I maintain an instance, a.k.a. homeserver, of the Matrix communication service. It is open to the public, though it was originally set up for friends and family to get away from platforms with questionable security and privacy practices.
This homeserver is federated and communicates with all other Matrix homeservers, including the public Matrix.org homeserver.
This page aims to give new users an overview of what Matrix is, and to provide instructions how to join it using my homeserver (or any other homeserver). This involves installing a Matrix client such as Element, configuring it to connect to this homeserver, and creating an account.
This website is neither affiliated with nor endorsed by The Matrix.org Foundation or New Vector Ltd. The Element name, logo and device are registered trade marks of New Vector Ltd. The Matrix name, logo, and device are registered trade marks of The Matrix.org Foundation.
This page was previously hosted at https://matrix.calvinrw.com and was separate from calvinrw.com. That URL now redirects here.
Quick Reference
Homeserver: https://matrix.calvinrw.com
Element downloads
Platform | Install via |
---|---|
Android | F-Droid |
iOS | App Store |
Windows | Element Windows Installer |
macOS | Element macOS Package |
Debian/Ubuntu | Element (Riot.im) Debian Repository |
Feedback
The instructions on this page assume a reasonable level of comfort downloading and running programs from the Internet on a computer, or installing apps on a mobile device from an app store. They also assume an understanding of good practices when storing sensitive information safely and securely. The details of these vary somewhat by device and platform and are beyond the scope of this page.
The Matrix ecosystem, including Element, is constantly evolving. This document may not always be up-to-date or account for every pitfall a user might encounter. If anything about this page can be improved or clarified, please let me know. Feedback is always welcome.
Overview
Components and Features
The Matrix communication service is comprised of three distinct free and open-source components:
- Matrix - The secure communication protocol implemented by both the server and client programs
- Synapse - A reference implementation Matrix server, which clients connect to 1
- Element - A popular Matrix client, which users install and use on their devices
Thanks to federation, users who register on the matrix.calvinrw.com
homeserver are not locked into only communicating with each other, but may communicate with anyone using any instance of Matrix, and vice versa. With end-to-end encryption, messages are guaranteed to be readable only by the sender and recipients.
This page focuses exclusively on the Matrix client Element, but many others exist. A comprehensive list is available on Matrix.org's Clients page. Not all clients implement support for end-to-end encryption.
Matrix IDs
A Matrix ID is like an email address, in that it specifies both a username and host. Taking an email address for example:
info@calvinrw.com
In this email address, info
is a specific username or mailbox, and calvinrw.com
is the host on which the email service resides. Because email is a federated service, anyone using an Internet-facing mail server can send an email to that address, regardless of the host they are using, be it gmail.com
, bradley.edu
, protonmail.com
, or one on their own domain.
Similarly, a Matrix user ID takes the form:
@calvin:matrix.calvinrw.com
Where calvin
, preceded by the @
character, is the username. Following the :
character is the user's homeserver, in this case matrix.calvinrw.com
.
Matrix IDs can take other forms. Rooms are identified as:
#support:matrix.calvinrw.com
Where support
is a room on the matrix.calvinrw.com
homeserver. A room is a discrete conversation between one or more users, and is highly configurable in regards to who can join and view the conversation.
Homeservers
A user's homeserver is the third parameter required when logging into a Matrix client like Element, the others being a username and password, and is the server on which the account registration resides.
Matrix was designed around the concept of decentralization, and works best when communications are between many small homeservers, rather than a few large ones.
Generally, it doesn't matter which homeserver a user chooses to join, but a user may choose to join a particular homeserver based on two factors:
- Gaining access to a rooms that are exclusive to users of that homeserver. Communications within such a room are guaranteed to never leave that particular homeserver via federation.
- Where their account information is stored
There are also public Matrix homeservers, such as matrix.org
, which is selected by default when creating an account in Element. While this page details how to join matrix.calvinrw.com
, there is nothing wrong with using public homeservers, though they often suffer from performance issues due to their high number of users and rooms, resulting in long message transmission times.
Popular public homeservers include:
Further Reading about Element and Matrix
- Matrix.org frequently asked questions: https://matrix.org/faq/
- Element.io help: https://element.io/help
- Matrix.org project roadmap: https://github.com/orgs/matrix-org/projects/9
- Matrix.org developer blog: https://matrix.org/blog/posts
On July 15th, 2020, the reference Matrix client known as Riot (Riot.im) became Element (Element.io). This coincided with a major rewrite of the Riot client that was known as RiotX while it was in beta. Articles and technical references that still refer to Riot or RiotX are most likely out of date and are only kept for historical purposes.
- The Big 1.0: An overview of Element.io and the project's goals
- Running your own encrypted chat service with Matrix and Riot: Complete setup instructions for a self-hosted Matrix instance
- Yet another messaging platform: Why Riot?: Another overview of Riot and Matrix
Existing Services
To a reasonable extent, Matrix can serve as an alternative to existing text messaging and online communication services. The following list highlights major problems with existing services, some of which motivated me to set up this Matrix instance.
MMS/SMS (Text Messages)
- Dependent on cell carriers' network integrity and latency 2
- Inconsistent message delivery and re-attempted delivery 2
- Poor or inconsistent handling of multimedia messages / group messages across different platforms and carriers 2
- No privacy whatsoever; carriers can view message content as plaintext 3 4
Other Popular Services
- Facebook Messenger: Nothing is off-limits when using their services or apps. Despite their claims, users have no reasonable expectation of privacy whatsoever. 5 6
- WhatsApp: Property of Facebook, see above. 7
- Skype: Acquired and subsequently dismantled by Microsoft. 8
- Signal: A replacement for MMS/SMS that implements straightforward end-to-end encryption. 9 Its protocol and clients are open-source, but the service is hosted using Amazon Web Services and is not designed for decentralization. 10
Using Matrix
Users may install Element on any number of different devices, including 'desktop' computers, phones, and tablets. To ensure that each new login is legitimate and is able to access encrypted messages, there is a secure verification process that must be completed on the new device.
Depending on a user's level of comfort with installing and setting up new software, it may be easier to create an account using the desktop client (Windows, macOS, Ubuntu, etc.), and log into the new account in the mobile app (Android, iOS) afterwards.
This page covers the process of signing up for an account using Element for Android and macOS. The process should be reasonably similar, if not identical, when using other Element on other platforms like iOS and Windows.
Upon joining the matrix.calvinrw.com
homeserver, users are initially added to the public #support:matrix.calvinrw.com
room. While a user is a member of this room, they may be looked up by anybody, including users who are registered on other homeservers. A user may leave or rejoin this room at any time.
When end-to-end encryption is enabled, as is the case in all newly created rooms on the matrix.calvinrw.com
homeserver, it is impossible for any server administrator to access or recover encrypted messages. This means that end-to-end encryption is functioning exactly as intended.
If a user loses their E2E room keys or security key/security phrase, there is absolutely no way to recover their old messages. These encrypted messages will be permanently inaccessible, as they are indistinguishable from random digital noise in their encrypted form.
Users assume full responsibility for utilizing Element's secure key backup, and storing each piece of personal information in a secure and accessible manner. All are equally important:
- security key or security passphrase
- username
- password
Users are strongly encouraged to use a reputable password manager such as Bitwarden, KeePassXC, Firefox Lockwise, or 1Password to store these credentials.
If you haven't done so recently, ensure that encryption key backup is enabled in every Element session, and that your key or passphrase is up-to-date in your password manager.
Applicable to All Platforms
Encryption Keys and Key Backup
As part of Element's setup process, users have the option to set up secure end-to-end encryption (E2E) key backup.
Without E2E key backup, the encryption keys for a given room are only stored in the client's local cache. This cache is deleted if the user logs out of or uninstalls the app, making it impossible to access encrypted message history, even if they log in again.
When E2E key backup is set up, a separate credential - either a user-selected passphrase or a system-generated security key - is created and used to securely store the user's room E2E keys on the server. When logging into a new session, this credential can be supplied to restore access to old conversations.
Password Recovery
The username chosen during signup will be the only public-facing representation of a user in the Matrix service when using the matrix.calvinrw.com
homeserver. The email address provided will never be publicly visible and is only for account verification and password recovery. On other homeservers, this information may be visible and searchable by other users.
It is highly recommended that a user register an email address with their Matrix account, as this is the only way a user can reset a forgotten password. This is done as part of the account creation process through Element.
Some users have reported issues receiving verification emails. This is known to happen with certain email services (namely ones provided by ISPs like Charter/Spectrum or Comcast/Xfinity) that refuse emails sent from a self-hosted email server. If you think this may be the case, please use a popular webmail account such as Outlook, Protonmail, or Gmail instead.
As advised in the previous section, users take full responsibility for storing their credentials in a safe and secure manner.
Resetting an account password will not reset E2E keys or impact a user's ability to retrieve encrypted messages. Even after resetting an account's password, it is impossible to recover encrypted messages without the encryption key.
Mobile Client
Joining This Homeserver Using the Mobile Client
-
Download and install Element from the device's app store.
-
Open Element, select "Get started", and select "Other" when prompted to select a server. Enter
matrix.calvinrw.com
and select "Continue".
-
After selecting the homeserver, select "Sign Up" to create a new account, and provide a username, a secure password, and an email address.
Element will send a verification message to the provided email address, and will wait until the verification link is opened in a browser.
-
Open the confirmation email. This email may have been marked as spam; be sure to check the email account's Junk Mail / Spam folder.
-
Follow the directions in the email to complete registration in a web browser.
-
Return to Element. It will automatically log into the new account.
Setting Up Key Backup Using the Mobile Client
It is strongly recommended that users set up E2E key backup before continuing.
Open the main menu by selecting the user avatar in the top-left corner (before an avatar is set, this is a solid-color circle containing a single letter), and select "Settings". In the Settings activity, select "Security & Privacy".
In the next activity, scroll down to the "Secure Backup" section and select "Set up Secure Backup". Choose between using a security key (generated by Element) or a security passphrase (chosen by a user). In either case, make sure the information is stored safely and securely.
Once complete, the app will return to the Encrypted Messages Recovery activity and confirm that key backup was set up. Select the back arrow to return to Settings.
Configuring the Mobile Client
There are many settings available in Element. Open the main menu by selecting the user avatar in the top-left corner, and select "Settings".
Starting a Conversation Using the Mobile Client
With account setup complete and key backup enabled, Element is ready to use. Start by creating a new conversation with another user.
Select the floating green button to open a new conversation, and begin typing the user's full ID into search box, starting with the @
character. If it is a valid username, Element will provide confirmation by showing the user under "Suggestions". Select the suggestion, and then select "Create" in the top-right corner to open a new conversation with them.
The other user will receive an invitation to join the new conversation.
The process for joining a room is very similar, but requires switching to the room list using the control at the bottom of the app's main activity.
Element's interface is similar to Messenger, Discord, and Slack, and many of the same features are available. Feel free to experiment.
Desktop Client
Joining This Homeserver Using the Desktop Client
-
Download Element from the project's website and install it on the computer.
-
Open Element, select "Create Account", and select "Edit" under "Host Account On" to edit the homeserver. Select the radio button for "Other homeserver", enter
matrix.calvinrw.com
, and select "Continue".
-
After selecting the homeserver, provide a username, a secure password, and an email address.
Matrix will send a verification message to the provided email address, and will wait until the verification link is opened in a browser.
-
Open the confirmation email. This email may have been marked as spam; be sure to check the email account's Junk Mail / Spam folder.
-
Follow the directions in the email to complete registration in a web browser.
-
Return to Element; its window should automatically update to confirm that registration was completed. Select "Log in" to log in using the newly created account.
Setting Up Key Backup Using the Desktop Client
It is strongly recommended that users set up E2E key backup before continuing.
After logging into Element for the first time, a prompt to set up secure key backup will immediately appear in the window's upper right corner. Select "Accept", and choose between using a security key (generated by Element) or a security passphrase (chosen by a user). In either case, make sure the information is stored safely and securely by copying the key/passphrase to a secure location, or downloading it as a file.
When done, select "Continue" to return to the main screen.
Configuring the Desktop Client
There are many settings available Element. Open the main menu by selecting the user avatar in the top-left corner (before a picture is set, it is a solid-color circle containing a single letter), and select "All Settings".
Starting a Conversation Using the Desktop Client
With account setup complete and key backup enabled, Element is ready to use. Start by creating a new conversation with another user.
Select the "+" icon next to "People" in the sidebar, and begin typing the user's full ID into the search box, starting with the @
character. Once the user is entered, select "Go" to open a new conversation with them.
The other user will receive an invitation to join the new conversation.
The process for joining a room is very similar, but the "+" icon next to "Rooms" in the sidebar must be selected instead.
Element's interface is similar to Messenger, Discord, and Slack, and many of the same features are available. Feel free to experiment.
Verifying New Logins on Additional Devices
After logging into a Matrix account on one device, be it a computer or mobile phone, subsequent logins to other devices must be verified against the original.
Verifying a Mobile Login Using the Desktop Client
Upon logging into the Matrix account on a new mobile device, Element will prompt to verify the login using another device. A notification will be sent to an already logged in desktop client. Select "Verify" to begin the verification process.
A QR code will be shown on the desktop client. Select "Scan their code" in the mobile client, and focus the phone's camera on the QR code. The app will automatically detect when the code is in view and continue to the next step; there may be a short delay.
After the code is scanned, the desktop client will ask for confirmation that the scan was successful on the mobile device. Click "Yes" to continue.
Finally, the mobile client will confirm that verification was completed successfully. Select "Done" to continue.
Verifying a Desktop Login Using the Mobile Client
Upon logging into the Matrix account on a new computer, Element will prompt to verify the login using another device.
A notification will be sent to a mobile client that is already logged in. Select the green popup to begin the verification process. A QR code will be shown on the desktop client. Select "Scan their code" in the mobile client, and focus the phone's camera on the QR code. The app will automatically detect when the code is in view and continue to the next step; there may be a short delay.
After the code is scanned, the desktop client will ask for confirmation that the scan was successful on the mobile device. Click "Yes" to continue.
Finally, the mobile client will confirm that verification was completed successfully. Select "Done" to continue.
Privacy and Security
Privacy and security are the most important considerations when hosting a communication platform, and are where the combination of Matrix and Element shines.
How are messages transmitted?
Matrix uses HTTP over SSL (HTTPS) for encrypted communication between the server and clients. This means that messages and other user content are always private in transit through the Internet, and only decrypted when they reach their destination.
How are messages stored?
When end-to-end encryption (E2E) is enabled for a room, the conversation is 100% private on both the client (e.g. a phone or computer) and server. This is enabled by default on the matrix.calvinrw.com
server, and rooms that have this setting enabled cannot be reverted to a non-encrypted mode.
In this case, the messages are protected using an encryption key that is separate from the user's login credentials, as described in Encryption Keys and Key Backup. The message data is not simply obscured or difficult to access, but in its encrypted form, it is indistinguishable from random noise. This makes it impossible for a server administrator or someone with physical access to the server to extract and read message content.
How is my personal information protected?
Server directories for rooms and users on the matrix.calvinrw.com
homeserver have been disabled. A user registered on the server can only be looked up by username, and not by other identifying information such as email address or phone number. Additionally, new users cannot join private rooms unless they are added by an existing member. While inconvenient when adding users to a conversation, this choice was made to increase users' privacy on this public-facing server.
Can I delete my account?
Yes and no - this functionality is incomplete in Matrix. Element provides a function (under Settings) to permanently deactivate an account, which:
- Removes all third party identifiers, including email
- Deletes all devices for the user
- Deletes all access tokens for the user
- Overwrites the password hash
Coupled with the fact that any messages stored on a homeserver are protected using E2E encryption, this is reasonable method to effectively destroy any personal data a user may have had on the server.
A public discussion surrounding this issue is on GitHub. As of the time of writing, this feature request is almost 5 years old, so it remains to be seen if there will be any more progress with this functionality.
Who is welcome?
If you have been sent to this web page by a friend or family member, or randomly stumbled across it, you are welcome to join this homeserver and invite others to do so. Public registration is enabled, but it is not possible for a user to join exiting private conversations or view a directory of users.
Using a Self-Hosted Service
This Matrix server is self-hosted, meaning that the physical server running the service is owned and maintained by an individual. This is in contrast to typical cloud services, which are maintained by corporate entities and hosted in datacenters. By self-hosting, complete control over hardware, software, and personal data can be achieved. The service is also able to function independently of technology monopolies that run popular internet services, with the exception of ISPs and the internet backbone.
Longevity and Continuity
Calvin has hosted various web services since 2010. The current iteration of his personal datacenter utilizes enterprise-grade hardware, virtualization, and redundant storage.
This Matrix homeserver will be available for the foreseeable future. This service, along with all other hosted services, will never be co-located or hosted off-premises, as it would limit the amount of control over personal data that the project is meant to provide.
The datacenter is fully replicated to an encrypted volume several times a day, and offline backups are created several times a year and securely stored off-site.
Risks
The major weak links when self-hosting services are the local internet service provider, and the local power company.
While the former leaves much to be desired in the way of customer service, both utility companies have generally been reliable, with less than 12 of hours total downtime each year. That said, unforeseen downtime does occur more frequently in a self-hosted environment than in a real datacenter.
Getting Help
There are several Matrix rooms for general help with Matrix and client-specific support:
- Matrix HQ: #matrix:matrix.org
- Element Android: #element-android:matrix.org
- Element iOS: #element-ios:matrix.org
- Element Desktop: #element-desktop:matrix.org
When searching for information on specific problems, it is very helpful to use the exact names of the GitHub projects for the relevant client using as search terms:
- element-ios for Element on iOS
- element-android for Element on Android
- element-desktop for Element desktop clients for Windows, macOS, and others
And of course, Calvin is happy to help new users join and use Matrix and Element:
- Matrix: @calvin:matrix.calvinrw.com
- Email: calvinrw@protonmail.com
-
There are other Matrix server besides Synapse, such as Dendrite and Conduit ↩
-
Paunescu, Delia (2019-11-12). "Why is SMS texting a mess? Fixing it is harder than you think.". Vox Recode. Retrieved March 2021. ↩ ↩ ↩
-
"Communicating with Others". EFF Surveillance Self-Defense. 2020-06-09. Retrieved December 2020. ↩
-
Hoffman, Chris (2021-01-21). "Why SMS Text Messages Aren't Private or Secure". How-To Geek. Retrieved November 2021. ↩
-
Nield, David (2020-01-12). "All the Ways Facebook Tracks Youâand How to Limit It". WIRED. Retrieved December 2020. ↩
-
Warren, Tom (2018-05-25). "Facebook has been collecting call history and SMS data from Android devices". The Verge. Retrieved December 2020. ↩
-
Isaac, Mike (2019-01-25). "Zuckerberg Plans to Integrate WhatsApp, Instagram and Facebook Messenger". The New York Times. Retrieved December 2020. ↩
-
Bass, Dina; Lanxon, Nate (2018-05-11). "Donât Skype me: How Microsoft turned users against its beloved video-chat program". Los Angeles Times. Reterived December 2020. ↩
-
Hoffman, Chris (2021-01-12). "What Is Signal, and Why Is Everyone Using It?". How-To Geek. Retrieved November 2021. ↩
-
Marlinspike, Moxie (2018-05-01). "A letter from Amazon". Signal >> Blog. Retrieved December 2020. ↩