🔗Dept of Status of Matrix 🌡️
Robin Riley (m.org) reports
We are delighted announce that LiveKit is the newest Silver Member of the Foundation!
The LiveKit Project is an open source project that does everything Matrix needs for native group calls, and the company behind the project is donating their LiveKit Cloud services to help us provide that functionality to users on the Matrix.org homeserver.
We're grateful for their support and look forward to announcing 2-3 more new Silver Members in the coming weeks 🚀
Andrew Morgan (anoa) {he/him} reports
Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.
🔗MSC Status
New MSCs:
MSCs in Final Comment Period:
Accepted MSCs:
Closed MSCs:
🔗Spec Updates
The update above is actually from the last 21 days to make up for the lack of spec updates recently (I've been travelling!).
In my opinion, the most interesting part to talk about above is MSC4284: Policy Servers. If you haven't already, read the matrix.org blog post on Introducing Policy Servers. In short, they're servers on the internet where you can send events to and have them be checked for spam/illegal imagery/etc. before allowing the event to be sent down to your users. You can think of them like a SpamChecker Synapse module, but homeserver implementation agnostic.
This is a pretty interesting idea, and one can host their own policy server to keep the network decentralised. If you're interested in weighing in on the topic, please do so on the MSC!
Note: the idea of a "policy server" is not new. This MSC attempts to bring the concept in to the Matrix ecosystem specifically for Trust & Safety purposes. But the APIs could be used to enforce any policy (security, enterprise use cases, etc.).
Continue reading…
Last week, we shared details about ongoing attacks on Matrix. Over the past week or so, we’ve tested some new tooling to help combat abuse on matrix.org.
If you run your own Synapse server and your users are present in the Foundation’s community rooms, you can benefit from this tooling by installing an experimental Synapse module. You can find the code and installation instructions here. We’re deliberately taking the bold step of announcing a tool and also announcing its deprecation in the same post. This is experimental work, and we are iterating quickly. We expect to have an implementation in Synapse shortly, so the module will be discontinued around May 21.
🔗What are policy servers?
Policy servers are an overlapping layer of protection with existing community moderation tools such as Draupnir, Mjolnir and Meowlnir. Rooms can opt-in to this new layer of protection, recommending that servers participating in the room check events with a given policy server before they are sent to their clients. The policy server will pass an opinion on each event, recommending servers in the room to accept the event, or to reject it. For people in the room, this should be effectively invisible. Events which pass the check will be shown as normal, while ones which don’t will never make it through to their clients.
The Foundation intends to offer a policy server to room admins, but we hope that in time other providers will offer alternative policy servers. The Foundation is already running an experimental implementation for some of its public rooms, which we will release once we have confidence in the approach. We also expect that for many rooms, a policy server isn’t necessary, or spends most of the time in a low-power or disabled state. Element and the Foundation are exploring these ideas over the coming weeks.
🔗Get involved
MSC4284 is now open to support this work. Please get involved in the MSC, and help us to improve this addition to safety tooling for the network. We’d especially like to see implementations for non-Synapse servers.
Folks who run communities on Matrix who would like to test our policy server, reach out to us at abuse@matrix.org, using the subject policy-server-alpha
.
We're thrilled to announce that the migration of matrix.org to the Matrix Authentication Service (MAS) is complete and went according to plan - having been running for over 24h in our brave new world, we’re declaring the migration a success! As of Monday April 7th 07:30 UTC, matrix.org is running on Matrix’s next-generation auth system based on OAuth 2.0/OpenID Connect.
This is no mean feat - the migration shifted all 45M access tokens and 110M users from Synapse to MAS in under 30 minutes (thanks in part to MAS’s cheeky use of the x86-64-v2 architecture; who knew that database migrations can be SIMD-accelerated?) - and represents the culmination of over 4 years of work to move Matrix to a modern authentication standard. Many thanks go to Element for funding, Hugh, Olivier and many other contributors who helped me make Next Gen Auth happen!
Continue reading…
On Monday 7th of April 2025 at 7am UTC, we will migrate the Matrix.org homeserver's authentication system over to MAS (Matrix Authentication Service) in order to benefit from Next-generation authentication.
The migration will involve up to one hour of downtime.
MSC3861 (Next-generation auth for Matrix, based on OAuth 2.0/OpenID Connect (OIDC)) and its dependent MSCs have progressed sufficiently that the Foundation is confident in MAS and the new next-generation auth APIs. Specifically, all the MSCs are now in or have passed Final Comment Period (FCP) with disposition to merge! 🎉
We expect the MSCs to finish FCP and get merged into the next spec release. The full list of core Next-gen Auth MSCs is:
This is incredibly exciting, reflecting 4 years of work on next-generation auth, and brings with it a new account management interface, additional security, and a better registration experience.
Continue reading…
Hey all,
We're right at the end of Q1 2025 with a new spec release: Matrix 1.14! Our original plan was to cut this release around FOSDEM with some Matrix 2.0 functionality, but ended up needing to push the release out due to those MSCs not quite being ready. As we're cutting this release though, several of the Next Generation Authentication MSCs are progressing through FCP and could do with a release once written up as spec PRs. We anticipate that Matrix 1.15 will be that release, and go out early in Q2 2025.
This release brings just 3 MSCs to the world, largely because the SCT has been focusing so much on Matrix 2.0 objectives. The only feature introduced is the report user endpoint, to complement last release's report room endpoint - everything else is primarily maintenance of the spec. The full changelog is below, as always.
Continue reading…