Hacker News new | past | comments | ask | show | jobs | submit login
Germany's national healthcare system adopts Matrix for communication (matrix.org)
522 points by Arathorn on July 21, 2021 | hide | past | favorite | 140 comments

TI is Telematik Infrastruktur. So TI-Messenger is just a messenger running on the VPN used for patient-data.

It's good to see this happening. One of the biggest German healthcare contractors - famous for terrible code - had managed to creep their S/MIME demo implementation derivative code as a standard for secure communication in the healthcare world. With a MITM at each Kassenaerztliche Vereinigung(i.e. the people that represent the doctors and that charge ~2% per transaction for charging the public insurance companies). So it's unaudited "E2E" with a MITM by design. Given the complexity of this codebase, I do hope that they just use it unmodified.

EDIT: one of the reasons why the KVs rolls/ed their own is because of inherent distrust between the physicians or the institution representing them and the governments health ministry getting that data. They believe that the government is incentivizing hospitals to take over physicians share of the cake. I wouldn't say that the distrust is misplaced, but unfortunately these crappy half baked own solutions born out of nepotism don't help their case.

As a sidenote, it's crazy how bad some of the government IT projects are. In the country I'm thinking of I'm pretty sure corruption plays a big role in it, but even so, you have to be very illiterate in IT for it to not be obvious that the contractor didn't do their job. I guess a lot of the administrators responsible for evaluating the project's status are too old to have grown up with internet and computers around them.

I think there's a lot of corruption there, but it goes beyond that. Government IT consulting is a very exclusive niche that's hard to get into.

None of the managers are willing to risk losing an IT contractor/or product no matter how terrible they/it are/is. There are basically two IT choices that they do:

1. Choose a really big expensive company that is in Gartner(they do have the best dinners though, also you get to travel business class to visit them for seminars).

2. Choose someone that they know through somebody. It's quite amazing that Matrix has managed to get as much government traction as it has. I've seen a person not willing to kick out a product where I had to walkthrough the creator of it on a Teamviewer on how to debug his own app in the web inspector, and it was unable to display pdfs if they were in landscape(for years). And everyone knew they were bad, the managers would joke about it.

As they say, nobody ever got fired for buying IBM. These people are absolutely terrified of making a bad decision that may cost them a promotion in the future.

It's not really corruption. It's moral hazard, and its self-reenforcing. The moral hazard is that the people paying for the solution don't make it and don't support it. They make poor decisions based on what they can see and don't know enough to ask deeper, relevant questions about complexity. It's self-reenforcing because the kinds of people who do know enough to ask deeper, relevant questions usually have little interest the work of keeping fundamentally broken systems alive on life support, and their thoughtful improvements will go unnoticed or worse, taken as evidence of incompetence. (I suppose the value proposition of some companies is that they can do both; I have doubts that that has ever happened.)

In Nassim Taleb's words, the decisionmaker doesn't have "skin in the game" e.g. they won't be punished or shamed when the decision turns out badly.

Won't they? Won't your peers know what you've done?

If your job is to allocate money to the actual doers, and they don't get it done, is it the allocator's fault, or the doer's fault? The best case is when you get the authority but no responsibility for failure, which is precisely what many modern American middle-adminstrators do.

I'm having a hard time understanding this dynamic. I just can't imagine a professional environment like this. I feel like people involved at all stages should understand that they're doing the wrong thing.

They don't have the knowledge / skillset to do the right thing.

Ignorance is bliss in Government IT.

Cool. Does anyone have a paper comparing all the neu-fangled IM tech? I find myself a bit confused.

BTW my favorite Matrix feature from the concept paper: "Integrität dank hohem Out-of-the-box-Sicherheitsniveau" - dank, hohem out-of-the-box Sicherheitsniveau sounds pretty great. (Wonder why they didn't say "aus der Box"?)

Ironically when I was working there, they would translate a lot of English words into German because most of the people in those institutions have been working there for 30+ years and don't have any exposure to English terminology. When they used Jira "Todo" was a term that needed to be translated.

I wonder if it would have been less confusing as to-do

Personal favourite Neudeutsch phrase, I heard a while back:

“Mein Schedule ist arsch-tight”

In some regions "[arsch] eng" might well be used ... funny thing is it means more or less the same as "ass tight" but [arsch] would be dialect for "arg" which can be roughly translated to "almost a bit too much".

I’m imagining this with an Austrian dialect right now lmao

Because that phrase doesn't exist in German like that. They could have used "standardmäßig" but out-of-the box is more widely used when talking about software and tech.

Well we do have "von Haus aus" but it's less formal and can't be used as a 1:1 replacement because of the grammar.

Perhaps more fitting would be ab Werk, (out of the factory), but either put the focus on the wrong situation.

You could say a priori but then you're just exchanging English for Latin.

When English idioms are translated to other languages it's often cringe-inducing. I can't imagine someone seriously saying "ut ur lådan" or something in Swedish.

At some point you tend to forget what idioms belong to which language and you can greatly confuse people. But Holla the wood fairy.

Yeah, no danger on the roof, eh?

Because we adopted that word.

And anyway, it all comes full circle, because "out" and "of" both have Germanic roots (google "etymology some-word" and you don't even have to go to any specific website, Google already showing a nice graph). Box has Greek/Latin roots, and German has plenty of those too (List of German words with Latin roots: https://de.wikipedia.org/wiki/Liste_lateinischer_Lehn-_und_F...).

yes, each tech is an edge in the hypergraph[1] connecting all humans.

[1] https://en.wikipedia.org/wiki/Hypergraph

Happy to hear there apparently are people that can make sensible technical decisions in German government.

Realistically there weren't a lot of choices other than Matrix though, looking at what the law demands.

For what its worth, open source is en vogue in german government IT at the moment. "Dataport", a government-owned IT-company, has an open-source based project "Phoenix", as a first step in this shift of paradigm. This is interesting because Dataport used to be pretty much a windows-shop; despite old and established hierarchies and its special place in the public domain, change is happening.

(Source: I'm working in that project as a consultant)

Please keep it that way! We need open source in government - it's the only way to hold people accountable and make sure that citizens aren't being shafted :)

Thanks for your work!

Independently of gematik's work, Phoenix also uses Matrix as its communication backplane (source: the Matrix team is also consulting on it :)

I've had the pleasure of working with Ben for a while, cheers from team mav! Wearing my matrix hoodie writing this :)

Can you get a Matrix hoodie without working on Matrix? :D

https://shop.matrix.org :D

(and yay for Ben - he gets everywhere!)

Thank you so much!

Isn't Phoenix merely rebranding already existing projects like Jitsi Meet and matrix.org?

If not, where can this project be publicly inspected?

This is why I made the distinction "open-source based". The project isn't simply rebranding though, it builds solutions for customers based on open source components (which is a step in the correct direction). I would like all the repositories to be public, too, but we're not there yet.

I saw on phoenix-werkstatt.de that there are actual contributions back upstream. Even if it appears to not be a Dataport employee, at least some of the funds of the government are going towards improving the projects for everyone. Good stuff.

Unfortunately, at the moment even code access for other public institutions is buried behind many layers of bureaucracy but I have been promised they will start to open up soon enough.

Well, they could still have opted for something proprietary, weird and broken. See for example the De-Mail desaster[0] and the beA desaster[1]. Both supposedly better and secure email/messenger replacements with huge problems like lacking end-to-end encryption, design problems, laughably lacking security, high cost, low adoption (except were required by law), no usability, etc.

I'm really glad that at least someone here might have learned from those mistakes.

[0] https://de.wikipedia.org/wiki/De-Mail https://netzpolitik.org/2015/de-mail-das-tote-pferd-wird-wei...

[1] https://de.wikipedia.org/wiki/Besonderes_elektronisches_Anwa...

Didn't they force a backdoor on tutanota e2ee? Why do they suddenly allow matrix?

E2EE isn't forbidden per se. But if you are a public communication provider over a certain size you need to provide access upon request if technically possible. It isn't really clear even in the case of Tutanota if they fall into that regulation, however, they had to preliminarily comply anyways: https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutano...

Healthcare providers operating a Matrix server won't be communication providers to the public, and if they aren't using a web client or some similar crap, breaking E2EE won't be possible. Webmail providers claiming E2EE like Tutanota are imho liars anyways, because Javascript on a website isn't a secure "end" for the encryption.

So use client software that isn't attacker controlled easily, keep your keys private, only encrypt to trustworthy keys and you'll be fine. Matrix ticks all those boxes if you don't use the web client. And the only legal way in for German law enforcement would be to infect your device with some trojan ("Bundestrojaner", like e.g. NSO Pegasus).

German government IT is far removed from being a monolithic entity. There are a lot of different actors involved with different priorities.

In this case law enforcement can simply request the data (as long as such a request is legal) at either end. No need to attack the connection in between.

I wouldn't be surprised if this flew under the radar of the people at the top.

> Secretary: "IT said we should use matrix".

> Minister: "Whatever. I'm busy with other things. Do I need to sign something?"

It's the opposite, actually - it seems to be the Ministers and establishment pushing it. e.g:

> [Bundesdatenschutzbeauftragte Ulrich] Kelber verweist auf die Entwicklungen in Frankreich. Dort wird eine Whatsappalternative auf Basis des Open-Source-Team-Messengers Matrix und dessen Client Riot entwickelt. In Frankreich "geht man aktuell einen hervorragenden Weg, um sich aus der faktisch in weiten Bereichen der Verwaltung bestehenden Abhängigkeit von Produkten großer amerikanischer IT-Firmen zu lösen", sagte Kleber.

or in English:

> Federal Data Protection Officer, Ulrich Kelber refers to the developments in France. A Whatsapp alternative based on the open source team messenger Matrix and its client Riot is being developed there. In France, "there is currently an excellent way to free oneself from the fact that many areas of administration are actually dependent on the products of large American IT companies," said Kleber.

from https://www.golem.de/news/whatsapp-matrix-oder-xmpp-bmi-such...

Ulrich Kelber may be the coolest higher german official, but he keeps complaining about not being listened to (on Mastodon, in meme form).

I tend to think the political machinery isn’t afraid of proprietary/monopoly dependency in general, the issue is rather with those companies not being domestic.

A shift to open source is sanctioned from the very top. For example, in the area of OZG (broad digital access to public services, coming soon) the explicit decision is (my translation):

> Open standards must be used in the implementation and operation of digital offerings. The source code from the realization of digital offerings by the administration (in-house development) is made available as open source, i.e., in reusable form, wherever possible. https://www.it-planungsrat.de/fileadmin/beschluesse/2020/Bes...

They are also starting a project to host public, open source code which is backed by the federal CIO and many state and local governments: https://www.cio.bund.de/SharedDocs/Kurzmeldungen/DE/2021/pm_...

This is not something sneaked in by some techies. Every decision maker is probably aware by now what "open source" means.

they could have opted for XMPP, which is clearly a better and more mature alternative.

It sounds like they are going to end up with their own standard starting from Matrix as a base that will do more than just messaging.

If they had of just set up XMPP as a messaging system we would of never heard of it. It would of been an entirely routine thing to do.

What experience in the field do you have implementing or managing Matrix or XMPP solutions?

I used to run an XMPP server (Prosody). I now run a Matrix server (Synapse - the one everyone uses).

Synapse feels like a bloated monster that I'm afraid to touch in case it goes bang and I can't recover.

Prosody felt like a simple light weight service that I could easily recover no matter how much I broke it.

Synapse is indeed very bad but it should by replaced soonish

Hopefully with a simple migration path

This isn't necessarily an endorsement of one protocol/ecosystem over the other, nor do I have direct experience with integrating Matrix or XMPP (though I run the latter on my home-server for family), but XMPP has seen a few large deployments, including in healthcare (in the UK)[0][1] and in Germany[2].

The consumer-facing client ecosystem for XMPP has indeed seen less rapid development than Matrix (the latter probably benefits from a more cohesive approach), but the server ecosystem for XMPP is very mature, and servers such as Ejabberd are known to scale to hundreds of thousands of connections on a single, modest host[3]. Obviously, that's only one part of the puzzle, hence why Matrix was chosen here.

Still, it'd be interesting to see how the two evolve and compare down the line.

[0]: https://www.erlang-solutions.com/case-studies/pando-health-c... [1]: https://medium.com/miquido/successful-migration-to-a-custom-... [2]: https://twitter.com/iNPUTmice/status/1203611711967813633 [3]: https://www.process-one.net/blog/ejabberd-nintendo-switch-np...

Does the development of an XMPP client with a few million downloads count as sufficient experience in the field?

Hey, why not IRC?

It's also the IETF Internet standard and does not collect venture capital.

Matrix is looked after the Matrix.org Foundation which is non-profit and doesn't collect venture capital either: https://matrix.org/foundation.

(It's true that many contributions to Matrix come from Element, though, the VC-funded for-profit founded by the original Matrix team in order to pay for us to keep the lights on and keep working on Matrix. Just as VC-funded Jabber Inc contributed massively to XMPP, back in the day).

I’m working on a project management app for small businesses using Matrix. I’ve been inspired by your work and the transparency with which the team operates and the business model you have pursued and succeeded at. I’m also stunned by the technology recently being deployed in Dendrite.

Is one of the best ways to support Matrix and grow the influence to hire Element’s team as consultants to build custom implementations and use cases?

Digital Communications Protocols (comparison) :


This is wonderful! I've been using Matrix for the last several months for work, and it's mostly a huge improvement over that vile ransomware Slack. Especially Gomuks is a huge improvement.

One drawback I've been suffering is that I can't figure out how to keep logs. Our server had a failure and was down for a day, so Element on my phone decided it should forget all its keys (and also my password). Now I've lost access to all the past channel logs on our E2E channels, and it seems like nobody on the channel has a version they can usably copy and paste; Element in particular doesn't allow you to copy and paste large chunks of chat history because, when you scroll back a lot, the chunks that are scrolled out of view cease to exist (from the point of view of the copy-paste buffer).

Also gomuks deleted all my session information when my local disk got full. Maybe I should try Bitlbee?

So, there are still a lot of rough edges! But there's a path to getting them fixed, since it's free software and an open protocol spec. Hopefully the German government will be a good collaborator in contributing improvements!

https://github.com/russelldavies/matrix-archive is your best bet for exporting conversations right now. There's a GSoC project ongoing to build something like this into Element Web too so you can just hit "download" on a room and export it all nicely.

Thank you! Should I report the fact that Element on my phone deleted all its session keys due to some kind of server hiccup (the server was incorrectly reporting incorrect-password stuff, probably because A. was reinstalling it and hadn't restored the user database yet) as a bug? Certainly deleting all my past conversations and my encryption keys when there's a temporary server failure, is not the behavior I desire, but maybe it's by design?

(In that particular case, it resulted in me losing the address where I had to go that afternoon, which was in a Matrix chat message on my phone, before Element peremptorily deleted all my past messages with no confirmation. Fortunately I was able to remember enough of the address to get close enough...)

I've filed https://github.com/matrix-org/matrix-doc/issues/3290; unfortunately this is a spec issue (the current spec mandates that any 401 error is treated as the server telling the client to do a hard logout. i propose it should do a soft logout by default instead, thus preserving local data).

Thanks! Yeah, it was an extremely rude awakening, and I've lost months of logs of conversations that I thought were securely in my possession. From my point of view, if there's anything the server that can do that will cause my client to delete data, that's a security hole in the client that should be fixed—I want to run a client that is a user agent, serving my interests as a user, not a server agent, acting on behalf of the server. It seems like the authors of the spec had the opposite perspective on this?

Of course a DHTML web page is a server agent; it's just a convenient way for the server to get better responsiveness and resilience against network failures. It relies on the server completely for its integrity—the server can inject whatever code it wants. So the server-agent mindset is understandable for a team that started out developing a DHTML web page. But a phone or desktop app doesn't have to work that way; it can protect the user from malicious servers. And, I think, it should.

Why would a server failure 401? The spec seems reasonable to me. This looks like some kind of proxy setup mistake, maybe?

I haven't asked A., but as I said, I suspect she was reinstalling the server from scratch, and hadn't yet gotten to the part where she restored the database from backups. So all login attempts were failing. I didn't yet realize there was a server problem, myself. I thought Element on my phone was failing and that I was misremembering the password when I tried to log in from the browser.

Generally, though, regardless of how it happened, from my perspective it's a security vulnerability if there's anything the server can send that will wipe data from the client. So the spec doesn't seem reasonable to me. I want to use a client that keeps my data safe from server malfunctions, whether accidental or intentional.

I have been having this issue as well with the exporting of data and it looks like it was just solved below. Thanks!

The crazy thing is how happy lots of companies seems to be to giving slack access to all of their communication and API access to all of their other tools. And I’m very excited for when the tool that connects all these tools, which matrix should be, can be owned by the people using it rather than the company providing the service.

I wished more open source projects used it, everyone and their cat is using discord :(

It's ridiculous! Discord isn't not only non-open-source—you can't even run your own server! (They pretend you can, but a Discord "server" is really just a virtual server running on somebody else's computer.)

Well, for GNU Wget, we've moved to Matrix since two years now. The public room is bridged to IRC.

Since when does Germany have a national health care system?

Germany has health insurances, both private and public but there is not one unified system really.

I can go to a doctor and pay the bill on my own without getting in touch with any government organization.

Gematik also is a private company according to their website. So nothing that is associated with the government.

We don't have a centralized healthcare system but that doesn't mean there's no need for interoperability because healthcare institutions constantly exchange information.

When you go to the doctor you are presumably insured. So your doctor needs to communicate with your insurance. Insurers might need to communicate with government agencies and regulatory bodies, and so on. If you've seen Covid data in Germany, that data comes from every corner in Germany, and all those institutions need to be able to talk toe each other.

To be fair: As a patient, except for them scanning my insurance card, I see very little evidence that would suggest that most of data exchange isn't being done via fax, snail-mail, or people talking into phones.

Why in the world do I get a piece of paper from my doctor that I'm supposed to mail to my insurance provider (or scan and upload if you're lucky) when I'm being diagnosed with something?

Doctor's offices are the least digitized businesses around.

There's first signs of this getting better, but I can't wait for things to change...

>Why in the world do I get a piece of paper from my doctor that I'm supposed to mail to my insurance provider (or scan and upload if you're lucky) when I'm being diagnosed with something?

>Doctor's offices are the least digitized businesses around.

Oh? Here in the US I can't remember the last time I had to take a prescription on paper from a doctor. Whether CVS, Walgreens, or Amazon PillPack, when my doctor prescribes medication, the pharmacy receives it very quickly, sometimes within minutes. Same with lab work; whether my health system's own labs or a third party like LabCorp or Quest, it's all electronic.

(The process is not all electronic. When a prescription expires, if I request that the pharmacy renews it (as opposed to requesting a renewal from the prescribing doctor), I believe the pharmacy calls the doctor. But either way, I don't otherwise get involved other than, in both cases, requesting it via a website.)

The current plan is to get rid of that piece of paper by the same time next year.

Having the possibility to pay for a doctor on your own or there being multiple actors does not stop having a "national healthcare system" which the GKV-system can fairly be recognized as given how much formalized and standardized it is.

Gematik is completely owned by public institutions (including medical self-governing institutions) except for a very minor stake of the PKV-Verband.

>Since when does Germany have a national health care system?

>Germany has health insurances, both private and public but there is not one unified system really.

Correct. Far too often, people in the US and UK think that

1) every developed country other than the US has "national health care" or "universal health care"

2) every such country does it like the UK, a monolithic system in which the government owns both the biller (single payer) and provider (hospitals)

Regarding 2), the UK system is unusual in being so monolithic. Canada has single payer but neither the national nor local government owns and operate all hospitals. Australia's system puts significant emphasis on private insurance as the alternative or preferred option to public insurance. Germany, Switzerland, Austria, and others have a variety of private and public insurance companies and hospitals, typically differentiated by income level or profession. France's system is somewhere in the middle.

Regarding 1), since Obamacare there is essentially no difference between the US's system and Germany's or Switzerland's. The US has always had a mix of public (Medicare/Medicaid, military, VA, IHS), nonprofit (Kaiser), and for-profit (Anthem) insurance providers, as well as public (military, VA, and various state- and local government-owned), nonprofit (Kaiser again, university hospitals), and for-profit (various hospital chains) deliverers. Obamacare merely mandated that the 15%[1] of Americans pre-Obamacare that did not have health insurance get it or pay a penalty. The figure is 8% now.

And before you say "Well, that's not 100%", while the penalty for Obamacare noncompliance is not high enough, 92% of Americans having health insurance is not very far from the 95-97% elsewhere. There are always people who fall between the cracks, whether a German who neglects to sign up for a new sickness fund after changing jobs, or a Canadian who neglects to sign up for a new provincial health care card after moving. The only way to get actual 100% coverage is to use the UK NHS model of having no membership card at all.

[1] Yes, 85% of Americans before Obamacare had health insurance. How many of you non-Americans (heck, many Americans) thought that "0% of Americans have healthcare" before or after Obamacare? It's OK; you're not alone in believing everything you read on Reddit.

> whether a German who neglects to sign up for a new sickness fund after changing jobs

Just for the record: There is nothing you have to do when switching jobs in Germany - you just keep your previous health fund. There is a very small amount of people without health insurance but once you are in the system (which I think is fair to call "national healthcare system") you will find it very hard to leave even if you try.

The second paragraph of https://de.wikipedia.org/wiki/Gematik spells out that gematik is majority owned by the government (BMG, and a bunch of other ministries). So while there isn't one unified system, gematik seems to exist to provide interoperability between the myriad different factions. Hence, pushing Matrix to do so.

> Germany has health insurances, both private and public but there is not one unified system really.

The "public" is private anyway, as the Krankenkassen are all private companies (although strictly regulated by BMG).

But yes, there's concept of public (statutory) and private (voluntary) insurance plans.

On top of that, as you said, most (all?) Arztpraxen are also private entities. Same goes for hospitals (I guess excluding places like universities and Bundeswehr).

Statutory health insurances are Körperschaften des öffentlichen Rechts, which (as the name implies) are public institutions and very much not private companies. They have the right to bear seals, can issue titles to collect missing payments, are bound to administration law, etc. It's the same legal designation as e.g. the city of Munich which hopefully nobody calls a "private company". It's really just their marketing which looks more corporate than what we are used to from most other public institutions.

Many hospitals are part of a municipality or a university (again, established by public law), many others are organized as private companies (either publicly or privately owned). Non-hospital doctors are almost completely private entities.

> Statutory health insurances are Körperschaften des öffentlichen Rechts, which (as the name implies) are public institutions and very much not private companies.

This is not so clear-cut as in other countries.

Translated from Wiki:

> As a public corporation with self-administration, a health insurance fund regulates its budget on its own responsibility. In doing so, it must fulfil legislative performance requirements (compulsory benefits) and may in some cases go beyond this (statutory benefits). According to § 260 para. 2 SGB V, its operating funds should not exceed one monthly expenditure.

Not sure what point you are trying to make. It's not a "private company" (not even a closely regulated one) in any sense of the word "private" no matter where in the world that word it is used.

Health care might be organized differently than in most other countries but that does not imply that those institution are private.

Is the City of Munich also a private company? It has self-administration, is responsible for its own budget which can't be negative, has to operate within legislative bounds including giving compulsory benefits to its residents (which are exactly the criteria you quote). Of course not, that's a city. What about the Technical University of Munich? They even have "members" instead of residents in addition to the things above. It's all the exact same kind of legal entity. Saying one is public and the other one private doesn't make any sense. What's the difference between those in your eyes?

Great [0] !

Anyone can comment on how this is going to be used ? What are people using matrix for in the German healthcare system context ? The full plan document is in German (which I don't speak).

[0] and you can check out my history to see I am not a die hard matrix fan, far from it.

It’s a very dense document. But from a quick glance, it’s eventually (there are 3 levels of functionality that will be developed over time) supposed to be an asynchronous version of telephone calls between pretty much everyone in health care, including patients. Also Broadcasting, secure document sharing, and connections to medical devices.

German doctor here. I want this! How does this relate to KIM (Kommunikation in der Medizin) a kind of secure e-mail as far as i understand, wich is sold to us now as the future standard of communication in healthcare?

Gematik (the company mentioned in the post) is also behind KIM: https://www.gematik.de/anwendungen/kim/

curious to know if matrix ever resolved their "federated" authentication problem. Can I finally host my own node completely separate from the matrix? this always made portability somewhat of a dicey situation.

You've always been able to run a Matrix server completely separately from the wider federation, and there are loads of them out there (we estimate around 35,000). Unsure what "federated" authentication problem you're thinking of.

The only thing I can think that you're referring to is the question of how you track the keys used by servers to sign the events they send. If the server is offline, and you've never heard of it before, you still need a way to check their key. We don't currently use CAs for this, but instead you grab a cached copy of the key from a trusted server: https://github.com/matrix-org/synapse/blob/a743bf46949e851c9.... This is a bit of an edge case, as in general servers whose events you care about will typically still be online - or you'll know their signing key back from when they were on line.

The longer term solution for this is https://github.com/matrix-org/matrix-doc/blob/rav/proposal/r... which includes the sender's public key in the event (by making it the sender's identity) - and we're working on this as part of P2P Matrix currently.

> what "federated" authentication problem you're thinking of.

I think he refers to state reset issues in the currently used room versions.

What do you mean by federated authentication?

If you just want to have your own homeserver, and users there to be identified as @whoever:example.com, then this just works, is fully federated, and has been like this since forever.

The only unfederated part is, from what I know, the Identity Server, which is run by Vector.im to allow discovering Matrix identities by phone number or email addresses.

Now why would anyone want to peg phone number or account number to Matrix ID?

You best make a separate ID for mapping your users to Matrix. And don’t show it to the user nor use it for anything else, also stay unfederated.

> Now why would anyone want to peg phone number or account number to Matrix ID?

Say you're running Matrix for any kind of official or business purpose. You still want privacy, security, and ownership of your data. But you also actively DON'T want anonymity, instead you want publicly-verifiable user identities, linked to public information like company email addresses and company phone numbers.

Then keep them detached with the Matrix ID <-> Custom ID <-> Phone, in DB relationship parlance.

Matrix installations by default (even on your own server) have all users phoning back home to the Vector identity stuff.

Same goes for the push service for the iOS app, but that isn't really their fault as Apple makes it impossible for federated systems to do push without each homeserver having their own app. All notifications for a single app need to come from one centralized push certificate holder.

There's no "phoning home". What I think you're talking about is that Element Web's default config specifies the identity lookup server at vector.im: https://github.com/vector-im/element-web/blob/develop/config.... The identity server is optional, and just used for looking up matrix IDs based on email address or phone number. When Element Web launches is currently checks if your config is valid (i.e. do these URLs actually point to valid servers?). If you're running your own deployment with your own server, then you'd point the config to whatever identity server you wanted, or just remove it entirely - just as you'd point the config to default to your own homeserver.

We have a separate bug to defer the server validation check until the user actually tries to talk to the identity (or home) server, but it hasn't got to the top of the todo list yet; patches welcome!

Edit: To clarify: this behaviour only occurs with Element Web (rather than Matrix clients or servers in general)

The Element Messenger in the iOS app store also has an appalling privacy label, considering it's a client for an ostensibly selfhostable service.

I don't use Matrix because I have not seen anything that suggests that you or the dev team are interested in building software that maintains end user privacy.

All of it phones home by default.

Everyone I have seen try to set up a selfhosted homeserver ends up with a config that has users phoning home back to Vector. At some point the "you can configure it however you want!" line to dodge this issue doesn't hold up.

Defaults matter. Your ignoring this means that the software is, in my view, insecure out of the box.

Is there a way to run a homeserver on mydomain.com but also serve a website from that?


Matrix uses SRV records and .well-known for discovering the homeserver for a domain.


Yes, this is what I do. You just set a DNS record on a subdomain, e.g. matrix.mydomain.com, and use that as your home server. Your username can still be @me:mydomain.com with this setup.

This is a good question, as historically different protocols used different ports to communicate, meaning you could have many services on the same domain/IP, but recently many new protocols run over HTTP port 443... And I think Matrix is one of them, so the answer is no, you cannot host both a website and a matrix server on the same domain name. Happy to be corrected if I'm wrong.

Actually, it uses port 8448 for federation [0], which is unlikely to conflict with other services. But, even if it does, there are ways to specify a different port or subdomain [1].

[0] https://matrix-org.github.io/synapse/latest/federate.html

[1] https://matrix-org.github.io/synapse/latest/delegate.html

No, you can have both. All you need to do is proxy a few paths to the running instance of Matrix. Those paths are matrix-specific and won't interfere with anything else. I've been running on this configuration for some time now.

More details here: https://matrix-org.github.io/synapse/latest/reverse_proxy.ht...

You don't even need to do that.

Either add an DNS SRV record to example.com pointing matrix to matrix.example.com, or server a single JSON under .well-known pointing matrix to matrix.example.com.


Ah, that is much better.

In my instance, my root domain is served from CloudFront, so in this instance I could add an A record to a homeserver VPS and use a SRV/.well-known to point to it :)

I’ve been doing it for about a year now, and have never heard of it not working.

Well, yes. Matrix is a federated protocol like IRC, XMPP/Jabber, IRCv3 and a few other less known ones. Being federated is basically what made Email so widespread, and I guess in the long run that model of doing things will be the only viable one. For most people, states, companies and organisations, using a centralized foreign service, no matter how trustworthy it were said to be, isn't an option.

Similar, but different: IRC is decentralized (you connect to a certain server, and you can interact with users/rooms on this server). Matrix is federated (you connect to a certain server, but you can interact with users/rooms on every other server – much like you can write E-Mails to anyone who has an E-Mail address, no matter if its Gmail or Yahoo).

So when you want to compare it to anything else: it's much rather like XMPP than it is like IRC.

It goes even further than XMPP, as rooms in Matrix are fully distributed, with no single server owning them. Names like #foo:example.com are aliases, and aliases can be added under other homserver domains, too.

XMPP MUC rooms are, IIRC, dependent on the server hosting them and generally coordinating exchange.

So if #foo:example.com is in use in a cluster of servers and there's a netsplit for some reason and servers in group A lose connection with group B but both groups continue using the channel, what happens to the message history when the netsplit is resolved?

All room events (ie. messages) are part of a DAG, with each message indicating the most recent causality source, eg. another message that the client saw when sending this one. Think vector clocks, but more explicit. Any time an event arrives referencing some other missing event, servers and clients can act on that knowing that there's some kind of split happening.

Each event is also signed by the homeserver of the originator of the messages, so missing messages (due to partial netsplits) can be routed through third-parties, around the netsplit.

For full split-brain scenerios, after a merge, the two DAGs get joined and the effective room state is reconciled.

The big picture is that Matrix rooms are best seen as eventually-consisted distributed event log . :) https://matrix.org/docs/spec/#event-graphs

The scrollback ends up syncing up after the netsplit on both sides of the partition - you see a flood of messages come in from the other side of the split. In the relatively near future the remote side of the split will shown as a thread (if your client supports threads).

Technically, every message you send in Matrix is a mini-netsplit which then resolves as soon as it's received by the other server(s). So you don't tend to notice partitions, unless they go on for minutes on end and disrupt the conversation, but even then the history syncs up afterwards.

From the server's perspective, the graph of conversation history from group A and group B merge. From the client's perspective... depends on the client I think, but most seem to display the messages from the other side of the split all at once when they're first received.

Clients don't currently make it clear when messages came from the other side of a long netsplit, but the data is there on the server so in principle they could. I think the client API might need some changes before that'd be possible though.

Matrix is open federation, like Email. IRC is closed federation, more like a database cluster or some other distributed service where all components are run by a single team.

Except XMPP uses DNS for message routing from a human readable handle, user@host.com, but Matrix uses a central database "identity server" operated by Matrix.org and federation fails if this service goes down.

So Matrix is like XMPP, except that XMPP is really federated, but Matrix's "federation" is partial and therefore it's mostly marketing.

Matrix is really mostly marketing overall. That's part of why it's so popular here; HNers love shiny bullshit. Honestly XMPP is a better protocol, it's even still being updated and has many more server and client implementations, including modern ones, but Matrix has great PR.

> Matrix uses a central database "identity server" operated by Matrix.org and federation fails if this service goes down.

This is completely and utterly false.

The identity server is a completely optional directory service used to resolve email addresses and phone numbers to matrix IDs.

Honestly, I wish we'd never bothered with them - they are rarely used today, and cause more confusion than they add value.

> but Matrix uses a central database "identity server" operated by Matrix.org and federation fails if this service goes down.

It doesn't. Matrix identities (like @q3k:hackerspace.pl) are resolved to homeserver instances via DNS or HTTPS .well-known requests.

    $ curl https://hackerspace.pl/.well-known/matrix/server

    $ dig +short SRV _matrix._tcp.asra.gr
    10 0 443 synapse.asra.gr.

> Except XMPP uses DNS for message routing from a human readable handle, user@host.com, but Matrix uses a central database "identity server" operated by Matrix.org and federation fails if this service goes down.

This statement is almost entirely wrong. The identity server is A) only for mapping 3PID (3rd Party Identities, i.e. email addresses or phone numbers) to matrix usernames, B) can be self-hosted, and C) not required at all for federation. Federation does not in anyway require services provided by Matrix.org

> Except XMPP uses DNS for message routing from a human readable handle, user@host.com, but Matrix uses a central database "identity server" operated by Matrix.org and federation fails if this service goes down.

Uh, no? Federation certainly does not fail if the identity server goes down. You won't be able to invite someone to a room by email address or phone number if whatever identity server you're using goes down, but it's nowhere near the critical path for federation.

I think it shares lots of the core ideas behind IRC, but it thankfully incorporates a lot of progress made since IRC. You get creature comforts like Slack and the like (depending on the client), but it's still decentralized (even the Gematik setup, apparently!) and it you can make it very secure.

Does Matrix have a client that makes it easy to send voice messages like Whatsapp and Telegram? This is the only thing stopping us from using Matrix fulltime.

Short answer: no.

Long answer: there’s not even a simple native client that can even try to replace these apps. Often you see recommendations about some cartoonish app called Fluffy. No it’s no good. Every client is half baked, half cooked other than main client which was a electron monstrosity last time I checked. So the client space is still a mess (other than the org changing the name of its main client something -> riot -> element -> next name change awaited) compared to other personal messaging cum audio/video call apps. But a promising mess. Or so I hope.

Element Web has voice messages on develop, and should be landing on mobile in the coming weeks.

Steps in FluffyChat:

1. Press voice button next to text box on the bottom

2. Say what you have to say

3. Press "Send"

It looks like a private federation though, so while it's great that Matrix gets adopted more, it seems like every big entity they quote federate privately. Imagine e-mail but only being able to contact your company! It's a bit restrictive...

In practice, what we see happen with the big private Matrix federations is that the users start demanding being able to talk with users on other private federations, and/or the public Matrix network - and threaten to otherwise start using WhatsApp or Telegram or whatever for these sensitive but external conversations. So there is a huge incentive to actually federate properly, and we're talking to pretty much all of them on figuring out how to do so.

Well, they have very sensitive data they do not want to bleed outside of their controlled bubble (see GDPR). So this gateways will be very interesting :)

Yeah, but the fact you can do that is a big sales point for matrix. This concrete system is intentionally restricted to avoid the risk of data loss.

This is a much better system. In the UK we've gone from using pagers (I still use one) to proprietary systems which don't talk to one another (Medic Bleep, NerveCentre) in order to meet the ISO standard.

Wasn't there a city in Germany that to some fanfare moved all of their office IT to linux, and then a few years later switched back to Windows?

Yes, that was Munich with its LiMux project.

Incidentally and possibly unrelated, the project was abandoned after Microsoft moved their headquarters back into Munich.

It was Munich, the project was called Linux. Their previous mayor (Ude, social democrat) started the Linux project. The next mayor, Reiter, also a social democrat, even called himself a Microsoft fan and cancelled it against all advice. Suddenly Microsoft moved their Germany headquarters from a suburb to the city, so you go figure. Also, there were some internal power struggles between departments and some obvious mismanagement. Conservatives always have supported Microsoft, and the G, as usual, had no clue about tech and first supported Microsoft, but now claim to always have supported open source... Total shitshow.

Sounds like new CEO comes in and moves IT to his personal preference but leaves later before the move finished.

Sounds familiar? ;)

curious about the process to get this accepted behind the scenes. Some IT team convincing higher ups, trendy open source, coupled with standard/growing German disdain for anything US/foreign, and weird obsession with privacy ideals

Great! now they only need to fix the problem of doctors giving preference to private health insurance vs public health insurance. Or the problem of doctors systematically rejecting immigrants to be their GP or even giving them an appointment.

My private healthcare is substantially cheaper than the state one my SO has too...

Wait till you are older

Applications are open for YC Winter 2024

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact