome these days and not with a thin gui on top of the system webview, like it used to.

That is also why I was rather sad when Microsoft announced that they won't develop their own browser engines any more. I disliked IE as much as anybody else, but what I did like was the competition. With Edge switching to Blink, essentially becoming yet another partially-degooged Chrome, part of that competition is gone.


> With Edge switching to Blink, essentially becoming yet another partially-degooged Chrome

Now it sends half of your data to Google and the other half to Microsoft. That's an improvement, they decentralized spyware.


Its 75% each way. And they will for many years work to reduce spying by lowering this percentage, to 50% in the asymptotic case.


I would posit that Google has a vested interest in blurring the lines between apps and the protocols that drive them


I wonder why this hasn't been escalated to an anti-trust case yet.


They don't bust trusts anymore, but FAANG sure is determined to bust all our trust in them.


[flagged]


A little polemical, but there's some truth here. We've become so fixated on left-right as the only dimension that whenever you advocate for something clearly in the centrist-ish public interest, all anyone wants to know is which side you're on so that they can reduce you to a caricature.

Which prompts the question, who is responsible for all this vitriol? What people or corporations are driving us further and further into these two filter bubbles?

Oh no.


It used to be that if you even uttered the words "freedom of speech" here you'd be instantly downvoted and jumped on by five people saying that censorship is only when it's done by the government. Some people still double down on supporting the censorship, but at least no one even mentions that free market argument anymore.


Used to be? -6 and counting. Should get flagged any minute now. Can't have people speaking untruths ya know?

edit That didn't take long.


Let me get this straight - you're saying "true libertarians" are people who decide to stop caring about advancing libertarian causes because someone else exercised their right of free speech, and now cheer for the loss of liberty of people they don't like?


No, I'm saying true libertarians have been getting ostracised by polite society for years now.

I'm a massively left leaning libertarian, if it weren't for its consistently proven failures in practice I would be a commy.

But here I am, over the years of commenting online I've been labeled a trump supporter, a Republican, alt right, white, male privileged, white privileged, racist, pseudo intellectual, biggoted, transphobic, and a Nazi.


Aren't libertarians all about the absolute sanctity of private property over all other concerns?

How is a pro-business ideology remotely justifying government intervention in the practice and moderation decisions of a private company? Wouldn't the rectification involve the government specifically dictating their business behaviour?


Wikipedia:

Libertarians seek to maximize autonomy and political freedom, emphasizing free association, freedom of choice, individualism and voluntary association. Libertarians share a skepticism of authority and state power, but some of them diverge on the scope of their opposition to existing economic and political systems.

If you want to get specific on the economic front I diverge a bit and fall somewhere along the mutualism line of things where I'm more interested in a pragmatic free market socialism. Basically just do what you feel like but don't be a prick about it, and yes, we'll organise some free healthcare and education.

https://en.wikipedia.org/wiki/Mutualism_(economic_theory)


I'm not seeing a meaningful objection to Google doing what it wants with moderation of its own platform though.

"Do what you want" in the free market is exactly this behavior.


It's own platform?

They're monopolies. They are the market.

There is nothing free about a moderated market.

Robin hood investors disliked a move by management and voted with their feet to place one star reviews.

Google removed them all.

You can but ma private companies if you want but you're only pointing out how monopolistic these platforms are. Good luck with antitrust Google. You gonna get fucked over a barrel. People are waking up.


Google is not a monopoly in the App Store market, but even if it were - how are you going to stop it? Google's property is it's property - it is entitled to do as it pleases. At what point in libertarian ideology is the government supposed to step in? And when it does: and do what? (while still being plausibly a libertarian movement).


> Aren't libertarians all about the absolute sanctity of private property over all other concerns?

They divide themselves on left-libertarians and right-libertarians. What you're thinking about is right-libertarians, so anarcho-capitalists, minarchists etc.


There needs to be a term for otherwise libertarian-minded people, who also understand that the platform should revolve around correcting the power imbalances between large wealthy organizations and individuals, whether those large organizations are governments or corporations. I don't see why we can't restrict the ultra-rich billionaires while still protecting the small-to-medium rich who actually did bust their ass to gain their fortunes.


Wonder if we can get Facebook, Twitter, WhatsApp off the Play store like this as well. "Side effects include: sexual content and coups."


No need to wonder. The Facebook and WhatsApp apps are why people buy phones. If a phone/platform can't run Facebook/WhatsApp, people will buy different ones that can.


You could if it were small apps.


Could this be related to all the WSB shenanigans going on? Banning their chat groups makes them move to another, repeat?


That would be absurd but compared to everything that happened in 2020, that could be very likely. A lot of $ billions are being lost which very well may impact a large amount of expectant people.


After Discord banned their server, they moved to Telegram and the chat currently has more than 100k members. They would've banned Telegram if they wanted to shut WSB down


> Google will explain what’s going on shortly

It's definitely not Google style.

But I hope Matrix will get more promotion in result.


I on the other hand hope that they won't just say "oops, our bad!", reinstate it and sweep the entire thing under the rug like nothing happened, without explaining anything.

There are people here who work on mobile applications. If they depend on Google and Apple delivering their app to their clients, it's still unacceptable that they can potentially put you out of business, just like that. I already saw a couple of people here that claimed it happened to them too. Without any reason, without the ability to appeal, nothing.


Newsflash: there is a chat system so secure, Google doesn't want you to know it exists.


I don't think that can be the full rationale behind whatever got it removed, if that were the case, they'd absolutely have removed Signal quite some time ago.


the difference is Signal is NOT federated, and matrix is. Which make it more like email, harder to censor.


Not necessarily, I run a non-federated synapse (matrix protocol) server for intranet type use. It's in an environment where it has no connection to the wider internet at all.

The default matrix.org servers are federated.

In terms of what the default Element install presents to the user upon launch in its GUI, I think it does offer the 'official' matrix.org servers as a place to create an account and sign in, start browsing 'rooms'.


Your users still benefit from less centralization. The main matrix.org instance might ban them for whatever reason, but their access to your internal server is not touched. It's different if all of you used Signal or Discord and their account got banned e.g. for using an alternative client.


Signal is open source you can run your own non-federated signal server. You can use a custom signal client against the federated network too.

https://www.vice.com/en/article/n7vq4k/thousands-of-users-un...


Signal Server has not seen updates for over 9 months. Moxie openly states that is not part of Signal's core values to support federation in the network.

IOW, even though they say they don't want to control your conversation, they do want you in their hands.


But. The point is still that you can run your own non-federated signal server or connect your own client to their federated network.


An outdated version of the server whose development team has no incentive whatsoever of supporting for your use case.

Can you run it? Sure. Should you?


Why does any source code exist then? What is the point of GitHub with codebases that are 7+ years old? Would mass adoption of the outdated server force updates or god forbid a fork of the code base?

Please excuse me for being direct, I do not accept your defeatist attitude on this one. You won’t have stickers, such a shame, but you would have the ability to create your own signal service


If Signal was the only alternative to have an internal messaging tool, sure, it would make sense to invest time and money on it to keep it up.

But it doesn't. There are options. If I had to choose, I would rather invest this time and money to collaborate on the existing protocols that do have the goal of being fully open. Matrix and XMPP can do the things that I want and there are plenty of people working on them to overcome the present issues and challenges for mass adoption.

Why should I swim upstream by myself if there is no special reward for this kind of effort?


Because the signal client is very straightforward and easy to use. You gonna teach your grandma how to connect to a mumble or matrix server?

I know you are a nerd but your users are not.


My grandma does not use any kind of phone, so it is going to be hard to get her to Element or Signal or anything.

However, my mother does use Element to talk with me and it wasn't that hard to help her download an app, tell her where to put the username and what is the name of the matrix server and quickly she was on her way to start a call and setup a room with the rest of the family where I share the pictures of her grandkids.

My users may not be nerds, but they are not stupid. They can learn.


Moxie is not friendly towards such third party clients that connect to the main network. Also, I only used it as an example. There might be other reasons for a ban. The point is that you don't depend on them.


And for the love of God, people should stop calling Signal secure as long as it is tied to a phone number. You cannot get a SIM card in my country without not having it tied to your ID card number, address, and so forth. You are not anonymous on Signal.


They can tell that you got a phone number and use signal. Apart from when you first and last used signal (timestamp), as in sent messages, that's about all the info signal has on you, and can provide. That sounds pretty good. Even if it is tied to a physical identity. The fact that your content is sufficiently encrypted and cannot be tied to your identity, even by signal, means what you say is anonymized.


> people should stop calling Signal secure as long as it is tied to a phone number.

Like nearly everything, "secure" is a spectrum and not binary. On that spectrum, Signal is overwhelmingly more secure than most messenger apps people actually use.


You are right, although as long as it is tied to me, it is not secure according to my definition, but sure, it is more secure than most instant messaging apps. I do not think it is a good thing to have my phone number, or even my e-mail tied to it when you can easily do it in another way. With e-mails the problem is that most have a thing against throwaway e-mails, and non-throwaway ones are difficult to sign up for using a VPN, let alone Tor, for example. It is still pretty much tied to you. There are so many ways to do it without using either of those. I suppose they may use those things as an anti-spam mechanism or something, but see below for an instant messaging app that does not require these and where DDoS attacks or spamming is not much of a concern. For the record, in Ricochet you got random IDs in the form of "ricochet:xxxxxxxxxxxxxxx". You share your Ricochet ID to be able to get a connection request.

To me, Ricochet is the most secure instant messaging app for desktop. It would be even better were it to use Onion v3, and if it were available on Android, but then again, I do not really consider my phone secure by default with all the Google crapware. I disabled the default Google keyboard and downloaded one that does not require Internet connection and that is not related to Google in any way. It is so silly that I cannot even delete any apps that came with my phone. So they say its storage capacity is 32 GB. Half of that is spent on crap that came with the phone, splendid. In any case, I am going off-topic here so... :)


haven't followed matrix implementation for a while. Last time I checked their e2ee was still not quite ready to deserve that name[1]. is it a solved problem now and is crypto used in matrix now truly e2ee so that it can be comparaed to Signal. Maybe I've missed the research papers suggesting otherwise but it seems comparing Signal w. Matrix is apples and oranges (even when just talking about e2ee and ignoring the centralized/federated aspects of the 2 technologies)

what is the actual state of matrix e2ee today? (or is that question silly because it depends what the individual matrix clients chooses to implement).

I'm extremely excited about having a federated e2ee messenger, however as a "Lawful-Intercept" realist, I don't have a lot of hope that it will not get forced to comply with current EU regulation proposals, that prevents Matrix from fulfilling its promise as fully e2ee. (e.g. the future that we're heading to in the EU is the same as 5/9-eye countries: there will be a "legal" way of encryption and another one that is illegal, all depending if access can be given to 3rd parties / LE...)

[1] (Sad) state of E2EE in Matrix clients (from 2018): https://www.reddit.com/r/privacy/comments/9avyen/sad_state_o...


So that article talks about third party clients - third party e2ee support has gone from "basically none" to "a few clients". It's complaints for the official client is that e2ee is opt in (not anymore), fingerprints are shown base64 rather than base10 (a: who cares, b: there's an emoji encoded display now for shorter user recognisible fingerprints) and that it warns about being in beta (it isn't anymore).


> e.g. the future that we're heading to in the EU is the same as 5/9-eye countries: there will be a "legal" way of encryption and another one that is illegal, all depending if access can be given to 3rd parties / LE...

Why do you say there will be, as if the future is predetermined? Perhaps we should re-evaluate that and help prevent it from happening instead of complacently stating something as if it is a foregone conclusion?

Your words matter here. The way you are using them is helping materialize the future you do not want.


Signal can at least in principle censor user content, because they control both server and clients. (And they do, for example you can "delete" your messages that are stored on other clients.)

With Matrix you have the choice to use whatever server or client you like, which makes it difficult to censor.


So in this regards, Matrix is no different from email. Should it be expected that the play store will ban email clients?


> Signal can at least in principle censor user content, because they control both server and clients.

But given E2E and the Sealed Sender[0] functionality, they could only suppress messages based on the recipient's user ID, not based upon message content or the sender's ID. This all or nothing approach is a rather ineffective method of censoring – it basically just amounts to banning a user account. I wouldn't even call it censoring in the first place as that term, at least to me, refers to a more selective and refined approach.

> (And they do, for example you can "delete" your messages that are stored on other clients.)

This has nothing to do with censoring and nothing to do with Signal controlling "both server and clients". The Signal developers simply extended the protocol to include "delete" requests for previously sent messages. The client app still needs to implement the actual deletion, though. You could easily compile the Signal app yourself with that functionality removed and then nothing would get deleted from your message history anymore.

I mean, sure, 99% of users are not going to do this. But this is no different in the case of Matrix, where most people just download the default apps like Element from the app store.

So I don't even understand what your statement

> they control […] clients

is supposed to mean. Yes, they write the source code. So? Someone has to produce and maintain the source code and whoever does it will obviously be in a position of power. Producers are always going to decide what they produce. Consumers don't get a say in this – unless they become producers themselves (and in case of open-source software) adapt the product to their needs. Again, this is nothing new and is the case with Matrix, too.

[0]: https://signal.org/blog/sealed-sender/


This would be a point weighting that Signal's servers or the network connection to the servers is compromised, in a Bayesian filter.

To put it in terms of your logic: it that were case, it means Signal is not secure.


I was attempting to imitate one of these "clickbait headlines".

It seems this always requires the /sarcasm tag. =)


Which one?


Can we get Elon to tweet?


My comment elsewhere got buried but it might be useful to you.

Pattle also appears to have been removed. Ditto and FluffyChat at the moment appear to still be up on the store though. For those unaware, these are all Matrix clients.


Afaik Pattle is discontinued


Dunno, it's still listed as an official app and links to the play store.


It's discontinued, the links are stale.


Update posted on Twitter:

> Morning all. We've had contact from Google confirming that the suspension is due to abusive content somewhere on Matrix; we're working with them to explain how Element works and get the situation resolved.


Maybe someone can let Google know that Element is not a publisher.


No but Matrix.org will likely be considered one. I mean the Twitter app isn’t a publisher but Twitter sure it.

If Matrix only facilitated private communications then they could probably tell Google to piss off but they became a social network when they included public chatrooms.


So when's twitter getting its take down?


I think it’s funny that they think Google cares at all about the implementation details of your service. The only thing that matters to app reviewers is what the user sees when they use it. If you make your app technically unmoderatable, impossible to remove illegal content, or impossible to respond to DMCA requests you don’t get to just throw your hands up.


> The only thing that matters to app reviewers is what the user sees when they use it.

If that were true, web browsers would be in trouble.


I understand Google Chrome can be used to view objectionable illegal content.


It’s not that the app can be used to view the content. It’s that Matrix apps are basically matrix.org clients with an option to use another home server if you want. If you followed the default onboarding you get a Matrix.org account. It’s the default blessed server from the project. So Element will now forever get blowback from public content hosted on Matrix.org.


Element is a Matrix.org client that lets users choose another server if they want. And Matrix.org hosts public chatrooms. So the fate of Element is tied to content hosted by Matrix.org.


Older protocols such as HTTP are grandfathered in; if the web was invented last week, browsers probably would be blocked periodically.


That really sucks. Here's to hoping they don't end up using this to pressure you into compromising your feature set somehow.

Incidentally I was always kinda surprised that the upgrade nag links in Riot Android redirected to Play store instead of f-droid


Good luck! I hope you get this resolved soon.

In the meantime, what is the explanation for the F-Droid version lagging behind?


F-Droid publish their own builds; part of their mission is to independently build and package the upstream from source to avoid risk of the upstream doing anything unpleasant.


Got it, thanks for the info. I donated 100 dollars via https://f-droid.org/en/donate/ in the hope it helps them. Thank you and everyone working on Element and Matrix as well!


Can they not automate that? That would probably put them _ahead_ of the Play Store


It's not their goal. They want to be able to check the source code and verify it does what the developers claim it does.

The Matrix developers could, however, set up their own F-Droid repository and publish their own (automated) builds there.


Lack of resources, plain and simple. The f-droid folks are operating on a shoestring budget last time I checked, which is shocking for a project of such significance.


How do we get Google Chrome pulled for abusive content?


You, like Parler, have been targeted by the powers that be. You may have nothing else in common other than that but, you're in the same boat it seems.


Parler curated the content on their platform for months including shadowbanning new accounts until they had been approved by volunteer moderators. Accounts on Parler called for and planned violence against elected officials for months. Executives at the company spoke often and publicly supporting that content.

If your going to argue with a straight face the this new situation is the same as Parler, your putting Element side by side with some very bad company.


> If your going to argue with a straight face the this new situation is the same as Parler

Just go reread what gp wrote. He basically said the exact opposite of this. You are putting words in his mouth and interpereting his comment in the least charitable way possible.


Op said they there is nothing else in common.

They are in the same boat as parler in the sense that another communication platform not owned by a big corp is being targeted and removed.

Matrix likely will come back for some of the reasons you mention . But fact is google and apple arbitrarily without warning or notice remove apps from their store. The stores should be considered utility like electricity google should not able to refuse service randomly.


> parler in the sense that another communication platform not owned by a big corp

Parler is owned by the Mercer family, of Renaissance Technologies fame, one of the most successful hedge funds in existence. They are personally worth tens of billions of dollars.


Still not even close to the trillon+ worth of google or apple.

Also just cause they worth billions means they will back parler with billions. Parler itself is pretty small fish financially speaking


Do you have any sources supporting your statements here? This feels like fake news to me.

A large portion of these protests were planned on Facebook, Instagram, and YouTube: https://www.washingtonpost.com/technology/2021/01/13/faceboo...

...should they be removed and silenced because of it? Or should all of these gigantic tech companies with the checkbooks to provide exhaustive moderation enjoy their 230 powers while denying the right to all of the little guys?

Parlor and Gab are fairly harrowing examples of what happens when censorship occurs. People leave platforms with diverse views and head to echo chambers. Those folks end up having stronger, more radical opinions because they were forced into a corner.

No one has ever given me any compelling reason for censorship. Hate is defeated in the open, it is fairly impossible to deal with in private channels. Censors also cannot censor everything, so content always slips through the cracks.


> Accounts on Parler called for and planned violence against elected officials for months. Executives at the company spoke often and publicly supporting that content.

Did not know this, you have a source for this?


No, Parler executives did not “speak often publicly supporting planned violence against elected officials”. They would have been arrested already if this was that clear of a trail.


It turns out it was Facebook that was used for planning.


[flagged]


> No one wrote anything about the capitol being under attack or people storming the capitol[.]

Because no one attacked or stormed the capitol during those protests.


I don't know what to say. For weeks people were roaming the streets, smashing windows, cars, beating people up, etc.

???


The Capitol is a literal building in Washington DC, which is the seat of the United States legislative. Even if it _was_ true that "people were roaming the streets smashing windows" when Trump was elected, no one was storming the Capitol building, which is why no one wrote anything about people storming the Capitol...


People will surely point out the obvious differences between the takedown of Parler and Element and I'd agree that it's not exactly the same thing, since Parler is its own platform and Element is just a client.

However, when looking on a bigger picture of the recent takedowns and trying to make sense of it, it does indeed seem to be connected. The only conclusion that seems rational to me is as follows:

Everyone tries to push their burden of moderation on people below them, because no one can actually keep up with it. And if the moderation is not enforced, they risk being taken down by someone above them. That would explain why everyone is so trigger happy when it comes to censorship. When the WallStreetBets people were taken down by Facebook and Discord, they didn't ban the individuals who were actually violating the policy, but the entire community.

It's also worth to note, that the takedowns can be enforced selectively, as we see here - Google obviously won't take down their own browser or email client, that also allows to access abusive content - assuming that's what Element was taken down for. It's probably selectively enforced on the social media too, but I'm out of the loop on what actually goes on there, so to be fair, I cannot prove it.

If this is actually what is happening, the only solution as far as I see it, is to extend the First Amendment to social media. Another solution could be to convince the people and the media to stop pressuring companies into deplatforming other people, but that's in my opinion definitely not going to happen. So it's either applying the protections of 1A to the internet or the censorship will get worse and worse.


> Parler is its own platform and Element is just a client.

Indeed, people made that point, but I don't see how this is a useful distinction. Parler (the app) that Google and Apple removed is also just a client, that facilitates access to Parler (the social media website) that can be accessed via other means, e.g. a web browser. And Google and Apple didn't really have any problems with the app itself, which has no content on its own; they wanted different moderation policies on the website. As they have no direct control over the website, they acted against the client app; it was Amazon that took down the website.

One difference might be that Elements and Matrix have different developers and Parler (the app) and Parler (the social media website) have the same owner. But again, this is not a meaningful difference; e.g. if Google and Apple had problem with content on Reddit (the website), surely they would remove both Reddit (the app) and all 3rd party clients, Apollo, Boost, Sync, etc, at least those that fail to actively censor the objectionable parts of the website in the app.

So Apple/Google saw Parler (the website) as having dangerous content and took it out on Parler (the app). If they are justified in that; it is not a big stretch that they saw Matrix (protocol) as having dangerous content and took it out on Element (app), and presumably other clients. I don't think whether it is decentralized or not matters from an app store policy point of view.

Two companies having the say on which programs almost everyone can run on their mobile devices, especially on the iOS side, is a huge problem, that becomes increasingly evident as they start to flex their muscles.


> If this is actually what is happening,

That’s a big “if” though. The “abusive content” angle is just a working theory. It could just as easily be Goodge taking a dislike to a website link offering donations outside of the Play store (or something equally mundane).

The problem is, until Google respond, we have no idea why the takedown happened.

And here lies the real problem: without Google being transparent about their takedowns it leaves app developers in a difficult position where they can’t really support their uses.

The one slight good thing from all this is that at least with Android you can side load apps (which is more than can be said for iOS).


Sure. But as we learned, the only way to get them to respond at all is to do what we're doing right now. Blow the story up all over the internet, accuse them of censorship, call for regulations and hopefully get the media to pick it up.

And just to be clear, I'm not saying that the accusations of censorship and calls for regulations are dishonest on our part. I really do believe that what they are doing is censorship and they need to be regulated.


Yep, abusive content.

> Morning all. We've had contact from Google confirming that the suspension is due to abusive content somewhere on Matrix; we're working with them to explain how Element works and get the situation resolved.

https://twitter.com/element_hq/status/1355465650114846720


>Everyone tries to push their burden of moderation on people below them, because no one can actually keep up with it. And if the moderation is not enforced, they risk being taken down by someone above them. That would explain why everyone is so trigger happy when it comes to censorship. When the WallStreetBets people were taken down by Facebook and Discord, they didn't ban the individuals who were actually violating the policy, but the entire community.

There's a much simpler explanation: Google wants as much of your communication as possible to go through them or their partners, so they can monetise it. People using Parler or Matrix don't leak any information to Big Tech, so commercially it makes sense to deter people from using apps like that, and they'll use whatever excuse they can get away with.


But as of right now Telegram and Signal is still up, isn't it? Though they're already being slandered in the media, so you might have a point here.

To support my explanation, see for example this:

https://www.theverge.com/2020/10/25/21532883/paypal-cuts-tie...

PayPal terminated Epik's account, because they refused to kick out Gab. I believe there were a couple more cases where the money people pressured companies to do things like that. My memory is getting blurry with this though, so I can't point you to the articles.

And that leads me to something even more important. Gab was not only kicked out off their domain registrar, but the owner's family was blacklisted by Visa. So the social media is actually the least of my concerns right now, the most urgent thing at the moment is regulating the banks, so they can't terminate your account for no reason. Because they will come after your money at some point. And good luck paying in cash in a middle of pandemic.


In theory the recent Office of Comptroller of the Currency rule banning financial discrimination should stop that. But I am sure the current administration will be quick to reverse it. They like to use all tools to go after their political enemies


>If this is actually what is happening, the only solution as far as I see it, is to extend the First Amendment to social media.

The first amendment works now by having clear boundaries between private and public spaces. Public spaces have clear first amendment protections. I can hold a sign on a publicly owned sidewalk (well, public right of way) begging for money or praising 'bong hits for Jesus'. But private spaces do not. I can't do the same thing on your living room. This allows folks to exercise their freedom of association, which is a pretty big part of the first amendment.

Where and how do you draw the line between public and private spaces then in an online context? Should the government be required to host unmoderated and uncensored discussion boards? And how do you keep the unregulated public spaces useful when such spaces are easily overrun by trolls and spammers?


There is already somewhat of a precedent set for it:

https://en.wikipedia.org/wiki/Pruneyard_Shopping_Center_v._R...

As to how you would implement it, Poland recently had a proposal that if you were banned from a social media website, you can appeal via the government in a certain period of time.

https://news.ycombinator.com/item?id=25736155

I'm not a lawyer, so I might be saying a bunch of nonsense here, but you could categorize the social media into topical (eg. HN is about technology) or "general purpose", off-topic services (Facebook, Youtube). Or just do it by the size of user base. Facebook has like a 2 or 3 billion users, let's not pretend it's the same as a comment section on your blog.

It's just to throw some ideas around, because again, not a lawyer, so I can't come up with a robust policy on the spot and take care of every potential loophole.


>the only solution as far as I see it, is to extend the First Amendment to social media

I would love this, personally.


For the past few years, it seems that Trump was really the only thing standing in the way of Big Tech; but now that they've crushed him and the fringe extremists, the extremes have shifted and they are only going to wield their powers even more. The events of the past few months are certainly showing a pattern, and quite frankly, it's extremely scary to see what I thought would happen, actually happen. They have killed the canaries, and the frog is starting to boil.


I don't agree with OP here but I've found a lot of people from the Parler/Gab crowd have found Matrix lack of content moderation appealing and have been in channels on the Matrix directory that have all the same content as Parler/Gab. I would recommend the Matrix team start taking content moderation more seriously as my experience is they do not take it seriously. They may want to disable room creation on matrix.org in the meantime.


Can you give me an example of the things you have seen on matrix that should be moderated? Should matrix devs limit the amount of people that can use their open federated network so they can afford to moderate every e2ee group chat around the globe?


So to clarify, these are rooms that are on matrix.org. I'm not following your statement on limiting opening federated network. I am suggesting that matrix.org stop users with the name "kikedestroyer" on their own instance from connecting to matrix.org rooms and talking about exterminating jews. What KD does on their own instance of matrix is not of my or matrix.org concern.


Element and Parler are nothing alike.

Element is a chat client. It's an empty piece of software for use with your own choice of server. Element is to a chat server, as Thunderbird is to an email server. It's basically a glorified IRC client. It contains no content of its own.

Parler was basically a curated, centrally run, Facebook-message-board-replacement for neonazis, antisemites, qanon conspiracy theorists, and the lunatic fringe of the alt-right.


Technical distinctions are irrelevant to someone at headquarters worried about having a regulatory probe inserted in their backside.


But this one is important, no? This is like banning Firefox because it can connect to illegal content.


Yea, it's a lot like that. The idea of banning browsers that don't actively police what users are able to access (maybe via something like a global blacklist) is no longer crazy.


It is relevant, it makes it more absurd than Parler's bans but, I was just trying to point out they're for the same core reason.


As I said nothing else in common....


[flagged]


Don't count on PWAs. Once these free speech platforms start embracing PWAs and they become super popular, Chrome and Safari will simply censor them directly. When you will try to visit these PWAs, you will get a message that says "this website contains hate speech and has been blacklisted as it doesn't respect our terms of services for a safe and friendly browsing experience we thrive to offer our users".

Any browser that allows accessing these PWAs will be banned from the app/play store. Let's not kid ourselves this isn't what's coming next.


This is exactly what's going to happen, not just with PWAs but with all websites. The mechanism ("Google Safe Browsing") is in place, precedents are being set, the number of hysterical ideologues who will support that is growing.

But on the bright side, I think if it was Mozilla with 90% of the browser market and not Google, this would've happened already.


What is your policy surrounding your push notifications for your apps in the stores, when those notifications are originating from end servers on which people are saying things that you don't like?


That's good. I switched away from IRC to Discord back around 2016 because it was tedious to use with mobile networks. Discord has served the community I moderate pretty well, but I am always concerned that the company will go under some day. I've been eyeing Matrix for a while as an alternative and it'd be a blow to have one of its largest clients removed. Here's hoping it gets back soon.


I wonder if this is some sort of an organised thing. I think there are services that sell a take down service so that they upload questionable content on the competitors apps or websites and then report it.


There are a LOT of channels unmoderated in the matrix directory that could have been reported, so this isn't surprising. I have abuse complaints emailed to your abuse address that have gone unanswered, so I don't believe that you're taking your terms of use seriously.

You can find my complaints in your inbox. It's good to know Google is taking action - will send the same complaints to them in the future since that seems to get more of a response from the devs.


Yeah, we better make sure every corner of the internet is moderated. /s


These are rooms that are on matrix.org directory list. So yes, they should be moderating this content.

If you don't have anything to contribute other than a sarcastic comment that misses the point of my statement then consider not contributing at all.


please keep F-Droid repo up to date. please don't create your own repo.


[flagged]


Can we just please pass some legislation to break Google and Apple's app installation monopoly already?

Sure, they built the phones, doesn't mean we can't demand more rights than they decide it's profitable to give us (or put another way, just because the king's ancestors founded the country doesn't mean we shouldn't demand freedom and democracy).


These tech monopolies were built on adversarial interoperability! IBM made their "PC", but a lot of Silicon Valley's growth in the 80s and 90s happened because businesses had the freedom to innovate adversarially, creating the IBM PC clone.

As Cory Doctorow recently explained[1]:

>> It's how we got Gateway, Dell, Compaq and all of the other PC vendors that might have sold you that IBM PC clone in 1984 running an operating system that IBM hadn't made, on phone lines that had been broken up from AT&T.

>> And so it felt in those days like maybe we'd found some kind of perfect market, a market where you could make your products with low capital, just with the sweat of your own mind, by writing code. That you could access the global audience of everyone who might want to run that code over a low cost universal network. And that that audience could switch to your product at a very low cost, because you could always write the code that it would take to to port the old data formats and to connect the old services to your new product. It was a market where the best ideas would turn into companies that would find customers and change the world.

>> as these companies acquired new monopolies, they diverted their monopoly rents to foreclosing on competitive compatibility.

When talking about monopoly, people tend to focus on price, but modern tech monopolies don't need to use traditional form of rent seeking. Exploitative prices don't make sense when the monopolist undermines the entire market with "free services". Instead, tech monopolies are about control of what is allowed to participate in the market.

[1] https://media.ccc.de/v/rc3-11337-what_the_cyberoptimists_got...


It's amazing that bureaucrats fined Microsoft for putting IE as default and keep allowing apple to do what they want. Europe should force these companies to allow users to install any software they want in their devices as long as it is legal...


> It's amazing that bureaucrats fined Microsoft for putting IE as default and keep allowing apple to do what they want.

The difference is that Microsoft attempted to use its operating system monopoly to win the browser wars. Bundling Internet Explorer with Windows made it difficult for other browsers to compete on an even playing field.

Apple doesn't have an operating system monopoly on the desktop or mobile. MacOS and iOS have a smaller userbase than both of their main competitors. It doesn't have an app store monopoly either.


Sorry but a duopoly is little different than a monopoly functionally.


>MacOS and iOS have a smaller userbase than both of their main competitors. It doesn't have an app store monopoly either.

I don't have an iphone, but don't you have to jailbreak it to install any software not blessed by Apple? That sounds like a monopoly to me.


>Can we just please pass some legislation to break Google and Apple's app installation monopoly already?

Agreed, but then Apple/Google and the fans of their walled gardens will argue that without this heavy censorship, grandma will install some malware on her phone that will empty her bank account or that their kids will install some malware that will spy on them (other than the social media apps that already do that).


You don't even need to bring grandma into it. They like it themselves.

There is an entire population of humans that hypes companies, franchises, celebrities, etc. and treats them like a member of their own family. With a fondness. And a desire to defend their selection.

There's a technical means to lock down grandma and the kids. Fans are quick to dismiss it and shift the conversation back to why their choice is great.


And while we're at it, let's disallow Google from mandating the exclusive use of their own service for push notifications.


Fat chance. Have you seen the way politics is going these days? It's far more likely that they'll pass legislation to do the opposite - bar anyone from making, using, or distributing a communication system that can't be monitored and censored by Trusted Authorities.


Can we just please pass some legislation to break Google and Apple's app installation monopoly already?

No, we can't solve the problem that way: the very same problem wound remain: EU and 5/9 Eyes want e2ee backdoored or gone. If you start legislating which apps are allowed, you're putting yourself even more at mercy of gov regulation.

And the regulation would be blanket, with little to no way of sorting things out through unofficial channels as it can be done with Google. It'd be "backdoor or jail", not even sideloading apps to help you.


They can't practically do that, you're just making up a course of events that can't happen (people can develop things anonymously and be paid anonymously, and it's absolute nonsense to say that governments are going to be arresting the general public for the "crime" of privacy.

And in America at least it's almost certainly unconstitutional.


We tried.

- The FirefoxOS team.

- The Jolia team.

- The UbuntuPhone team.

- ...


I'm optimistic that PinePhone may finally be the one to do it, at least to an extent that it's usable if you're willing to hack on it.


> usable if you're willing to hack on it

Most people need things just work.


An important lesson from my openmoko days - "sorry I didn't get your call sweetie, see I needed a new video driver for my window manager animations so I recompiled my kernel and that broke the modem..." ....... turns out to not be a good excuse for missing significant-others calls on a regular basis!


I concur. But if we have a platform that is actually suitable for the community to work on, we can get to that point.

Much like Ubuntu made desktop Linux a viable prospect for many people, after being enabled by Debian, I could see a future libre smartphone being enabled by the work done on PinePhone.


Well maybe, but even Ubuntu / Debian aren't workable for most people. I've used Linux and FreeBSD since the 90s and I'm still pleasantly surprised when my printer works out of the box.

They're great for developers, but they've been unable to provide a usable and simple alternative for most people. Imo, partly because a lack of incentives since developers tend to create for themselves. Partly due to fragmentation leading to projects moving in every direction at the same time, which does not lead to a consistent or simple user experience.


Actually Ubuntu is not less usable than Windows 10. Ex on intel NUC - wifi on Ubuntu : out of box - wifi on windows : plug ethernet, install driver manually. Old printers works better on Linux, eg when driver do not work on windows 10. Libre Office outof box, Office : where is my key ? ...


"Actually Ubuntu is not less usable than Windows 10."

For you and me maybe. But don't expect other people to have your standard of software choices etc.


The problem is Ubuntu, but that consumers have migrated from desktops/laptops to Phones. (Bad for Linux, and bad for society as it's much easier to be a non-passitive participant on a desktop/laptop.)


for most people app selection on ubuntu is big enough to never need anything more only professional/rare software sometimes has no support/suitable alternative


- Can I install my "favourite program" on Linux?

Well sure, it's supported on X, Y and Z!

- Oh but I'm on distro A.

Oh sorry, that's not supported. But here's a post by some guy on some forum who says he made it work by doing a bunch of complicated things no one understands.


We're talking about Ubuntu. Distro X is always Ubuntu. Y and Z are usually picked from Debian, Red Hat, Fedora and Arch


This is often no longer an issue thanks to Flatpak & Steam Proton built-in Windows emulation.


In addition, there's a significant subset of people who's only program they use is a web browser.

This is obviously quite doable with basically any distro.


Yes, while this has issues of its own (as long as the web services they are using are centralized and corporate controlled) I have observed the less technical users I have been helping with computer issues are totally happy as long as they sit in front of a computer with a web browser, where they can log in to their online accounts and get going.

Some might want a full mail client and possibly a printer configured and that's about it.


When I am purchasing HW peripherals, I always check Linux support in advance. Since I started doing that, I had zero compatibility problems.


The problem with Desktop Linux was by the time it got better, regular people spent too much time on phones and not enough time on laptops/desktops.

But I can't really imagine phones going away that fast---what, we all get some Uber regulated neural thing? I think the tech companies are too unpopular for that---and so I think PinePhone can catch up. Plus, the Duopoly is way more annoying for regular users than Windows ever was.


It probably won't. I love my Pinephone just like I love desktop Linux, and both are great choices for people who keep up with tech, but neither will reach more than a few percentage points of marketshare without a $100m+ marketing push. They would need the help of some tech philanthropist to make it to the mainstream.


Those were pretty poor attempts: corporate driven and not very cooperative.

Since PinePhone became available, Linux distributions made huge leaps forward - Debian/Mobian especially.


If you mean Jolla, that's still a thing - I (and many of my friends) run official supported Sailfish OS on Xperia hardware:

https://jolla.com/sailfishx/

And there are community maintained builds for the PinePhone and many other devices.


[flagged]


> We need to remain vigilant and develop distributed platforms

They are there already. Matrix, XMPP, email, activitypub based systems, (secure) scuttlebutt, IPFS, and so on.

This is more a people and their conformist attitude problem, like "eh, my friends use X, I'm too lazy to convince them otherwise", "but everyone is on Y, I'm not willing to be the odd one out on Z", and so on.


Do not paint deplatforming as unequivocally bad thing.

Most decentralized platforms (mastodon, IPFS, XMPP, Matrix...) have mechanisms to block and defederate unwanted accounts/contents/servers: racism and hate speech, CP, spam, malware

Many people don't want government-driven censorship but are very happy with community-driven policies and guidelines.


Once you throw in "hate speech" you are just saying that censorship of things you don't like is ok.


Censorship of things I don't like is okay when performed at the level of an actual community that nobody is forced to be a member of.


I realized this comment carries more pith than meaning, as it were, and thought I'd expound.

Communities censor in benign ways all the time. Most successful online forums regularly remove posts that are spam, self-promoting, or flamebait. They also remove contributions that are off-topic: completely harmless posts that just don't happen to be what the community wants to focus on. Celebrity gossip on a tech site, say.

Some places are more wild-west than others and that's fine. The point is that while the word "censorship" has a negative ring to it, most censorship is mundane and unobjectionable.

It's not okay (in USA culture) for the government to set community standards, not because standards are bad, but because the organization that controls guns and prisons is already terrifying enough without it being able to control speech too.

Google and Apple (and Facebook and Twitter) are in an in-between space. Their platforms are much too large to be a "community" in the traditional sense, but as private organizations they're still obligated to moderate. And when they get it wrong, the results can be devastating to the individuals affected, both in false-positive cases like this one, and false-negative cases where their cold machinery fails to protect victims of real harassment.

With more, smaller networks, there's no such tension. You can visit a network that lets you post all the hate speech you want. I can visit one that blacklists yours and every one like yours. And neither of us has to give two bits how odious we find each other's spaces.


I agree. There was a case that I cannot remember about a company town that banned people from handing out religious material in the town square, but the Supreme Court (I believe) decided that since the company was effectively taking the place of the government it had to abide by the same rules.

If we continue to go down this path then soon enough we will be taking away the phone and mail service of whatever group of people are out of power.


You are saying that hate speech is completely arbitrary - despite being codified in the legal system of hundreds of countries.

That says a lot...


In the United States there is not such thing as "hate speech". That is settled law.


sorry this is happening to you guys. i hope this situation gets sorted out.

not saying i agree with the decision here, but hn is sometimes so quick to blame google.

what surprised me though, is that you guys are aware of abusive content on the network and even put a "moderation" guide in place. so much good faith in people here...


So are you going to remove email clients from the play store if someone sends offensive emails?


> Element is a Matrix client just as Chrome is a Web browser, and just as it’s possible to view abusive material via Chrome, the same is true of Element.

> However, we abhor abuse, and on the default matrix.org server (...) we have a fairly strict terms of use (...) which we proactively enforce.

These two sentences are contradictory. Either you are a road or a road restaurant. You can't have it both ways.


The first sentence is about Element.

The second sentence is about matrix.org


It seems to me that it is the other way round, isn't it? Although having matrix.org be an Element client is extremely confusing. If "matrix.org" is moderated it would seem that the whole protocol is moderated (and thus, not a neutral carrier).


In web terms: - Element is like a browser - matrix.org is like a bulletin board

In e-mail terms: - Element is like a mail client - matrix.org is like a given community of mailing lists

In IRC terms: - Element is like an IRC client - matrix.org is like an IRC server/network e.g. Freenode.


Matrix.org is just one server deployment that implements the matrix protocol. You can deploy your own server or even your own implementation, and moderate it how you want. It has nothing to do with element. The apology is apt, as just like a browser speaks http, element speaks matrix.


Element is just one of many Matrix user agents and matrix.org offers just one of many Matrix servers.

Each server has the freedom to enforce its own policy. Given that the matrix.org server is a kind of a public face for the protocol, it makes sense that its policies are more mainstream.

There is nothing in the protocol itself (nor in the official Element clients) enforcing any kind of content policy.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: