Matrix

I have a home server that I've setup, and I am using Cloudflare as a proxy. I recently found that some of my "anti-bot" rules were causing people on certain servers to not be able to see my user icon or any images that I was uploading. After disabling these, it seems all is well.

I was just wondering if there are any recommended settings I should be using in Cloudflare (WAF/ etc) when running a home server for Matrix.

Matthew's "State of the Union" presentation at MCS2023.

Other presentations from MCS2023 are here: https://www.youtube.com/playlist?list=PLl5dnxRMP1hVh8LzFERTVhmfWsZSFE7fW

Introduction of the first Managing Director

I recently found that there is a room setting to enable the generation of URL previews. This makes me wonder, though: Who is generating the thumbnails? Does the server generate them, and then send the images back (this is an obvious privacy, and security vulnerability)? Does a user generate them locally, and send them to the other recipient (this is what Signal does)? Does the receiver generate them on their end (this is also a potential security vulnerability)?

EDIT (2023-10-01T21:38Z): I found this documentation which outlines the possible methods, but, from what I can see, it doesn't specify what one is actually used in practice. I was also unable to find any information in the Matrix spec.

EDIT (2023-10-01T21:41Z): In this set of release notes for Synapse 1.45.1, I found the following:

Note that URL previews are generated server-side, and thus generally disabled in encrypted rooms to avoid leaking information about message content to your homeserver. You may need to adjust the room's settings to see the new oEmbed previews.

If this is true, and all thumbnails are generated serverside, this is an enourmous security, and privacy risk.

EDIT (2023-10-01T22:18Z): Further research has found the following two open issues:

• Option to generate URL previews at the receiving client, not the server
• Consider making the sender generate url previews, as with e2e thumbnails

This confirms my suspicion -- at the very least, for Element (I have still been unable to find any official standardized method within the Matrix protocol). My PSA that I would provide, then, to any who are reading this, is to not enable thumbnail generation, as it is a major privacy, and security vulnerability.

I'm looking for a way to create new stickers since I'm moving from Telegram and I'd like to move the stickers I created there to Matrix. One thing I discovered is StickerPicker but I don't know if there is a simpler way

Title + I know best is subjective but why you prefer your one.

Also is there something as minimal as hydrogen website.(Small talk is not a complete client probably)

Hi,

what client for matrix do you use? We are using element, but i am very unhappy that there is no possibility to set a message to unread once its been red to remember for later. Does anybody know a client how has this possibility?

Cheers Philipp

Exciting news about Matrix 2.0. A bit of a long post but really interesting read.

Mainly, I'm not sure if this works as such.

If I create a private space, that by default only can be shared to people, what about the rooms therein? If I set a room to public, is that room available for anyone on matrix to find OR is it limited to only space members?

I feel it's the latter but I would like to know for sure.

Anyone have any recommendations?

Do I need my original signing keys? The server ran out of space due to huge pgsql table size, and I don't feel like trying to salvage any part of it. I want to move most of the processes into my home infrastructure with maybe a vps in front of the public connectivity.

Doable?

Is there a way to change the display name of a contact? I have some people in a group chat that only have numbers as their display name, which I'd like to change only for myself to be something more useful.

My Matrix server is on Oracle Cloud. At one point, while messing with something on it, I accidentally enabled the firewall for port 22, so I can no longer access it via SSH. I think I also disabled password login, as I cannot log in over Oracle's remote terminal service. Also, the backups had filled up the drive space without me noticing, so it hadn't made backups in six months. Yes, I'm dumb.

At this point, I've given up hope for recovering the data on the server, but I would prefer to keep as much as I can when making a new server. The information online about making a new server on the same domain all involves copying over some data from the old server, so is it possible to keep the domain name when making a new server? It seems that it is not possible to make a new account with the same name on the same domain because it messes with federation, so I will need a new account name. Is that all correct?

My current plan is this:

• use Matrix migration to transfer my rooms to a temporary account
• delete the server
• make a new server with the same domain
• make an account with a different name on the new server
• use Matrix migration again to transfer the rooms from the temporary account to the new account

Does this all seem like it would work, and is there a better solution? Thank you for the help.

Edit: What I ended up doing was this:

1. Upgrade to a paid account (my account was previously free)—this can't be reverted, but you won't get charged if you're always below the limit
2. Export the boot drive to a bucket
3. Download the bucket
4. Extract the downloaded bucket and take whatever data you need from it
5. Delete the bucket
6. Replace the boot drive (or create a new server and delete the old one). You may be able to fix the issue then upload the image again, but I just applied the vital details (signing key, primarily, but you can also use the database) to a new image.

My understanding is Element for Android uses silent notifications out of the box. From https://github.com/vector-im/element-android/blob/develop/docs/notifications.md#how-does-a-mobile-app-receives-push-notification:

The push gateway is configured to only send (eventId,roomId) in the push payload (for better privacy).

My question is, does this apply to rooms that are not end-to-end encrypted?

Use case: I have a private non-federated Matrix instance that I use to bridge other services (Discord, Signal, IRC, etc). These are connected on my private network so no need for E2E here. However, I would like to ensure when Element sends the push notification for those rooms to my phone, that they're not sending the messages themselves, but rather just the metadata to gather the message from the home server securely.

Okay so ideally it wouldnt be local but i'm behind a carrier grade NAT and my isp isnt very cooperative but monopolies gonna monopoly so here i am.

What i want is basically beeper. I want to use element on my phone with bridges so i dont need half a dozen different messaging apps.

Note that i know what i am doing is probably horrible in terms of security.

I setup matrix by following the ansible playbook docs. I skipped all the dns stuff. I set to a random made up domain. And changed my hosts file to point

matrix.made-up-domain.com

element.made-up-domain.com

to my server internal ip address.

I disabled ssl in

inventory/host_vars/matrix.made-up-domain.com/vars.yaml

Using

devture_traefik_config_entrypoint_web_secure_enabled: false

In inventory/hosts i also used my made up domain.

I hit go and eventually i got it to work. Even got a couple of bridges working. The issue is it only works on my desktop not on my phone. Both of them are on the local network. I think it has to do with the element app on my phone not liking that ssl is disabled.

I dont really know what the best option is at this point. Should i try self signed certificates? Or maybe something like ngrok or pagekite? Its okay if it is only local. I can play around with zerotier or something similar so i can still access it outside the network.

Note that im not able to pay for anything either which makes things more complicated. Cant buy a domin name or pay for a vps or any of the things that would make this easier.

Update: I got it working. The key was the self-signed certificates I think. That simplified a lot of stuff. Well, it made it so I could follow the playbook more closely, so I was able to use the work that other people put into that instead of having to tweak a bunch of stuff.

I also setup pi-hole to use the local DNS stuff on my made up domain. I think i was right that Zero tier gives me access to everything from outside the network using pi-hole for the DNS. I don't get cell service where I live though, so testing that will be a process.

I mean, instead of running your own Matrix server?

Can you have a paywall on a matrix space or matrix room so users will have to pay to join spaces or rooms? Is the following functionality possible for a Matrix room/space?

1. Private room/spaces were no one can join unless invited
2. An API call to send a invite to a user to join a room/space
3. An API call to allow a matrix user to join a private room/space
4. An API call to remove (not ban) a user from a matrix space/room

Title. Key management is so not intuitive at all. You have your session verification key in case you have no access to another session. Fine, i totally understand. Then you have E2E room keys you can either backup on your homeserver or in a file. Fine, except not so much. I exported my room keys to a backup file and deleted them from my homeserver. I signed out of element completely. I sign back in just fine, i verify my session with my session verification key just fine. I import my E2E room keys and see 32/32 keys imported success. Great. One encrypted room shows my historyperfect, the other "Waiting for this message, this may take a while". Exactly why is this? Every key imported fine so why arent all messages in all rooms decrypted?

No comparison to WhatsApp and Co.

Even if Threads from Facebook/Meta is already going through the roof in the USA.

There's a growing concern that "bad-actors" are amassing troves of encrypted data, and storing it away for possible future decryption using quantum computers. Many services have put in efforts to make certain that their encryption algorithms are "quantum-safe", so as to protect against such attacks. Has Matrix done the same?