Tag: Signal Protocol

Automattic, the open source force behind WordPress .com, WooCommerce, Longreads, Simplenote and Tumblr, has made a $4.6M strategic investment into New Vector — the creators of an open, decentralized communications standard called Matrix. They also develop a Slack rival (Riot) which runs on Matrix.

The investment by Automattic, which is at a higher valuation than the last tranche New Vector took in, extends an $8.5M Series A last year, from enterprise tech specialists Notion Capital and Dawn Capital plus European seed fund Firstminute Capital — and brings the total raised to date to $18.1M. (Which includes an earlier $5M in strategic investment from an Ethereum-based secure chat and crypto wallet app, Status).

New Vector’s decentralized tech powers instant messaging for a number of government users, including France — which forked Riot to launch a messaging app last year (Tchap) — and Germany, which just announced its armed forces will be adopting Matrix as the backbone for all internal comms; as well as for the likes of KDR, Mozilla, RedHat and Wikimedia, to name a few.

Getting Automattic on board is clearly a major strategic boost for Matrix — one that’s allowing New Vector to dream big.

“It’s very much a step forwards,” New Vector CEO and CTO and Matrix co-founder, Matthew Hodgson, tells TechCrunch. “We’re hopefully going to get the support from Automattic for really expanding the ecosystem, bringing Matrix functionality into WordPress — and all the various WordPress plugins that Automattic does. And likewise open up Matrix to all of those users too.”

A blog post announcing the strategic investment dangles the intriguing possibility of a decentralized Tumblr — or all WordPress sites automatically getting their own Matrix chatroom.

“This is huge news, not least because WordPress literally runs over 36% of the websites on today’s web – and the potential of bringing Matrix to all those users is incredible,” New Vector writes in the blog post. “Imagine if every WP site automatically came with its own Matrix room or community?  Imagine if all content in WP automatically was published into Matrix as well as the Web?… Imagine there was an excellent Matrix client available as a WordPress plugin for embedding realtime chat into your site?”

Those possibilities remain intriguing ideas for now. But as well as ploughing funding into New vector Automattic is opening up a job for a Matrix.org/WordPress integrations engineer — so the Matrix team has another tangible reason to be excited about future integrations.

“One of the best and the biggest open source guys really believes in what we’re doing and is interested in trying to open up the worlds of WordPress into the decentralized world of Matrix,” adds Hodgson. “In some ways it’s reassuring that a relatively established company like Automattic is keeping its eye on the horizon and putting their chips on the decentralized future. Whereas they could be ‘doing a Facebook’ and just sitting around and keeping everything centralized and as locked down as possible.”

“It’s a bit of a validation,” says Matrix co-founder and New Vector head of ops and products, Amandine le Pape. “The same way getting funding from VCs was validation of the fact it’s a viable business. Here it’s a validation it’s actually a mainstream open source project which can really grow.”

New Vector co-founders, Matthew Hodgson and Amandine le Pape

While the strategic investment offer from Automattic was obviously just a great opportunity to be seized by New vector, given ideological alignment and integration potential, it also comes at helpful time, per le Pape, given they’ve been growing their SaaS business.

“The business model that we’re looking at with New Vector to go and drive — both to fund Matrix and also to keep the lights on and grow the projects and the company — is very, very similar to what Automattic have successfully done with WordPress.com,” adds Hodgson. “So being able to compare notes directly with their board and our board to go and say to them how do you make this work between the WordPress.org and the WordPress.com split should be a really useful tool for us.”

While Matrix users can choose to host their own servers there’s obviously a high degree of complexity (and potential expense) involved in doing so. Hence New Vector’s business model is to offer a paid Matrix hosting service, called Modular, where it takes care of the complexity of hosting for a fee. (Marketing copy on the Modular website urges potential customers to: “Sign up and deploy your own secure chat service in seconds!”)

“Some of our highest profile customers like Mozilla could go and run it themselves, obviously. Mozilla know tech. But in practice it’s a lot easier and a lot cheaper overall for them to just go and get us to run it,” adds Hodgson. “The nice thing is that they have complete self sovereignty over their data. It’s their DNS. We give them access to the database. They could move off at any time… switch hosting provider or run it themselves. [Users] typically start off with us as a way to get up and running.”

Talking of moving, Hodgson says he expects Automattic to move over from Slack to Riot following this investment.

“I am very excited about what New Vector is doing with Matrix — creating a robust, secure, open protocol that can bring all flavors of instant messaging and collaboration together, in the way that the web or email has its foundation layer,” added Automattic founder, Matt Mullenweg, in a supporting statement. “I share New Vector’s passion for open source and the power of open standards. I’m excited to see how Automattic and New Vector can collaborate on our shared vision in the future.” 

Mullenweg was already a supporter of Matrix, chipping into its seed via Patreon back in 2017. At the time the team was transitioning from being incubated and wholly financed by Amdocs, a telco supplier where New Vectors’ co-founders used to work (running its unified comms division), to spinning out and casting around for new sources of funding to continue development of their decentralized standard.

Some three years on — now with another multi-million dollar tranche of funding in the bank — Hodgson says New Vector is able to contemplate the prospect of profitability ahead, with ~16.8 million users and 45,000 deployments at this point (up from 11M and 40k back in October).

“I think there’s also a high chance — touch wood — that this injection gives us a path straight through to profitability if needed,” he tells us. “Given the macroeconomic uncertainty thanks to the [COVID-19] pandemic, the opportunity to say we have this amount of cash in the bank, assuming our customers follow roughly the trajectory that we’d seen so far… this would be a way to get out the other side without having to depend on any further funding.

“If things are on track we probably would do additional funding next year in order to double down on the success. But right now this at least gives us a pretty chunky safety net.”

The coronavirus crisis has been accelerating interest in Matrix “significantly”, per Hodgson, as entities that might have been contemplating a switch to decentralized comms down the line feel far greater imperative to take control of their data — now that so many users are logging on from home.

“As lockdowns began we saw sign ups increase by a factor of about 10,” he says. “It’s tapered off a little bit but it was a real scaling drama overnight. We had to launch an entirely new set of videoconferencing deployments on Jitsi’s offering, as well as scaling up the hardware for the service which we run by several times over.

“We’re also seeing retention go up, which was nice. We assumed there would be a huge spike of users desperately trying to find a home and then they wouldn’t necessarily stick around. In practice they’ve stuck around more than the existing user base which is reassuring.”

In some cases, New Vector has seen customers radically shrink planned deployment timescales — from months to a matter of days.

“We literally had one [educational] outfit in German reach out and say that tender in September — we want you to go live on Monday,” says Hodgson, noting that in this instance the customer skipped the entire tendering process because of they felt they needed a secure system school kids could use. (And privacy concerns ruling out use of centralized options such as Zoom or Microsoft Teams.)

“The biggest impact from a New Vector perspective at least has been that a lot of our slower moving, bigger opportunities — particularly in the public sector with governments — have suddenly sped up massively,” he adds. “Because it was previously a nice to have premium thing — ‘wouldn’t it be good if we had our own encrypted messenger and if everybody wasn’t using Telegram or WhatsApp to run our country’ — and then suddenly, with the entire population of whichever country it might be suddenly having to work remotely it’s become an existential requirement to have high quality communication, and having that encrypted and self sovereign is a massive deal.”

In terms of competing with Slack (et al), the biggest consideration is usability and UX, according to Hodgson.

So, over the last year, New Vector has hired a dedicated in-house design team to focus on smoothing any overly geeky edges — though most of this work is yet to be pushed out to users.

“We’ve actually pivoted the entire development of Riot to be design led,” he says. “It’s no longer a whole bunch of developers, like myself, going and hacking away on it — instead the product owner and the product direction’s being laid by the design team. And it is an unrecognizable difference — in terms of focus and usability.

“Over the coming year we are expecting Riot to basically be rebuilt at least cosmetically to get rid of the complexity and the geekiness and the IRC hangovers which we have today in favor of something that can genuinely punch its weight against Slack and Discord.”

In another major recent development New Vector switched on end-to-end encryption across the piece in Riot, making it the default for all new non-public conversations (DMs and private chats).

“It’s the equivalent of email suddenly mandating PGP and managing not to break everything,” says Hodgson of that feat.

A key challenge was to “get parity” with users of the non-encrypted version of Matrix before it could be enabled everywhere — with associated problems to tackle, such as search.

“Typically we were doing search on the server and if the messages are encrypted the server obviously can’t index them — so we had to shift all of our search capabilities to run client side. We went and wrote a whole bunch of REST that allows you to basically embed a search engine into Riot on the client, including on the desktop version, so that people can actually reach their encrypted message history there and share it between devices,” he explains.

Another focus for the e2e was the verification process — which is also now built in by default.

“When you now log into Riot it forces you to scan a QR code on an existing login if you’ve already logged in somewhere. A bit like you do on WhatsApp web but rather than just using it to authenticate you it also goes and proves that you are a legitimate person on that account,” he says. “So everyone else then knows to trust that login completely — so that if there is an attack of some kind, if you admin tries to add a malicious device into your account to spy on you or if there’s a man-in-the-middle attack, or something like that, everybody can see that the untrusted device hasn’t been verified by you.

“It’s basically building out a simple web of trust of your devices and immediate contacts so that you have complete protection against ghost devices or other nastier attempts to go and compromise the account. The combination of using QR codes and also using emoji comparison rather than having to read out numbers to one another is I think almost unique now, in terms of creating really, really super robust end-to-end encryption.”

The e2e encryption Matrix uses is based on algorithms popularized by the Signal protocol. It was audited by NCC Group in 2016 but plans for the new funding include a full stack audit — once they’ve ironed out any teething issues with the new default e2e.

“[We want to] at least pick a path, a particular set of clients and servers — because we can’t do the whole thing, obviously, because Matrix has got 60-70 different apps on it now, or different clients. And there are at least four viable server implementations but we will pick the long term supported official path and at least find a set which we can then audit and recommend to governments,” says Hodgson of the audit plans.

They’re also working with Jitsi on a project to make the latter’s WebRTC-compatible videoconferencing platform e2e encrypted too — another key piece as Jitsi’s tech is what New Vector offers for video calling via Matrix.

“We partner with Jitsi for the videoconferencing side of things and we’re working with them on their e2e encrypted videoconferencing… They [recently] got the world’s first WebRTC -based e2e encrypted conferencing going. And they plan to use Matrix as the way to exchange the keys for that — using also all of the verification process [New Vector has developed for Riot]. Because end-to-end encryption’s great, obviously in terms of securing the data — but if you don’t know who you’re talking to, in terms of verifying their identity, it’s a complete waste of time,” adds Hodgson.

So when Jitsi’s e2e encryption launches New Vector will be able to include e2e encrypted videoconferencing as part of its decentralized bundle too.

How much growth is New Vector expecting for Matrix over the next 12 months? “We’ve tripled almost all of the sizing metrics for the network in the last year, and I think we tripled the year before that so I’m hoping that we can continue on that trajectory,” he says on that.

Another “fun thing” New Vector has been working on, since the end of last year, is a peer-to-peer version of Matrix — having developed a “sufficiently lightweight server implementation” that allows Matrix users to run ‘riot’ in a decentralized p2p space via a web browser (or via the app on a mobile device).

“We turned on the peer-to-peer network about a month ago now and they’re at the point right now of making it persistent — previously if all of the clients on the network went away then the entire network disappeared, whereas now it has the ability to persist even if people start restarting their browsers and apps. And it’s very much a mad science project but as far as I know nobody else is remotely in that ballpark,” he says.

“The nice thing is it looks and feels identical to Matrix today. You can use all of the clients, all of the bridges that people have already written… It just happens to be that the Riot is connecting to a server wedged into itself rather than talking to one sitting on the server… So it’s a total paradigm shift.”

“We weren’t sure it was going to work at all but in practice it’s working better than we could have hoped,” he adds. “Over the next year or so we’re going to expect to see more and more emphasis on peer-to-peer — possibly even by default. So that if you install Riot you don’t have to pick a server and go through this fairly clunky thing of figuring out what service provider to trust and do you want to buy one from us as New Vector or do you want to a Swiss ISP. Instead you can start off bobbing around the ocean in a pure peer-to-peer land, and then if you want to persist your data somewhere then you go and find a server to pin yourself to a home on the Internet. But it would be a completely different way of thinking about things.”

Those interested in dipping a toe in p2p decentralized IM can check out this flavor of Riot in a web browser via p2p.riot.im