Real-time communication is somewhat of a pain point for the Wikimedia movement. There is a large contingent of IRC users with highly specialized workflows (various notifications, highlights, personal scripts, helper bots, vandalism tracking bots etc) for whom moving to a different chat system is probably a no-go. There is also a large contingent of less technical users for whom the cost of learning IRC (with all that setting up a convenient environment involves - cloaking, a bouncer, notifications etc) is prohibitive. Using a different system for them creates a rift in the community, and is often contentious (as the most popular options are not free software, often not privacy-friendly, and don't support open community use cases well). Matrix / Riot.im (backend and default client for the same chat system) has the promise of fixing this problem - it is backwards-compatible with IRC on a low level and aims to provide a modern UI with all the bells and whistles people have come to expect from a chat system.
We should see what it would take for Matrix to be the offical chat system recommended for Wikimedia community members (IRC users could stay on IRC if they wanted, the two systems are fully interoperable) and see if we can help them get there. As a first step we should evaluate whether there are any features / UI improvements we'd want and whether those are must-haves or nice-to-haves.
Wikimedia use cases
- as a chat system for the WMF: see T230531: Run Matrix trial using the modular.im-hosted instance
- as a chat system for the Wikimedia communities
- as an IRC "client" for accessing existing IRC channels with decent UX: see T222458: Evaluate Riot as recommended IRC client
Matrix is an open messaging prootocol using a federated network of servers (called homeservers). Users and rooms are scoped to homeservers (with rooms being able to span many homeservers via aliases). Communication happens by clients talking to their own homeserver which is responsible for authenticating them, and homeservers synchronizing the messages with all the other homeservers who have clients participating in that conversation, ensuring eventual consistency. (Internally, it's more of a data synchronization protocol, with chat histories, not messages, being the first-class citizens; the "How does it work" section of matrix.org has a fairly accessible explanation.) There are "official" clients for all major platforms (web, iOS, Android, Win/Mac/Linux desktop), and a large variety of third-party clients (and also a few third-party server implementations). UX-wise, the official clients aim for a Slack-like experience (and the protocol is also in some ways a reimagination of the popular messaging features, like message editing or emoji reactions, for a federated world).
Aside from its federated nature, the distinguishing features compared to other chat applications are the ability to do end-to-end encryption (on top of the normal, piece-wise HTTPS encryption and signing between client and homeserver, and homeserver and homeserver) for group chat, and a focus on seamlessly bridging with other communication networks.
The official server and clients offer a similar feature set to Slack and its competitors: permanent identities with constant presence and notifications; searchable chat histories; rich text including link previews and attachments; avatars, stickers, emoji responses and bot integrations; channel previews; typing notifications and read receipts; message editing and removal. The one major Slack feature missing is threading (#2349; planned for this year).
The look-and-feel is inspired by Slack (although somewhat less polished - UX was developer-driven until a year ago, when they could afford hiring a design team, and they are still playing catchup). See https://about.riot.im/features for some screenshots.
There's also support for integrated VoIP calling and audio / video conferencing, and embedding widgets, but UX-wise those are more on the experimental end.
One of the strengths of Matrix is compatibility; there's a large variety of bridges to other communication networks.
Privacy, safety and security
Messages are sent to all homeservers participating in the discussion (i.e. when a message is sent to a chatroom, it is first sent to the user's homeserver, and then that homeserver distributes it to the homeservers of all the other users who are in the room). It is possible to delete messages once they have been sent (by the author, or by a moderator), and to configure message rentention policies (per-room and per-server time limits after which messages are automatically deleted); of course enforcement depends on the cooperation of all involved servers and clients. Beyond the usual privacy options (private rooms, invitation-only rooms, per-room options for room previews and availability of chat history before one's joining) Matrix also allows homeserver-only rooms and end-to-end encrypted rooms. When all users are from the same homeserver (whether it is declared as homeserver-only or not), no information leaves the homeserver. With E2E encryption, the homeservers cannot read the messages, but it does not protect against metadata collection and traffic shape analyis (who talked to whom when, message length etc). That makes Matrix the only non-fringe chat system today with E2E encrypted group chat. The related UX, such as device cross-signing, is currently somewhat substandard, but planned to be a major focus for the next few months.
Moderation is fairly advanced compared to other chat systems (this was cited as a decisive reason for Mozilla adopting Matrix). Room moderators can delete messages, kick or ban users and set server ACLs (such as banlists); room admins can also change configuration (e.g. enable integrations). Server admins can send global notices, delete/erase users, delete rooms and groups, hide room directory entries and delete room aliases, reset passwords. Users can flag messages and have personal ignore lists. Due to the federated nature, there is no IP-based enforcement as the IP of a user is only known to their homeserver.
Matrix itself has not been security audited, but the French state agency allegedly audited their fork. There have been two major security incidents, neither strictly related to the Matrix network itself: a matrix.org server breach in April 2019 (via weakly protected CI servers), and a critical flaw in the French government's system (reportedly specific to their auth integration). There were four security releases last year (1, 2, 3, 4; two of them labeled critical). The encrytpion library went through an external audit.
Governance and funding
Matrix is an open protocol owned by a non-profit, managed via open governance process, evolved through an RfC-style process. The official server and client implementations are open-source (Apache 2.0); from personal experience the developer team is very responsive, both on their issue trackers and in chat. The company doing the development initially relied on crowdfunding, then went through two rounds of VC funding ($5M in 2018 January from secure messaging company Status.im and $8.5M in 2019 November from multiple SaaS funders); it now has a SaaS offering (modular.im and work with the French government and German army who plan on using Matrix as the foundation of their communications systems.
(For comparison with the other large FLOSS Slack competitors, Mattermost raised around $40M in total, and Rocket.Chat $5M, according to Crunchbase. Slack and Telegram are between $1-2B.)
The federated part of the Matrix network is estimated to have about 3.5M user accounts.
Some of the 2020 priority focus areas for the Matrix / Riot team include end-to-end encrypted rooms, UX for non-technical users, group management, and bridges (connecting to other chat systems). See the 2019 report / 2020 roadmap for more details.