I appreciate their effort but isn't Matrix (the company) based out of the UK and primary hosted instances on AWS in the UK? The UK were the first AFAIK to create such internet laws [0]. I could imagine people running their own instances in places where the age laws are not yet active but that number is shrinking fast. [1]
Their solution is for everyone to pay for Matrix with a credit card to verify age. I assume that means there must be a way to force only paid registered accounts to join ones instance? What percentage of the accounts on Discord are paid for with a credit or debit card? Or boosted? I don't keep up with terminology
> isn't Matrix based out of the UK and primary hosted instances on AWS in the UK?
It doesn't matter what country you run your server in or where your company is based; if you're providing public signup to a chat server then the countries (UK, AU, NZ etc) which require age verification will object if you don't age verify the users from those countries. (This is why Discord is doing it, despite being US HQ'd). In other words, the fact that The Matrix.org Foundation happens to be UK HQ'd doesn't affect the situation particularly.
(Edit: also, as others have pointed out, Matrix is a protocol, not a service or a product. The Matrix Foundation is effectively a standards body which happens to run the matrix.org server instance, but the jurisdiction that the standards body is incorporated in makes little difference - just like IETF being US-based doesn't mean the Internet is actually controlled by the US govt).
> Their solution is for everyone to pay for Matrix with a credit card to verify age.
Verifying users in affected countries based on owning a credit card is one solution we're proposing; suspect there will be other ways to do so too. However: this would only apply on the matrix.org server instance. Meanwhile, there are 23,306 other servers currently federating with matrix.org (out of a total of 156,055) - and those other servers, if they provide public signup, can figure out how to solve the problem in their own way.
Also, the current plan on the matrix.org server is to only verify users who are in affected countries (as opposed to try to verify the whole userbase as Discord is).
> It doesn't matter what country you run your server in or where your company is based; if you're providing public signup to a chat server then the countries (UK, AU, NZ etc) which require age verification will object if you don't age verify the users from those countries. (This is why Discord is doing it, despite being US HQ'd).
Whether it matters depends very much on what sort of organization you are.
Discord is a multinational for-profit corporation planning an IPO. It takes payments from users in those countries, likely partners with companies in those countries, and likely wants to sell stock to investors in those countries. Every one of those countries has the ability to punish Discord if it does not obey their laws, even if it does not have a physical presence there.
The situation is likely quite different for most of the 23,306 Matrix servers that federate widely. The worst thing Australia, for example could do to one of their operators is make it legally hazardous for them to visit Australia.
It does not actually need to be configured in a federated state and frankly scales better when it's not. The login can be tied to anything or use it's own. From a modern SAML SSO to an old school forum.
You can run one for a few friends and it scales just as well as a private discord for a few friends. Just need persistent storage for media uploads if people are sharing video a lot.
The internet was built on noncompliance with laws. The hens are coming home to roost that is all. Sovereign countries can only let social media and tech companies poison their societies so much before it becomes a real threat to the nation.
It was all fun and games while it was a few geeks and early adopters having (mostly) fun. Now it is corporations making billions while destroying the mental health and productivity of their "users".
> (This is why Discord is doing it, despite being US HQ'd)
Right, but also the US isn't far behind on the same legislation wave. It's a lot less likely to be US federally regulated in the same way that the EU is debating EU-wide legislation, but a handful of US States have a version of this legislation already on the books and about to be enforced, or considered about to be on the books (some of which like South Carolina's partially passed bill written to be enforceable Day 1 with no grace period).
(Tangential to your comment but apropos of the Discord news...)
Have any of the Matrix/Element teams seriously considered taking advantage of current events by offering a gamer-focused class of premium account, for Discord refugees who want to redirect their Nitro budgets to fund Matrix gaming features? (Perhaps on a separate homeserver, to avoid the lag during times when matrix.org is overloaded.)
If it were positioned as Patreon-style crowdfunding rather than selling a finished product, and expectations were set appropriately, I wonder if it could end up a nontrivial source of income with which to develop features that Matrix deserves but corporate/government customers won't pay for.
The idea of crowdfunding Discordish features for Matrix from disaffected Discorders (e.g. using the premium acct system we've built for matrix.org) has come up a bunch.
The problem is more that Element team is seriously stretched (particularly after the various misadventures outlined here: https://youtu.be/lkCKhP1jxdk?t=740) - so even if there was a pot of money to (say) merge custom emoji PRs... the team is more than overloaded already with commitments to folks like NATO and the UN. Meanwhile, onboarding new folks and figuring out how to do the Discordy features and launch a separately Discordy app under a Discordy server would also be a major distraction from ensuring Element gets sustainable by selling govtech messaging solutions.
So, we're caught in a catch-22 for now. One solution would be for other projects to build Discordy solutions on top of Matrix (like Cinny or Commet), or fork Element to be more Discordy (and run their own crowdfunders, perhaps in conjunction with The Matrix Foundation). Otherwise, we have to wait for Element to get sustainable via govtech work so it can eventually think about diversifying back into consumer apps.
Did you mean ~15,000 servers and ~2000 federating? Because those are the numbers on etke.cc's matrixrooms.info (still really good in my opinion and keeps going up over the weeks), but I can't find your numbers anywhere! Would be great to have a source to point to if that's actually the case!
The stats of the matrixrooms.info instance is what matrixrooms.info instance sees - it is not whole Matrix Federation. Here is the documentation in the MRS repo about that endpoint: https://github.com/etkecc/mrs/blob/main/docs/stats.md
Also, at the moment of writing, there are ~15k *federated* online servers visible by matrixrooms.info, and from them, ~4k servers publish their rooms directories over federation ("indexable").
This makes sense, but is there any reason MRS would see such a drastically smaller number compared to, what I assume to be, matrix.org instance numbers?
My understanding based on the documentation provided is that MRS seeks federation-enabled, published rooms to index, and is the initiator of the connect. It doesn't expect other servers to reach out to it.
Or would this difference essentially be from servers that decided to disable indexing BUT still federate with matrix.org?
Yes, that's the difference. Loads of Matrix servers have nothing exposed to index, and steer clear of public rooms, and so wouldn't show up on MRS's stats.
Whereas I literally select count(*)'d from the destinations table on matrix.org, filtered on servers which had been federating in the last week(?) in order to get the specific stats above. (And then count(*) of all time for the 150K figure).
I appreciate that answer, it makes sense that it is based on the country. What I'm hoping to avoid is having to give my actual identity to all services on the internet. It will just allow terrible monitoring and oversight that isn't helpful for democracy. I don't trust the current us administration to know everything I say, everything I do, I don't really trust any government to have that power (and I want to stop crime and abuse..). I like some privacy. We are heading to that already with the Texas and Florida age requirements on the internet today.
This matrix discussion here is missing the point - many people don't want ubiquitous tracking of everything we do on the internet. You and matrix are seemingly not honestly addressing that point, because matrix doesn't seem different discord (in the requirements).
The difference with Discord is that Matrix is a protocol, not a service. It's made up of thousands of servers run by different people in different countries. Public instances may choose to verify users in affected countries to abide by the law; others may choose to run a private instance instead.
Matrix is a protocol, not a service. It's likely the UK government can enforce laws against content and accounts hosted on the matrix.org servers, but no single government has jurisdiction over the entire network.
That sounds more like a recipe for overreach than a method to escape the law, to be honest. Governments don't typically go "aw, shucks, you've caught us on a technicality" without getting the courts involved.
Clueless lawmakers will see this app called Element full of kids chatting without restrictions and tell it to add a filter. When the app says "we can't", the government says "sucks to be you, figure it out" and either hands out a fine or blocks the app.
There are distinctions between the community vibe Discord is going for (with things like forums and massive chat rooms with thousands of people) and Matrix (which has a few chatrooms but mostly contains small groups of people). No in-app purchases, hype generation, or kyhrt predatory designs, just the bare basics to get a functional chat app (and even less than that if you go for some clients).
I'd say being based in the UK will put matrix.org and Element users at risk, but with Matrix development being funded mostly by the people behind matrix.org that implies an impact to the larger decentralized network.
It would take some clever crafting to outlaw Matrix clients without also outlawing web browsers and conventional email clients. Let's assume they did though. The best they can do is block it from app stores, which won't stop anyone but iOS users.
More likely, it just won't become popular enough for lawmakers to notice because the UX is a little rough, and people have very little patience for such things anymore.
Google has backed away from that, stating that an "advanced workflow" with more warnings than the current settings toggle will remain available. We should all be concerned they even considered such a thing though.
(Non-Android) Linux phones often aren't GNU; PostmarketOS is one of the more popular options, and that's based on Alpine Linux which uses musl and Busybox.
It's not really a method to escape the law, or a technicality - it's that people other than Matrix.org are operating chat services, and the law applies to those people, but those people are not Matrix.org.
This won't save Matrix.org if legislators throw stupid at it, of course, but Matrix.org has the opportunity (though maybe not the resources) to engage with UK legislators to ensure they feel respected and that honest efforts are being made to comply.
There are a number of alternate Matrix clients, and nothing is stopping a non-UK dev from forking any of them at any time, including Element. And many are not “apps” that can be blocked from a “store”, they are desktop or web clients.
> Governments don't typically go "aw, shucks, you've caught us on a technicality" without getting the courts involved.
That might happen here, but I don’t think that principle holds generally. If that were true, wouldn’t every component of the service provider chain be sued for people e.g. downloading pirated or illegal stuff? The government cracks down on e.g. torrent trackers and ISPs, but they haven’t seriously attacked torrent clients or the app stores/OSes that allow users to run those clients. Why not?
Governments go after websites that don't host anything illegal all the time. Torrents don't contain any illegal information yet torrent websites are taken down routinely through legal challenges, by court orders, and in some countries where the government is at the behest of the entertainment industry, by special anti-piracy organisations with ridiculous censorship powers.
Apple and Google have both been forced to take down apps and ISPs block IP ranges all the time. Usually without much of a fight. Apps for reporting ICE, for instance, have been taken down without any clear legal precedent and without much judicial challenge. The entire chain is already being threatened, sued, and censored.
The trick is usually to escape the jurisdiction of countries that care by hosting serves in foreign countries, to host app executables and such off-platform, and maybe adding a CDN like Cloudflare to the mix to protect against getting arrested too easily. For this to work for Matrix, the company developing Matrix needs to leave the UK and move to a place where this age verification bollocks isn't necessary. I don't think that kind of behaviour is good for a company currently financed in large part by government contracts.
It's just a reality that law is harder to enforce when you cannot target a given server and take out an entire service. Regardless of what you think of the law.
This is why to this day torrenting of copyrighted material is alive and well.
I thought it was both and their hosted service is in the UK. Is it not? I know people can host their own but I have had very little success in getting people to host their own things. Most here at HN will not do anything that requires more than their cell phone. Who knows maybe Discords actions will incentivize more people to self host.
That's why the bittorrent protocol is in such dire straights /s
Bittorrent actually has fewer real uses than Matrix. The former is useful for Microsoft and others trying to roll out big patches, but the latter is used by NATO, the German Armed Forces, and the French government
Couldn't you simply set up your own instance and link up with the wider network? I guess you would have to age verify yourself if you live in a country that requires it, but regulating that would be sort of hilarious.
Whether or not authorities with jurisdiction over you would notice your instance (homeserver) or bother you about age verification is an issue you'd have to consider for yourself.
I'm more familiar with Australian legislation than others, but here at least a home server would definitely not require age verification. Kids are free to make group chats with their friends in a bunch of services.
The spirit of the law is definitely not against chatting with friends, but it is against the idea of connecting minors with strangers, so while federation is generally not codified (or, IMO, understood well by legislators) and you're probably not going to be bothered by authorities about it, I reckon sooner or later the law will come for federated networks.
(Since we all seem fine just taking some uncertified random third party's word for it that their AI face recognition definitely didn't see a thumb with a face drawn on it, maybe it'd be adequate for Matrix.org to add an "18+ user" flag to the protocol and call it a day?)
Couldn't you simply set up your own instance and link up with the wider network?
I honestly have no idea. As much as they love money I am not paying my lawyers to research AI this one. I would probably wait for others to get made example of.
It's an interesting legal question, but I would imagine for a federated service, the burden of proof should be on the individual's home server for age verification. That's where the user account is, after all.
Matrix is basically labeled "adults only" everywhere, so restricting certain servers/rooms due to possible innocent eyes is likely out of scope.
Yeah that's the thing. No matter what you do, it's bound to be illegal somewhere in the world. Be it North Korea or Iran or Australia. You simply can't follow everyone's laws because they are often contradictory.
It did however deliver the hilarious quote "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia", in regards to end-to-end encrypted messaging.[1]
It went down as well as about you would think it would.
It was a scheme to sell math textbooks involving a purported method for squaring the circle which depended on that incorrect value of pi. Squaring the circle had already been proven impossible, but that didn't stop them from trying.
I don't care about what Australia wants. If I ran a private Matrix instance (e.g. to chat with my gaming buddies) I wouldn't even agree to divulge who is registered on it.
I've been threatened by the governments of Pakistan and Germany for stuff I've said pseudonymously on the Internet. As much as they may think everybody needs to care about their laws, I happen not to.
Their solution is for everyone to pay for Matrix with a credit card to verify age. I assume that means there must be a way to force only paid registered accounts to join ones instance? What percentage of the accounts on Discord are paid for with a credit or debit card? Or boosted? I don't keep up with terminology
[0] - https://en.wikipedia.org/wiki/Online_age_verification_in_the...
[1] - https://avpassociation.com/4271-2/