./tell

Matrix: our choice for secure communication

Data security is becoming increasingly important these days. We have therefore decided to secure our internal communication channels in such a way that not only our data, but also that of our customers and cooperation partners, is protected in the best possible way. In the following we would like to explain why we decided to use Matrix and how you can use Matrix to keep your private communication really private.

The advantages of Matrix

1. open standard

Matrix is an open communication protocol for real-time communication and offers instant messaging (chat) as well as the possibility of using IP telephony and video conferencing independently of a specific service provider. The Matrix Server can be hosted on your own infrastructure.

As an open standard, Matrix is now used by various companies, but also by more and more public institutions and even governments (e.g. Luxembourg and France) for communication.

You can view the protocol standard yourself at https://spec.matrix.org/legacy/.

2. end-to-end encryption

Matrix is based on strong end-to-end encryption, which ensures that only the people involved in the communication have access to the chats and files exchanged. This is the most relevant advantage for us and at the same time the main reason why we chose Matrix for the companies
internal communication.

3. decentralization

Matrix is based on a decentralized structure. This makes it possible to operate your own servers and thus ensure independence from (third-party) service providers.

4. interoperability

The interoperability of Matrix is an advantage that is hardly relevant for us, but is nevertheless worth mentioning. Thanks to so-called bridges, connections to other communication services and protocols can be established. This gives you the option of using your Matrix client to communicate with partners who do not use a Matrix client themselves but interact via WhatsApp or Signal, for example. This naturally restricts the use of the above-mentioned advantages of Matrix for the corresponding correspondence.

Setting up a matrix client

1. download a Matrix client

There are a variety of different clients, with different functions and benefits. You can find a list of available clients here: https://matrix.org/ecosystem/clients/

We use Element as a client both natively under Linux and on mobile devices under Android or iOS.

2. create account

After starting the client, you will be asked to create an account. Simply follow the instructions from the client.

3. connect to a server

Next, you need to connect to an existing server or create your own server (more on this later). There are public servers and private servers. However, you need an invitation to join a private server.

After this short setup, you can already communicate with other people on the servers you have joined.

A little tip: You can adjust the encryption and data protection settings in your profile. Have a look here when you get a chance to see if everything is set to your satisfaction.

Setting up a matrix server

Setting up a matrix server requires a little more technical experience in dealing with (Linux) servers and their administration. Of course you can also install your Matrix Server on a hosted server.

Especially for small companies, the server requirements are rather low: we get by with approx. 6GB mass storage and 1GB RAM.

The prerequisite for operation is a DNS entry, ideally with a fixed IP.

We operate our server under Debian Linux. Installation is relatively simple:

Before starting the installation, the server should be configured according to its DNS entry. This helps to automate part of the server configuration.

1. add and update the signature key of the matrix repository:

wget https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
apt-key add matrix-org-archive-keyring.gpg
apt update


2. install the Synapse Matrix server package:

apt install matrix-synapse


3. configuration

The server service is primarily configured using the file

*/etc/matrix-synapse/homeserver.yaml*.

As minimum settings, the free creation of new accounts should be deactivated and a shared secret should be defined for the creation of administrative accounts. The latter can be generated from random system data as follows:

cat /dev/random | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1


This is then entered in the configuration file together with the other settings.

registration_shared_secret: <erzeugtes Token>
enable_registration: false


You can find the documentation for Synapse at

https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html

The service is then restarted:

service matrix-synapse restart


There are practical command line tools for managing the server and account.
For example, setting up a first user can be done as follows:
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008


For larger user groups, it is advisable to use a database server such as PostgreSQL. For smaller companies, the SQLite used by default is completely sufficient.

In many cases, it also makes sense to set up a reverse proxy:

https://matrix-org.github.io/synapse/latest/reverse_proxy.html