Skip to main content


"we fund Matrix dev by selling encrypted messaging to governments, which includes police: if you don’t like that then please feel free to use a different app" May 9th, 2023 -@element

source https://mastodon.matrix.org/@element/110340953550548309
Element really just told us if we don't like their direction of selling services to cops we should use another app. This is seriously the direction they settled on.
I just tooted about my use of XMPP & Snikket...
@alcinnz The same XMPP that's famously used by US military?
@ar I'd say there's a difference: Matrix as an organization is specifically courting cops.

If XMPP's devs didn't prod the US military to use their tech, then I don't hold this fact against them. That way lies madness!
@alcinnz Ok, so which xmpp server software do you (want to) use, if you want to draw that line?
@ar I don't believe Prosody or Snikket has crossed that line, but honestly I haven't checked.
@ar btw if I opposed software which someone is selling to the US military, there's WindRiver Linux...
Well now we know why they changed their name from Riot to Element. Can't have the app be revolutionary themed if your actual audience is the fucking cops
A lot of their revenue has been government contracts for years, hasn't it?
So not shocking they'd go along with police involvement.
Nextcloud also gets a large amount of its funding by selling support to governments, schools, and military. Another way to look at this is that governments are funding highly secure FOSS that we all can use.
"It's open source, so anyone can use it", is different from, "We support local governments who use it", which is again different from, "We went to a police conference to advertise our services".
@foolishowl
OK, so let's have 'em all give our tax money to Microsoft. 🤦🏽‍♂️
@downey A major reason for encrypted communications is to keep out police and state security, who have a strong interest in subverting the integrity of encryption. Anyone developing a secure communication tool would be conscious of this. To actively seek to market to police is an implicit betrayal of everyone who supported and relied on the project.

And just in general, you don't collaborate with police.

ᵒᵏ wakest reshared this.

@foolishowl
Are you aware that government employees regularly participate in infosec events? And that >40% of the Tor Project's annual revenue comes from governments?
@downey It's a huge problem with the infosec community, and it's why I'd only recommend the use of Tor very conditionally.
@foolishowl @downey
always same, technology is bought by capital to protect capital via police state and miliary, inbuild ethics for the people needed
@foolishowl @downey If you're gonna discriminate encrypted free/open messaging tools by "has been used by state" or "its developers have helped the state use it", your list of "good" IMs is going to be a lot shorter than you want to imagine.
@ar @downey Basically Signal. Probably.

Another issue with Matrix is how it's de facto centralized under the control of Element, the company.
@foolishowl @downey Signal doesn't support any kind of federation (at least with the official app, and the only official server), even though they (used to) claim that it's possible to enable it in the protocol, so it is actually centralized.

And relies on phone numbers as user IDs, which is, like, wtf?
I didn't say it was flawless. Just that it doesn't work with states.

Probably.
This entry was edited (1 year ago)
@ar @foolishowl @downey The list of good IMs is tiny, I think it would only exclude Matrix unless the XMPP users are hiding something right now
This entry was edited (1 year ago)
@luna @foolishowl @downey ejabberd is/was used by various military forces is the west, so :blobcatshrug:
@ar @luna @foolishowl @downey there is a lot more server choices other then just eljabbered tho and thats not the case with Matrix there is pretty much a single point of control in the network. Matrix/Element also controls all the matrix.to links and most of the groups are home servered on matrix.org

@ar @luna @foolishowl @downey matrix.to links don't rely on matrix.to, you don't matrix.to to resolve these links.

And actually most groups are served on other servers as well

@kitkat rarely seen anyone share a matrix group without a matrix.to link. yes it is not mandatory but its ubiquitous
it's supposed to be ubiquitous and it is not a problem.
A matrix.to link does not depend on matrix.to. Clients can and do parse the link without accessing matrix.to
@kitkat I completely disagree. I think that is a huge problem. That routes all the IP addresses through a central company run domain.
what is "that"?
Do you understand what I explained?
This entry was edited (6 months ago)
@kitkat If you send someone a matrix.to link, and they load the website matrix.to then the host of matrix.to knows the IP address of that person...
Don't worry. Everybody will flee to Discord.
Yeah, I definitely feel VERY free to use a different app and also to let anybody who uses their app know this aspect. I dont see how it is remotely ethical to do business with law enforcement industrial complex, the whole point is that the massive amounts of money in it are fundamentally corrupting.
wasn't it the direction from the beginning on? Chasing the shiny VC money no matter what?
Not sure what the issue there? It’s a way to fund open source and free software gives no restriction on its use. Everyone can use it. They are quite clear on ensuring that software does e2e for everyone.
@Alexandre Dulaunoy @wakest And law enforcement agencies worldwide have pushed back against e2e encryption for everyone, can you see the cognitive dissonance here?
If they use e2e on a regular basis to secure their communication, it's then more difficult to push back against e2e at the executive level. So promoting e2e everywhere is the only way to ensure it's safe-guarded everywhere including for law-enforcement agencies.
@Alexandre Dulaunoy @wakest In the absolute, you're right, but it doesn't prevent law enforcement agencies from pushing for "e2ee for me, not for thee", no matter how risky it is even for them.

Content warning: yelling (not at you OP)

Content warning: yelling (not at you OP)

Content warning: yelling (not at you OP)

Content warning: Yelling (not at you OP)

@theruran @alcinnz Do you have any knowledge as to where the bulk of funding is coming from for those who are supporting the XMPP ecosystem? @tigase whats your funding model look like?
Whelp, guess what just got uninstalled!
Something else about Element I've never seen much comment on but always really bothered me is this - why is it ok that the mobile app for a supposedly privacy-centric messenger is collecting all this telemetry?

https://apps.apple.com/app/vector/id1083446067
Screenshot of the privacy report for the Element Messenger app from the iOS App Store, showing lots of invasive telemetry collection
@theruran @alcinnz @tigase XMPP servers are cheap and easy to set up. The core software has been around for decades. Several proprietary chat services started as XMPP, then defederated, most famously Facebook Messenger and Google Chat. That's probably where most of the initial funding came from.

Adrian Cochrane reshared this.

I don't know what "Element" is. I am enjoying that this is the first quote-post I've seen on Mastodon.
As far as I can tell, the XMPP project themselves do not have much more of an internet presence than what I'm managing on the side.

So I believe right now their funding is very meagre, relying on the sort of opensource contributions which have brought others so far!
This entry was edited (1 year ago)
TBH I am very torn on this.

1. Even a non-profit has fund itself somehow. Public funding and government contracts make sense.

2. The alternative for non-US military and/or police would likely be to use one of the big messengers (e.g. WhatsApp) or buy from a company that does "security by obscurity".

In my opinion: Police/military will use some kind of messenger anyway. I would prefer if they used one with less backdoors and more security.

Of course it could happen that police and Matrix get all warm and cuddly with each other. This is definitely a thing that makes Matrix less trustworthy.
@wakame @˗ˏˋ wakest ˎˊ˗ @Element Like others have said:
Accepting police like any other customer: Ok, fine.
Actively reaching out: Bad optics, risk for compromise.
It's hard to find a tech company whose C-Suite won't jump into bed with anyone with cash. I'm looking forward to when we've moved on to whatever is after this phase of capitalism.
no back door required if you are shipping the data out the front door on purpose.
... motherfucker

Okay, gonna phase element out of my ESL volunteer work I guess
If talking about being in line with fedi culture, I'd say delta.chat (@delta@chaos.social) deserves an honorable mention for implementing secure messaging over the existing email network.
like @jalcine said... a horrible hill to die on.
@foolishowl @theruran @alcinnz @tigase in terms of ongoing provider costs, the server side is so lightweight as to barely register.

I provide XMPP messaging for Chinwag users automatically alongside their Fedi service and it's barely a blip in the stats compared to something like Mastodon.
Just read the article. If I understood correctly, they seem to mean that they're selling services to help maintain servers, like live chat and such, and NOT that they're selling individual messages to governments.

A very poor choice of words there. I couldn't pick a worse set even if I tried.
@theruran @alcinnz @tigase

Sorry to pop everyone's bubble but XMPP is also widely used in police and military applications. People need to be a bit more realistic about the dual-use nature of internet and computing tools.

It's a bad look to be advertising your cooperation with cops and fully mis-reading your audience here. Also, I do not condone it. However, to the audience: what did you expect? Secure communications is first and foremost a defense industry need.

If use and engagement with police and defense is your standard for whether or not to use a particular set of tools, then do I have some bad news regarding all of open source for you!
Police/Military/Government is the only major source of funding for encryption tools and encrypted messengers

Be it Element, Conversations or GPG. No one else is willing to pay enough

Refusing to sell would harm the free software project, but would do nothing against the police using matrix. It's free software after all and they can use it without any support contract. And some governments do exactly that

This is a situation where you can't win either way. Fuck capitalism 🤬
so which is it in the end? I see contradicting retoots. Do @element sell chat logs, or chatting devices to governments / police ...? It's indeed quite not the same.
oh my god that's the actual quote wtf
@theruran @alcinnz software licence (https://tigase.net/pricing-xmpp) and technical support (https://tigase.net/pricing-technical)

Tigase is almost completely FOSS/AGPL (save for advanced clustering) and can be deployed and used as such.
its a good reminder to work out better community funded and accountable models.

"Open source" isn't a funding model.
That's both horribly worded (I understand what they meant, though) and hilarious. Matrix's UX is so bad (probably because I tries to mix IIRC back compat with E2E encryption) I can't imagine an org actually paying for it. But now that I think of it none of the other enterprise chat apps (Slack, Teams, Webex, etc.) have E2E
@rra @theruran @tigase I find it unfair to judge devs by who are using our software, we might need to accept uses we disagree with to do the most good. (I don't disagree with private software, as long as those who use your software gets the Four Freedoms).

I think it is totally fair to judge us by who we're engaging with!

Personally (privileged) I can't get all that worked up about 1312, but I see the counterarguments missing the mark.
@theruran @alcinnz @tigase Most XMPP software is developed by individuals like @daniel without millions of VC funding. And they still manage to release modern features (Conversations and @dino released native A/V calls before #Element did) all while complying to current internet standards (instead of inventing yet another incompatible messaging protcol) and building on native UI libraries (instead of Electron bloatware). #XMPP truly was the right answer to instant messaging all along.

Brie Mmm reshared this.

I prefer #xmpp but I don't get why this causes so much flap on the fediverse. Matrix is selling their messaging as a business model and also sell it to the police, so what?
@element
@silverwizard
I know what the police is. There might be bad cops but in general they are doing an important job.
@liaizon @element
Are any servers "de-federating" matrix.org because of this?
@cel I would imagine there would be if more people knew this happened. I think my post is the biggest blip this has made as far as I can tell
@cel
Do you have something against public services using FLOSS software? AND financing a EU company for developping it ? What about the French Gendarmerie using Linux for Years? Would you criticize a company that would maintain and develop linux distribution for them?
Usually the alternative is to use a service from the GAFAM, so I think what Element does is more than OK.
@crashglasshouses @foolishowl @downey Not really? With XMPP and Matrix your messages are stored and forwarded on your server, and on the other side's server, but since Tox, by design (at least at the time) had no concept of servers/proxies, there wasn't anyone to store "in flight" messages for you.
@ar @foolishowl @downey welp. that's the same problem XMPP has, and to some degree, Matrix as well. blargedy blarg.
@crashglasshouses @foolishowl @downey Last time I tried Tox, moving the same account between devices wasn't a thing, and message didn't get delivered if sender and recipient weren't simultaneously online at the same time. I get why it behaved like that, but it just pushed it beyond the edge of usability for me.
@crashglasshouses @ar @foolishowl @downey thats a client issue thats quite easy to fix with just showing a profile picture in the corner of the client app. some apps support this already
@ar @foolishowl @downey i was talking about moving accounts between devices. Matrix isn't as bad, but XMPP makes it difficult to tell which session you're using if you have multiple.
@crashglasshouses @ar @downey Gajim for instance. It's one of the reasons I prefer it to Dino.IM
@rra @theruran @alcinnz @tigase IMO there is a huge difference in having the police use your software and the police being part of the funding of the main software provider for a protocol. The former is obviously something you have no control over. While the latter can cause reliance on the police and give them influence/power over the direction the protocol can move towards.

#xmpp #jabber #matrix
@stevenroose @rra @theruran @tigase If you go out of your way it's possible to control whether the police/military use your software, but often that'd prevent a lot of good from being done too!
@Gabriele Svelto @wakest Having people use your free software and selling support to them aren’t the same thing at all. You have limited control over the former in an open-source environment, while you have total control over the latter no matter what.
@Gabriele Svelto @wakest By all means, please keep moving the goal post, see how far it gets you. You haven't even tried understanding, let alone sympathizing with the people who feel bad about using a piece of software because the main company behind its development sell its support to law enforcement agencies, so how about you fuck right off?
a company sells support, not a piece of software. The Matrix protocol is free and has several independent implementations, why would you stop using that because one company sells support to someone you don't like? All sort of terrible companies sell support services for Linux and even worse ones contributed to its development. Would you stop using the software because of that?
@hypolite the OP conflated Matrix and Element, not me. I can similarly conflate any piece of the FOSS stack with either IBM or Google, two companies that did far worse than Element will ever do. If your goal is radical political change of government agencies - and law enforcement in particular - then not using a particular piece of FOSS software will *NOT* achieve that goal. Neither will insulting strangers. Political change requires political action.
This entry was edited (6 months ago)
@gabrielesvelto @hypolite Please do not continue to tag me in your bad faith arguments.
@Gabriele Svelto Well you made a false generalization in your very first reply so why do you expect to be treated with politeness when you then double down?

@Gabriele Svelto I really don't have to explain anything to you, especially not something you framed in bad faith. Obviously we don't have the same values, and you can't talk anyone out of their values, the same way I probably cant talk to you into growing some.

Values are only meaningful if you are making concessions for them. Pointing out that these personal concessions are somehow unwarranted or inconsistent will only get you a cold shoulder.

This entry was edited (6 months ago)