Freedombone Blog

Freedom in the Cloud

Matrix on Python 3

Also another development is that the Matrix app on Freedombone now runs on Python 3. This improves its performance and makes it more suitable for running on ARM single board computers with 1GB of RAM. In tests while running a room with 20 users and subscribing to a few rooms on other homeservers, some of which are quite high volume, Synapse on Python 3 only uses 200MB of RAM. So this makes it similar to an XMPP server in terms of resource use.

XMPP still has advantages, such as the ability to proxy through Tor on mobile (the Android Riot app currently can't do that, hence exposing metadata) but the competition is getting closer. Really the idea of competition is the wrong frame here though, because bridging between Matrix and XMPP is improving and so in the end choice of chat software will just be down to personal preference.

Also on the topic of chat systems I noticed that OTR version 4 was announced on day 3 of 35C3. It doesn't support multi-user encrypted chat though, so this is an encryption standard which is dead upon arrival. Yes, a lot of private chat is one-to-one, but in the last few years private group chat has become a major phenomena and to ignore that in your security model is a gigantic oversight. So an easy prediction is that OTR will continue to decline in popularity in 2019.

The Dark Matrix

While listening to some 35C3 talks I've managed to get the Matrix and Riot apps for Freedombone working on onion addresses. I don't think there were any fundamental barriers preventing this from happening earlier, and so my previous statements about Matrix being tied to TLS and not compatible with Tor were probably just wrong. Since RiotWeb is composed of client side javascript if you're running it within a Tor compatible browser it doesn't care whether the domains being used are clearnet or onion ones.

I expect that federated onion homeservers, forming a "dark Matrix", will work but that there will be issues with federating onion and clearnet homeservers. This isn't unusual, and the same applies to fediverse instances.

Running on onion addresses does provide some security advantages, but also it means that you don't need to buy a clearnet domain, you don't need to forward any ports and so could be behind a hostile internet router and you don't need to care about obtaining TLS certificates. There was a talk on the first day of 35C3 about TLS1.3 which also described the many issues with TLS and what a dumpster fire it is. In a lot of ways using onion addresses is more convenient and with better security properties, so long as you don't mind the long random strings or QR codes.