Another weekend, another encrypted messaging outage. Sort of.
This past weekend, Element was removed from the Google Play store. Fortunately at the time of writing, this has been resolved and Element has been restored to the Play store. It turns out that the app was banned due to “extremely abusive content” on the matrix.org homeserver. Without having contacted them to confirm this, I assume Element took the brunt of that punishment as the most popular Matrix client. Fortunately Element was able to quickly establish contact with Google and explain their lack of involvement and get cleared.
Before I go any further, let me explain Matrix and their relationship with Element for those who are unfamiliar. Matrix is not an app, it’s a protocol and, as one might expect, an organization behind the protocol. The Matrix organization hosts a matrix.org server to help support their project. Element is a client, just one of many. Anyone can host a matrix server, and there are many great options out there. Any client can connect to any server, and any server can choose to defederate or block any other server. Some parallel examples you may be more familiar with include XMPP and Mastodon. Matrix works exactly the same way. Matrix is XMPP or Mastodon, Element is Gajim, Pidgin, Conversation, ChatSecure, Tusky, Amaroq, or any one of the other dozens of apps.
Like any other corner of the fediverse – or really any social platform, for that matter – Matrix has its dark corners. (Some platforms have more of them than others, but that’s not the point right now). And Google, without understanding the relationship between Element and Matrix, assumed that Element was responsible for those dark corners and reacted accordingly. As I said above, fortunately Element was able to get this cleared up and return to the app store, but this raised a number of questions that I am still mulling over personally.
Let’s start with the most obvious issue here: responsibility of content. “Section 230” is a phrase you’ve probably heard tossed around considerably lately. Section 230 refers to a specific section – Section 230, as you’ve likely gathered – of Title V of the Telecommunications Act of 1996. This article isn’t about Section 230, but suffice to say that it’s a mere 26 words and it’s generally interpreted as meaning “I’m not responsible for what you say on my platform.” If I post a bomb threat on Twitter, Twitter is not responsible. I am. If I host a Mastodon instance and you post hate speech – in the legal sense – you get sued, not me. This raises the question: why are Google and Apple censoring ANY apps if they don’t risk legal responsibility? I’m not going to go into politics or my personal views here, but it strikes me as rather inconsistent. And speaking of inconsistency, the reason apps like Parler and Element have been banned is because they allow ACCESS to specific content. Well what about the Chrome app? Or the Brave app? Or Firefox? Or Tor? Or even Facebook? Experts have generally agreed lately that Facebook is a hotbed of white supremist content. So why isn’t Facebook getting banned from the Play/App Store? Prior to Parler’s entire hosting going offline, one could easily access the site from a browser. I mean, if we’re being honest, Telegram is the primary means of communication for cybercriminals to sell their data breaches. I downloaded that less than a month ago with no issues whatsoever. And I’m pretty sure I could creep on underage girls on Reddit or TikTok. Haven’t tried, but I’d be willing to bet a paycheck I could. Where is the consistency?
Let’s set that aside for a moment, because honestly that’s not the part that troubles me the most. No, what troubles me – if I’m being perfectly honest – is that I’m now questioning my choices in life. You see, I’m an iOS user. I own an iPhone 6S, and while it is clinging for dear life (I have to delete several apps every time a major update rolls around then reinstall them after), I plan to stick with this phone til it literally stops receiving updates or becomes irreparably damaged. Probably cause I’m cheap. IOS is unarguably more secure than Android, and out-of-the-box I believe it it to be more private. Sure, Android can be made more private, but I’m talking about the actual OS. We’re excluding things like flashing a custom ROM (which I 100% recommend if you own an Android and your lifestyle permits). Unfortunately, based on my research, at this time, I don’t believe a custom ROM will work with my lifestyle, so my choices are basically Android and iOS. Between the two, iOS seems like the obvious winner. Or should I say “seemed like.”
One major drawback to iOS is the App Store. You see, Android users have access to numerous recourses. When Element was removed from the official Google Play store, Matrix (and Element) were quick to remind followers that F-Droid was a thing. And if you’re decently confident in your tech skills, sideloading apps is a thing. “Sideloading” is when you install an app directly without any kind of app store. In fact, sideloading is so easy that it’s the main avenue for infection from malicious apps. On the now-defunct New Oil Podcast (check here for the new incarnation), I regularly discussed malicious Android apps. Guess what? Most of them were the result of sideloading. So while risky, sideloading is an option (and not risky if you've vetted the source). But as an iOS user, I have no such options. I have only ever heard of a single “alternative” app store, and it was really basically just an app that functioned as a proxy. One person once informed me that sideloading iOS was possible, but was incredibly difficult. I consider myself fairly technically proficient and even I don’t think I could successfully sideload iOS apps without days of dedicated work and a serious spike in my drinking. And I hate to tack this on as a final sentence at the end of a paragraph, but that’s not even mentioning the fact that iOS charges a fee to developers, requiring a higher financial barrier to entry than the Play Store. That’s why there are certain apps (*cough*Briar*cough*) that I don’t even get.
So here I am, forced to decide to which evil I prefer. Do I want the enhanced privacy and security of iOS at the cost of being forced into a single point of failure? Or would I rather risk my privacy (and possibly security) in order to have access to potential features like custom ROMs, alternate app stores, and sideloading? Quite frankly, this feels a lot like picking between Brave browser and Firefox: do I want the guys who are shady in one way, or the guys who are shady in a different way? There’s no winning.
I hate to end on a negative note, so I want to shine a light on – and celebrate – the win in this story: this event really highlighted the advantages of open source and decentralization. Element was removed, and that really sucks. But Matrix itself was completely unaffected. Matrix continued to function. And even had Google gone after the right person and disabled the matrix.org homeserver (somehow, I’m personally not even sure how that would work), the Matrix protocol itself would’ve continued to function. The various servers would’ve continued to function unabated. And the clients, too. Element may have gone, but Fluffychat lived. And so did Schildichat, and NeoChat, and the Matrix CLI and and the dozens of other projects out there. In the words of Leonardo DiCaprio from Inception:
What is the most resilient parasite? Bacteria? A virus? An intestinal worm? An idea. Resilient... highly contagious. Once an idea has taken hold of the brain it's almost impossible to eradicate. An idea that is fully formed - fully understood - that sticks; right in there [the brain] somewhere.
Decentralization and open source are ideas. You can kill the client. If you’re lucky, you can even kill the organization that started the protocol. But as long as the source exists somewhere, it can always come back. It will never die. I don’t know what OS I’ll pick next. Maybe an iPhone SE. Maybe the latest Pixel. Maybe even Pinephone or Librem or Calyx if they’ve come far enough. But I can promise one thing: the idea has been planted. And no matter where I go next, that parasite will live in me, and the proprietary corporations can never kill it. Whatever comes next, I’ll make sure I’m ready. One way or another.