A month ago, in our annual review of privacy focussed service providers 'To secure or not too secure', we introduced SchidiChat as a great Android messenger based on the Matrix protocol. However, the best known Matrix messenger, and actually from where SchildiChat was forked, is called Element (formerly known as Riot).
The decentralized.today team has been using Matrix for years and have reviewed it in the past. So, given recent developments, it is no wonder that we are taking on Element again this time around.
First things first, Element has apps on Android (also on F-Droid), iOS (including a full screen iPad version), Windows, MacOS and Linux.
The F-Droid version has no need for the Google Play Store and you will receive push notifications. This is great and works perfectly on my GrapheneOS device.
Opening a Matrix/Element account is easy and you do not need to submit a telephone number. After opening an account on any of the instances (you can even self-host it) you will have a username simulator to create an email address. The beauty of Matrix is that it is decentralized, so you can communicate with other servers, even if you host yourself or use, for example, matrix.org as your main server, but still communicate with any other server on the Matrix network.
Communication is possible not just with other instances but also with other Matrix apps, from fluffy-chat to SchildiChat and even terminal-based options, all are in play ;)
The next big plus with Element is the E2EE (End-to-End-Encryption), which is standard on chats on Element out of the box. The encryption uses the Olm/Megolm- Protocol.
Olm is an open implementation of the Signal protocol. The encryption also supports PFS (Perfect Forward Secrecy) which allows you to use Element on multiple devices at once.
Element makes it easy for you to use multiple devices and uses cross signing to it so. In short, if you sign in on a new device, a banner will show on your existing device that warns you of a new sign-in. You then need to scan the QR code displayed on the other device and you will see emojis pushed to the screen, only if you verify they are both matching, at which point your new device is verified.
Once you verify the new device you will see a green shield which confirms both devices are now verified.
Element has a beautiful UI on all platforms.
Element and the Matrix system are both fully open-source which is another massive plus and shows full transparency on the network.
Matrix was last time audited in 2016
In our recent XMPP review we were ranting about metadata and this is where Element also fails to shine. Unlike Signal or Threema, which have great solutions to keep metadata to a minimum, Element on the other hand keeps a copy of your conversation on all servers which are communicating. Whilst this is needed to have a history on all your devices and between all users, this also allows metadata to be stored. However, you can delete conversations, an actual chat on a one-on-one or in a group chat, and that should delete it on all servers. This said, you would need to delete every single chat manually, just signing out of a group will not delete the conversations.
Remember we have mentioned metadata in the past and even though the chats are encrypted - the metadata, which can be used against you, is not!
Matrix also has your contact lists, all your group chats, one on one chats and IP address etc… this is metadata which stays on the servers until you delete your account. Just have that in mind, always remembering that E2EE is in place.
You can also use Element for calls and for video calls. One-on-One calls use WebRTC while group and video calls are using a Jitsi-Meet bridge.
Talking of bridges, you can also use a few very useful ones and bots like RSS, but also bridge Slack, Discord, Telegram and others into the Group chats.
Tracking is always one of those worries when it comes to using basically anything on your devices. We did not found any user trackers and that helps make it a great messenger.
However!!! Something that is usually a no-go (if not quite a deal breaker) but certainly very annoying is the Google ReCapture during signup, which has trackers and is about as bad as it gets!
Overall Matrix/Element has, for a long time, been our go-to work chat at decentralize.today. We all use it daily and most of us use it for many of our personal contacts. The metadata problem is not pretty and Google ReCapture issue downright ugly, yet it has end-to-end-encryption and works perfectly on multiple devices. It is decentralized, open-source and you can self-host it (where you can also deactivate the Google ReCapture, problem solved!).
Next month, our year end summary of The 2020 review of Messaging Service Providers: 'To secure or not too secure'! (All entries for this year are available under the Privacy tag dropdown.)