Why not Matrix (2023)
9 months ago
- #federation
- #decentralization
- #security
- Matrix is a decentralized communication network based on a distributed, partially-replicated graph database.
- Matrix rooms are directed acyclic graphs (DAGs) of events like messages, bans, and membership changes.
- Events in Matrix are append-only, making deletion problematic and history potentially infinite.
- Redaction events are advisory and can be ignored by servers, leading to potential data leaks.
- Critical events like bans or membership changes cannot be deleted as they become part of the room's permanent 'auth chain'.
- Spam attacks can overwhelm rooms, requiring room recreation to resolve.
- Room history is best-effort, with events potentially appearing in different orders on different servers.
- Historical message insertion is possible due to weak event validation.
- End-to-end encryption (E2EE) is optional, and unencrypted messages are stored in plaintext across federated servers.
- E2EE is fragile, with device list sync failures causing decryption issues.
- Device list updates may leak client or OS information.
- Matrix's HTTP/JSON API has canonicalization issues, leading to signature verification failures across implementations.
- Server signing key expiry can cause split-brained rooms if misconfigured.
- State resets are common, especially with cross-language server interoperability issues.
- State resets can lead to moderation failures, including loss of admin powers.
- Rooms cannot be forcibly shut down across the federation, posing moderation and legal risks.
- Media uploads are unauthenticated and unverified, risking abuse (e.g., hosting illegal content).
- Media replication can unintentionally spread undesirable content across servers.
- Matrix lacks built-in content scanning for illegal or harmful media.