Matrix and Element

A lot of the planning for Mutant Fest takes place on “Matrix,” using “Element”.

Matrix is a communication platform that allows people to chat and allows groups of people to share a ‘room’. “Matrix” is the web chat protocol, while “Element” is the client that lets you interface with that protocol (just like “Gmail” is a client that lets you access the “email” protocol). Element is available as an app for phones and computers, and also can be used from a web browser.

CREATING AN ACCOUNT

To get started using the web interface for Element, which is one of the available Matrix chat clients, go to app.element.io

You’ll be faced with a welcome screen that says “Sign In” “Create Account” and “Explore Rooms.”

Click on “Create Account” and you’ll proceed to the account creation screen.

The next screen prompts you to create a Matrix account.

Click “Free/Matrix.org” to set up a user account through the free Matrix server. If you or one of your friends have already set up a matrix server, you would want to click “advanced/other” on this screen. Then, you would put in the full Matrix URL for the server you would like to join.

Next, you’ll be prompted to choose a username, password, and email.

The username is how other people will connect with you on matrix. If you set up the username “Mutant” on the free matrix server, then your full username that other people would need to find you would be “mutant:matrix.org”

Enter your password in the “Password” and “Confirm” fields.

Now enter in your email. This email is usually only used to recover your account if you lose your password.

Next, complete a captcha, and read the terms and conditions. It’s a good idea to know what rules you are bound to when you use a service, and the terms and conditions also explain more about how the service works, which is important to understanding how to use it. After you’ve read them click the check box and and then “Accept.”

Next, you will be sent an email to validate your email address and activate your account. When you click on this verification link, you will once again be asked to accept the terms and conditions. Once you do, you will be prompted to log in.

Now you will be prompted to create a security key and/or a security phrase. With these, you will be able to recover your encrypted messages if you need to recover your account.
If you do not create a security key or security phrase, all your messages will be lost when you recover your account, and you will need to re-verify your shared keys with other users.
If you select to create a security phrase, you will be invited to make up your own phrase. It’s best if this is several words long, and uses uncommon words, or special characters.
After creating a security phrase, or if you only select to create a security key, you will be presented with a string of 48 characters. This is your security key, and if you created a security phrase, both this key and the security phrase you made will need to be entered to recover your encrypted data should you need to recover your account.

Once you have created your account, you will be invited to verify your identity by entering in your security phrase or key. Enter this in now. This might take a few moments to process, and for the identity verification window to go away.

Next you will be invited to turn on desktop notifications, and send anonymous usage data. You can turn them on if you like.

JOIN A MATRIX ROOM

Links to ‘rooms’ on Matrix are shared in this format:

https://app.element.io/#/room/#amfchat:matrix.org

These links will open in your browser in the Element web app. After signing in and joining the room, the room will also show up on your Element desktop app and Element mobile app, assuming that you’re using them, which I do recommend.

STARTING A SECURE CHAT WITH ANOTHER USER

You should now be on the Element interface home page. The interface for the desktop client is roughly the same. There are some differences in the mobile client, but the functionality is also largely the same.

To start a secure chat with another user, you do not want to use the “search” bar in the top left. Tricky, right? Instead, you’ll want to go just below that to the “people” tab and click the plus (+) sign just to the right of the “people” tab. This will ask you to enter in the other user’s chat handle. If the person you want to talk to set up the user “Vance” on the server “noodles.gov” then their chat handle would be “@vance:noodles.gov”

A new session in the “People” tab should appear with the name of the user you started the chat with. It may or may not have encryption already enabled.
If it does not have encryption enabled already, go to the gear icon in the top left.
This controls the settings for the specific room currently in focus. This is not the general application settings tab.
From here, go to “security and privacy” and make sure that “encrypted” is turned on. When encryption is on, this slider should be to the right.

Now, you’ll want to verify the integrity of the chat session. This ensures that the data is not being tampered with between the two end-points.
To do this, click on the silhouette of a person in the top right corner. This will bring up the “members” tab on the right side of the window. If there are multiple people in the same channel, this tab will list all the people in the channel.
Click on the name of the user you wish to verify.
In a channel with multiple users, if everyone wants to guarantee chat integrity, then this will need to be performed between every person in the channel.

Once you’ve clicked on the name of the user you wish to verify credentials with, look at the top of the information panel, just below the avatar. There should be a “security” section. If encryption is enabled, it will say here “Messages in this room are end-to-end encrypted” and below that “Verify”
If this says “Messages in this room are not end-to-end encrypted” then you will need to go to the room settings and enable end-to-end encryption.

Once you click “verify,” the information panel will be replaced with an expanded security panel. To continue with the verification, click “start verification”
Once you do this, you must wait for the other user to accept the verification.
This step must be performed with both users online. If both you and the other user who you want to verify keys with are not online, the verification screen will time out. You can attempt this again without a delay, but if the other user is not online or is having connection problems, you will be unable to continue verification.

Once the other user accepts the chat, and accepts the verification attempt, you will be prompted to “verify by emoji.” Click this button.

A list of 7 emojis will pop up on your screen, and on the other user’s screen. Compare between yourselves whether these emojis match. It is best to confirm that they match on a service outside of Matrix. For example, over a video chat or over the phone. Any trusted service would work, but in-person is best.
The reason it’s not a good idea to verify the encryption integrity by comparing the emoji through Matrix itself, is because if the encryption is compromised, then whoever compromised it would be able to modify what the users at each end see, to make them think erroneously that the encryption is secure when it isn’t.

Once encryption has been verified between you and the other user, the dark grey shield next to the other user’s name will turn green with a check-mark on it. This indicates that the encryption has been verified.

In some cases, it is possible that verification will be made, but the dark grey shield won’t turn green with a check mark inside it. It is possible that not all devices have been verified. Have both users check to make sure that they have verified on all devices they use. It may be necessary to repeat the emoji verification step multiple times, to ensure encryption integrity on all devices.
For example, when I was making this tutorial, I set up the encryption between my main desktop user, and an Element web browser client connected to my test user. On the test user account and on my main desktop user account, encryption shows as verified with a green shield and a checkmark, but on my phone, a green shield and checkmark aren’t shown. In my case, when I go to the user page on my phone, it does not give me the option to verify again. This may be a bug.