Just a heads up, that I mostly quit using Matrix except for a few topic-specific and heavily moderated servers.
Why? The main chat server matrix.org has a child porn/CSAM 'problem'. Due to lack of moderation in many of those rooms, along with protocol problems, these sorts of CSAM spammers can do an hours long image campaign of stuff that's illegal to even have. Theres nothing quite like waking up to a post every 10 seconds of felonies in a cybersecurity or Linux chat, and the summary clean and get the hell out of those rooms.
Banning also doesn't work, due to distributed nature of rooms. You can be banned from matrix.org room but connect through a different server, and they can still spam users.
If you do want to be on Matrix, I would recommend a few changes.
1. Don't stay on matrix.org chatrooms. They are the worst hit and slow to resolve
2. Disable image preloading and downloading.
3. If you have private servers and rooms for friends, its the best.
I've been using it for over 2 years now and I agree there's a spam problem on public chatrooms.
However, what's making me want to quit is that for more than 3 months now, message notifications have been completely broken on Android (Element X and its forks), and there's no fix for it. I completely miss out on important things and now have to build the habit of opening Element X once or twice every 15 minutes, so that it loads the messages from the server, and shows what people have been messaging me lately.
I no longer get message notification details on my phone, instead a generic "you have new messages" pop-up. There are at least 6 issues on GitHub detailing the same issue, but there isn't a fix and it looks like this is not a priority for the development team right now, even though it makes Element X practically unusable.
In my experience, Element X was released long before it was ready, and I still think it's far from ready. I've been using Element on android and it's been wonderful. Can't speak for iOS.
Element X is fine on iOS, but I wish it had regular updates. It feels like it has stagnated. There is still a feature gap for it to catch up with regular Element on iOS.
I agree this has been a problem for years and it's very frustrating.
The fix I found that works for me (at least if you're using Unified Push like ntfy) is to go into ntfy and delete all the Element subscriptions in there. Force close and reopen Element, which will automatically remake them.
That fixes the issue, at least for a long time. About once a year I need to redo the ritual.
I assume this is https://github.com/element-hq/element-x-android/issues/4880. Obviously push should be reliable on Android; on Element X iOS it’s rock solid these days. I’ve escalated the issue internally (it wasn’t on my radar, irritatingly).
You might want to look into Unified Push. Although you need to use a Unified Push server that supports the differing Matrix endpoints because for some reason the Matrix devs decided to do their own thing. I wouldn't call using Unfied push with Matrix reliable, just like nothing with Matrix is ever truly reliable, but it works much better than native notifications for me.
I haven't encountered any of that kind of abuse in Matrix after it has been implemented. It partially nullifies the point of the room decentralization, though.
Some of the biggest public rooms like "Matrix HQ" are almost unusably slow, though, since they have tens of thousands zombie users.
Matrix performance feels now more or less adequate for all realistic use cases, as long as long-term idle users are pruned out every now and then from public rooms.
> It partially nullifies the point of the room decentralization, though.
And that's the ONE thing giving Matrix bragging rights over any other chat protocol. Their whole crusade against XMPP in Matrix early days was based on this distinction and overstating the importance and relevance of it. So I guess we are left with an absurdly complex protocol and single-source implementation for… nothing then?
I've never engaged the project admins. But if they're like Tor and their responses to deanonymizing OS reporting (basically hostile and attacking), it wouldn't surprise me.
My issue with possession of CSAM is that its statutory without mens rea. That means if my client gets an image without my knowledge or approval, I'm still blamed for it. And blame is a bloody felony. Some jurisdictions call for absurd punishments of 10y prison per image.
There are a few rooms I'm in. They are heavily moderated and narrow discussion. One is an speech-to-text from OpenMHZ police scanner for my area. But I also discourage usage - I'm highly technical, and I fear average users would get in over their heads and have a very bad time.
>...if they're like Tor and their responses to deanonymizing OS reporting (basically hostile and attacking), it wouldn't surprise me.
Can you be more specific about this? I've met several of the devs and they seem open to bug reports, and the Tor blog is always being updated with notes about various fixes that have been implemented...
Tor silently, last October, quit spoofing OS and now reports over browser headers what OS you are.
Previously, every Tor Browser was "windows".
The claim I've heard was that there were JavaScript attacks that could uncover what OS you were using. Patching those would be 'too hard'. So now TBB just gives up OS. Seems not very good to voluntarily give up bits of PII.
Without knowing anything about Tor, I'd guess you've got it backwards. I imagine Tor leaks your OS through TCP/IP fingerprinting, and whether that fingerprint matches your `navigator.platform` is probably a factor into whether e.g. Cloudflare hellbans you.
Then again, I'd also assume Cloudflare just de facto hellbans all Tor exit node IPs, so...
Tor had a thin layer of user-agent spoofing: it would always claim to be Windows (I presume) in the User-Agent header. But the real user-agent (which is still spoofed, but platform-specifically) was easily accessible from Javascript without even fingerprinting, since they never spoofed the navigator.userAgent variable in the same way. It could also be detected from other fingerprints such as TLS.
They removed the header-only user-agent spoofing so that the User-Agent header now reports the same value as navigator.userAgent, which is one of three distinct values based on your OS type. The rationale is simple: having these different didn't work. It was a failure. It didn't hide any information. And it tripped fingerprint checks on some websites. So they stopped doing that.
Certain people are trying to make this into a huge uproar for some reason. As far as I'm concerned, it's a coordinated disinformation campaign to discourage the use of Tor. The developers probably get spammed about this particular change a lot, because of the disinformation campaign, which explains the hostile response.
Nowhere on Tor's blogs or social media posts mentioned any of these changes, and why. The 'debunking' is required because of media silence, and people online finding out about this.
Nor were there any developer statements about this change. From an outsider (user) perspective, this smells like a coverup or an insider threat ala XZ situation.
And for software that people sometimes rely on safeguarding their lives with, well, yeah, addressing these significant changes in the open is how you avoid due scrutiny. And I think scrutinizing the lack of communication is a rather damning problem, especially here.
The real crime to me is tor browser not spoofing navigator.platform. Regardless of the user agent, if this variable can be used to find something that doesn't say Windows, then I think that already greatly hurts your fingerprint as the number of non-Windows installs pales in comparison.
They definitely have a victim complex. Few years back, when I complained of the then-insanely poor performance and scalability of the Synapse server, they told me to spend a few thousands of bucks on a high-performance personal server, and to educate myself to set up and maintain a Synapse instance, which was then and is still much harder to do than running most other server software.
Hell, I was told I was a some sort of bad person for being unhappy with room joins taking hours or even days.
After exhausting all other options, they have improved their software a lot (it's still not perfect, but definitely usable), but their poor attitude has soured their reputation, and made it really difficult to be enthusiastic about Matrix.
I have heard so, too. Maybe I'll give it or some of its derivatives a try some time.
I think there is a some sort of catch-22 going on. Matrix Foundation can't fund the replacement of Synapse with a better-designed server, because hosting matrix.org consumes all the money. And it consumes so much money because it runs Synapse, which uses computing resources in a very inefficient manner.
And the Foundation might have a some sort of conflict-of-interest, since it is closely interwoven with the New Vector company, which business case is being able to make Synapse work despite its flaws.
There's an official Golang rewrite called dendrite: https://github.com/element-hq/dendrite
it has few start because they recentyl migrated it from the original repo (https://github.com/matrix-org/dendrite)
Development is not fast but it's going on, and it's currently on beta. I haven't tried it, I selfhost a synapse server which I used with friends, and with docker it wasn't hard to set up/maintain after the initial effort.
Only the Apache-licensed version is dead. The commercial arm (Element) forked it and relicensed it under the AGPL to make sure nobody but them can use their post-fork changes commercially. (Element demands you sign a CLA to contribute. Don’t[1].)
I mean, for years Dendrite was positioned, by the developers of Synapse themselves, to become Synapse's successor, and Dendrite was getting a ton of funding and attention to make sure it happens.
It didn't then, and now that the situation is dire for Dendrite (with no funding and no official effort being put into it), I have little hope things are going to improve.
Very easy to set up (without the Docker nonsense, it's just a binary that is trivial to build), but the real work was in maintaining it. After the third case of database table inconsistencies from joining large public rooms (or perhaps from upgrading it, or a combination) I regretfully had to give up on it. It was time consuming to find out the table structure being used and how to manually correct the data so that it would start again. People were generally helpful on irc but it's just not fun work and feels a bit unnecessary.
Thank you for bring this (conduit) up!!! Nothing beats a binary and toml/json/yml file deployment!!!
And it is what great about the matrix.org vs other open source app such as Telegram/Signal/Wire.... The protocol was designed to be open. If you don't like the client, write one, if you don't like the server, write another. Just follow the API specification. Being it is REST it is much easier to decipher than IMAP/SMTP. And port 443 works every where! Even on proxied Internet!!
The specification is so complex that keeping up with it is a full-time job - which benefits the Element Corporation, which profits from selling their complex server and client and also makes the specification. Just have a glance at the concept of room versions.
room versions are just a much-needed way of versioning the protocol, so we can make breaking changes without being trapped with backwards compatibility problems - no different to a fileformat including a version number. it’s one of the best bits of Matrix, imo, albeit sorely misunderstood (it seems).
IRC doesn't have this because it doesn't try to make rooms into long-running distributed state machines.
Although it is possible for two room operators to kick each other on different servers at the same moment, which probably does lead to state desync. They'd have to do it at the same moment. In Matrix, it tries to still sync things that happened 6 months ago...
On second thought, I think it would lead to both operators being kicked - a nonserializable ordering. Each server would independently check the action was authorized based on the prior state, and would then broadcast into the network, not "op1 wants to kick op2", but rather "op1 did kick op2". Users on op2's server would see that op2 kicked op1, and then op1 kicked op2, despite no longer being in the channel or being a channel operator. This seems acceptable, although counter-intuitive.
Hey, one of the Continuwuity team here - the name was a bit of a placeholder we picked as we were setting up the project, and we are open to changing it if we find something that fits the project and is a step up. Please join our Matrix rooms if you have a suggestion or more in-depth feedback, or want to participate in any polls we might run.
All I did was to DM you to ask you to not post screenshots of the CSAM spammer’s activity, as it amplifies their spam and gives them a platform which further encourages them by giving them attention and a reaction.
This should not be remotely controversial.
Obviously the Matrix team is very aware of the very real legitimate problem of the CSAM spammer, and all the very real legitimate complaints about it, and we have tackled it as transparently as we can, with very limited resources.
I am incredibly disappointed that someone I previously respected and considered a constructive member of the open source community reacted like this to a simple request to not feed the trolls.
I’m pretty used to dropping into an HN thread about Matrix and thinking “what FUD is Arathorn going to need to debunk this time”.
Sucks tech communities are so toxic, thanks for working hard making Matrix in this environment.
that, a thousand times. Combined with a severe lack of objectivity. If you can't see the flaws and can't be critical of your own product, what room/hope is there for improvement? Matrix is a never ending story of over-promises under-delivered, taking feedback in bad faith, and, yeah, playing the victim.
I'm amazed that Matrix did manage to capture so much attention for so long while at it. There were there at the right time but with the wrong tech/product/abstraction/competences, sucked all the air out of the "federated personal instant messaging that you can host yourself"-room, and I am still sour that they possibly contributed to the current sad sate of affairs and worst case of consolidation there has ever been in this space (there was a time when WhatsApp wasn't so ubiquitous, facebook messenger, skype, … sucked, GTalk had some amount of interop, and we had a shot at not having our instant messaging in walled gardens).
This has been due to a very persistent spammer attacking the public network. Since adding policy servers (https://matrix.org/blog/2025/04/introducing-policy-servers/) as a way to preemptively block content and other measures (https://matrix.org/blog/2025/02/building-a-safer-matrix/) things have improved at least in public rooms - assuming the admins enable policy servers. We sincerely apologise to everyone who has got exposed to this, and are continuing to improve the trust & safety apparatus in Matrix (although could really do with funding for the Foundation to help folks work on this as their day job).
It's been a while, I vaguely recall something about credits or levels or karma points or something, was this a matrix setting?
For my matrix rooms I really want a default karma = 100 to be seen by others in the room,
people can adjust this higher or lower
Might be interesting to have an option for others to donate 20 karma to new people they know are cool or something.
I get it that that destroys the conversation for new people and new people are what many groups really want - but we could be transparent about it.
I have two spammers over the years that I spent many many hours blocking ip cidrs and such.. this was actually easier with the old RealChat program (simple right click by moderators) - not sure if that has gotten better in recent year or so.
A cool down for new users and making it so we stop multiple 'cool in / warn up' accounts from same subnet would be nice too.
CSAM spam filtering is a bit of a moat for larger companies able to manage the costs of moderating it.
I would like to see AI moderating of CSAM, perhaps an open weights model that is provided by a nation state. With confidential computing such models can be run on local hardware as a pre-filtering step without undermining anonymity.
> I would like to see AI moderating of CSAM, perhaps an open weights model that is provided by a nation state.
I don't envy the people who would have to trauma their way through creating such dataset. Yet, it would be useful yes.
> With confidential computing such models can be run on local hardware as a pre-filtering step without undermining anonymity.
I'm not sure it'd make sense to run locally. Many clients aren't powerful enough to run it on the receiving end (+ every client would need to run it, instead of fewer entities), and for obvious reasons it doesn't make sense to run on the senders end.
I guess I meant locally to the server not the client (edge). But also perhaps a very light model could be run on the edge.
I built a porn detection filtering algorithm back in the Random Forest days, it worked well except for the French and their overly flexible definition of 'art'. The 'hot-dog/not-hot-dog' from SV HBO is pretty accurate on what that was like. I've thought about what it would take to make a CSAM filter and if it could be trained entirely within a trusted enclave without external access to the underlying data and I do believe it is possible.
You can configure synapse to not cache remote images. Yes, these spammers are obnoxious but most homeservers should be safe if the moderation is prompt.
Some of it was the latter. Matrix servers could be used in the past to store and serve unauthenticated media to anyone[0], which was described by the team as "not great"[1] and "abuse of Matrix as a content distribution network" [2].
I believe the team was prudent in being reserved about describing the issue (and the abuse it could entail) until after these changes rolled out in 2024[1], especially due to the unique challenges they required (including putting a freeze on unauthenticated media as part of the upgrade process).
Former, I think. It involved highlighting all users of the room, and sometimes verbal abuse against Matrix and/or the projects which the rooms in question belogned to. Now that sort of abuse is much harder, since they have improved spam filtering.
I have a private server (running Dendrite) but it doesn't even work well for that purpose -- so many bugs, many preventing me from reading messages due to encryption state fuckups.
Proper SPAM and user/content management is an inevitable need for public chat. E.g. what makes HN chat readable and full of legal content is not comment length limit but all of the other more complex systems enabling efficient moderation.
To be fair on matrix.org they recommend that you host your own server. Main selling point of matrix.org is there is NO centralized server!!! That is whole point of using matrix instead of Telegram, Signal, Wire.
Element for smart phone, please make it very easy to change custom server instead of the default "matrix.org" ( Schildi Chat did a good job in their UI) I would recommend matrix client over Element TBH.
Why? The main chat server matrix.org has a child porn/CSAM 'problem'. Due to lack of moderation in many of those rooms, along with protocol problems, these sorts of CSAM spammers can do an hours long image campaign of stuff that's illegal to even have. Theres nothing quite like waking up to a post every 10 seconds of felonies in a cybersecurity or Linux chat, and the summary clean and get the hell out of those rooms.
Banning also doesn't work, due to distributed nature of rooms. You can be banned from matrix.org room but connect through a different server, and they can still spam users.
If you do want to be on Matrix, I would recommend a few changes.
1. Don't stay on matrix.org chatrooms. They are the worst hit and slow to resolve
2. Disable image preloading and downloading.
3. If you have private servers and rooms for friends, its the best.