The rise of secure communications is a crucial aspect of adapting to a threat-filled digital landscape, enabling individuals and organizations to communicate safely, privately, and with sovereignty. It is in this spirit that Wire has raised concerns about what we consider to be risky, insecure, outdated, or non-credible approaches. Recently, we raised such concerns about Matrix, which seem to have struck a nerve and led to a lengthy and heated response. But rather than wade into the whole riposte, let’s look at what their response makes very clear, and what remains murky and worth questioning.
1. Matrix Concedes that Moderated Federation is More Secure
Despite trying to hold up email (?!?!) as an aspirational security model for Matrix’s long-term quest to make permissively open federation secure, the key takeaway is that Matrix’s larger enterprise projects all use a moderated federation model precisely because it is more secure. Argument over. Thank you.
2. Wire is Fully Open Source, Matrix/Element is Not
Matrix has consistently made an odd argument, which goes that because Wire advocates for the superior security of moderated or “closed” federations, Wire therefore must be “closed” rather than open like Matrix. What’s so interesting about this is that it is probably not true.
Wire is fully open source, including client and server components. Our documentation gives a fulsome picture of how it all operates. The only, and tiny, aspect of our software that we don’t fully open source is our Wire Cloud subscription and billing management. This is clearly not relevant for anyone trying to deploy our source code. But even for that, we have and do grant access to Github to legitimate 3rd parties.
Reminder: our server’s moderated federation functionality is also fully open source, which is a sharp contrast to the closed-source Secure Border Gateway from Element.
3. MLS is the Gold Standard – Available as Open Source Now
We’re glad to see Matrix clearly admit that MLS is far and away the superior key exchange protocol. What’s less clear is how far and away it is from Matrix. So again we ask, why should anyone wait potentially years, since our fully open source MLS implementation is available right now.
4. The Organizational Structure of Matrix Is Worth Questioning
When a foundation claims to be so open and community-based, but most of the real weight and financial power is being carried by a single commercial organization, then what is really happening with that organization? Element is the sole Gold partner on the Matrix board and exercises outsized influence. Org structure and financial control are a far more accurate guide to how an organization will act, than words or claims.
Further, when crucial functionality for enterprise deployments such as the active management of moderated federations is not open sourced (like Wire does), but is closed source and sold by the commercial entity, despite promises that you can always just “build your own,” that’s not the picture of an organization that is operating primarily to be open. So what are we dealing with?
With Wire, what you see is what you get. We are clearly a commercial organization and we sell enterprise software and enterprise cloud services as well as offer a free cloud service used by millions of users, but our foundation is fully open-source-based.
With Matrix, the picture is murkier, and that is worth questioning.
