Every month The Stack selects one startup that we believe has the potential to become a vital part of your enterprise technology stack and a well-known brand. We’ve previously featured Persefoni, Firebolt, Enveil, and Cutover. The company we have selected as “one to watch” for April 2021, is Element.
Encrypted messengers are not in short supply. WhatsApp, Telegram, Signal, Wire, Threema, Briar, Session: take your pick; accept your compromises on security, centralisation, UX, etc. Broader enterprise collaboration platforms promising variations on all-singing security are also a growth market, and as email use looks ever-more like a parlous data protection risk, the “secure your comms” space is an increasingly lively one.
The recipe for their growth is simple: take a large pinch of post-Snowden concern about the extent of nation state surveillance and add the CLOUD Act; pour in a dollop of steadily rising EU discomfort with Big Tech’s data harvesting practices (e.g. European authorities are increasingly wary of Microsoft’s telemetry); season with an endless barrage of data breaches involving — surprise! — plaintext emails, and you have an increasing appetite for robust, user-friendly, end-to-end encrypted (E2EE) collaboration and messenging platforms that don’t run on the servers of some US megacorp. (A pandemic-driven shift to remote work is la cerise sur le gâteau).
Enter, Element. The London-based company (legal name: New Vector, but trading as Element, which also doubles as the name of their encrypted messenger – previously known as “Riot” — bear with us) was founded by the creators of the open-source Matrix Protocol, Matthew Hodgson and Amandine Le Pape. Via Element, they provide a “self-sovereign” chat application and collaboration tool built on Matrix – an open standard for interoperable, decentralised, real-time communication over IP, as well as offering Matrix hosting.
You can, refreshingly, host this on your own servers without excessive hassle, or Element will host it for you on single-tenant servers from $2 per seat each month. (You can get the Element client for free on Android, iOS, Linux, or Windows). Element uses the Olm implementation of the double ratchet cryptographic algorithm best known for its use in Signal, with the AES-based “Megolm” group for encrypted group chats. (The latter may be imperfectly scalable, but until someone sorts out a decentralised Messaging Layer Security protocol – Element are part of an IETF team working on that, alongside Cisco, Wire, Google and others – it is what’s being used.)
(To be clear, Element is one of a number of Matrix-based apps. The French government made its own. As long as the Matrix server they have connected to is federated with the one you are connected to, users can communicate with those on other instances using different clients. And to be extra clear again, particularly for retail users: you should have no expectation of absolute privacy on the public Matrix Network, which collects IP addresses — easily avoided with Tor et al for those so-minded — along with usernames and passwords: hashed with at least 4096 rounds of bcrypt. As a federated system, a copy of data sent to participants in a given room, not all of which are encrypted by default, also gets replicated across each participating homeserver.)
Unlike some of the more niche messengers named at top, Element have demonstrated some commercial chops and the ability to scale. European government organisations have been early adopters. In 2020 Element won a landmark 350,000 seat deal with the German education system. It also boasts users across the French, German and UK militaries and is seeing a rising appetite among commercial partners too. (In 2019 Mozilla also decided to replace its 22-year-old IRC with Element/Matrix.) The company has raised $18 million in funding to-date and is currently midway through a Series B raise that will help it scale further, its founders told The Stack.
We sat down to chat. Below, the unexpurgated conversation (with some light tidying).
Let’s start with Matrix. What is it, and what was its genesis?
Matthew – Matrix is an open source project that myself and Amandine created back in 2014. Our mission is to create the missing real-time communication layer of the web. The web itself is an amazing ecosystem of all sorts of vibrant startups and developers and companies building all sorts of exciting things on top of the open web: I can set up shop in my garage and create the next Amazon or Ebay or Google or whatever, and the sky’s the limit.
In the communication space, it’s a disaster, because people created things like WhatsApp, and Slack and Discord, and Skype, and they realised that frankly, IM and VoIP and video is pretty hard to get right and it’s very valuable.
And rather than giving it away for free for the benefit of the world, as Tim Berners Lee did with the web, instead they create a startup, basically reinventing the wheel every time; each one doing a whole different set of contact lists, and instant messages and voice calls and file transfers, etc., and then flip it to Facebook or whoever for billions of dollars later. Great for them, but it’s screwed the rest of the world — we get deprived of the opportunity to have an equivalent building block for communication on the internet that we have with the web.
The closest thing if I want to communicate with you universally today is email, which is rather 1970s and lacks all of the capability that you expect from a modern chat system or modern communication system: you don’t really have encryption, unless you try to do PGP, which is a catastrophe. You don’t have read receipts, you can’t upgrade into a video call or do anything nicely useful with it, too. Our mission on Matrix has been to fill that gap.
We [got started on Matrix when we] were originally running the unified communications division of Amdocs, the big Israeli telecom supplier who acquired our respective companies back in 2010. And after building communications systems for telcos for a few years, we kind of flipped and said, ‘what if we burn the phone system to the ground? And what if we replace email and put out a new, universal common language that people can use for building real time communications, and if it works, then it creates a new industry.’
That means that the next people wanting to do a WhatsApp style thing — rather than reinventing the wheel yet again from scratch — can just automatically build on top of Matrix… by 2017, we decided to spin out of Amdocs. And we created Element as a for-profit startup in order to commercialise Matrix as an ecosystem and to be the leading supplier of Matrix hosting and services. So Matrix itself today is about 30 million users spread over 60,000 deployments: they range in size from governments, to individuals through to companies in academia, healthcare, basically anywhere where people want to communicate securely, and who care about data privacy.
We’re succeeding in being one of many Matrix vendors, but probably the best, given that we created it.
We’ve got 71 people today in the company. We’ve raised $18 million of VC funding to help get to where we are. Some of our best customer successes include the entirety of the French state, the entirety of the German military, lots of academia, and at least three other governments which we can’t talk about yet!
What’s your commercial model?
Amandine – Element provides services and support to the big organisations who want to actually host their Matrix deployment themselves — usually, because they don’t have a choice. We also sell some proprietary products addressing enterprise use-cases, like antivirus or border gateways.
But we also have our SaaS platform, where anyone go and get their own chat system, which can be branded; they just point their DNS at it. For example, as customers we have Wikimedia and Mozilla. These guys could go and deploy their Matrix stack and have their own chat system, but it’s much nicer to have someone do it for you – with the choice to bring it back on premises if you want it to. And it’s fully end-to-end encrypted, so even if we’re hosting it, we have no idea what’s happening on their platform.
The French government has been a major early adopter of Matrix. How did that come about?
Amandine – They reached out to use when Emmanuel Macron became to be president and started to run the country on Telegram and WhatsApp. That’s when the Ministry of Digital reached out to us and said ‘how can we get an open source, decentralised and E2EE solution for our messaging?’ There was only one solution and that was Matrix. That was 2017, so it was pretty early days, but they’ve stayed with it.
It’s now deployed across all 16 ministries; they have 60 Matrix servers running as a closed network. The plan is to open up to the public Matrix network, so that citizens and systems integrators – and other governments for that matter — can collaborate with the government over Matrix. We know that Germany and France are talking to one another about the possibility of a pan-European community communication network based on Matrix.
You got NCC to audit the core crypto library (Olm) in 2016. Any plans to publish a fresh, public security audit?
Matthew – Our gov’t customers all independently audit us, but they keep the findings private (but report vulns to us for us to fix), which has slightly lessened the urge for us to splurge on a public independent audit. Doing a full end-to-end audit is tricky as it means defining and maintaining long-term-stable combination of clients & server(s). [Ed: What about choosing, say, the Element Android app + Element hosting EMS?] The problem with that is that Element Android releases every two-three weeks, including encryption fixes/refinements. so unless we literally maintained a LTS (long term supported) flavour of Synapse + Element Android, and committed to only ever applying bugfixes to it, rather than landing/changing features, it’s of relatively limited value – other than asserting that as of a given point in time, we knew where our vulns were.
You mentioned that Matrix now has circa 30 million users. That’s huge. How did it grow so fast?
Matthew – It’s been been a weird combination of grassroots activism and the almost cult-like mentality that you saw with Linux in the 90s, when people one day woke up and realised that some dude in a dormitory in Finland could write an operating system that could unseat some the biggest tech company in the world; that Hewlett Packard and IBM and all of these commercial Unix’s could actually be legitimately swapped out for a random, open source grassroots-led, by the people for the people guerrilla movement!
People see the same potential with Matrix to break down the siloes of Teams, and Slack, and Facebook, and give the power back to the people. It’s an open standard that anybody can implement with open source reference implementations that anybody can use — and the community has taken it and just run with it faster than we could have ever imagined. There are hundreds of Matrix clients written by people out there. It’s not just Element: some of them are better than ours in some sort of specific use cases. And there are servers written by other people out there, too. And there are companies building on top of it, like Thales, or Ericsson, or Kudelski.
So the play that we have done is in a world very similar to the Netscape in the early days, where they realised that they basically needed to be the champion of the web: they needed to give [away] the flagship Netscape Navigator 3.0 Gold Edition reference app that people would install on their Windows 3.1 machines in order to get on the web via their crappy 33.6k modem. And by doing that they cracked it open for everybody else.
Are you seeing that growth continuing?
Matthew – It’s tripling in size every year: the thing is out of control!
Amandine – We’ve also seen during the pandemic that some organisations simply cannot use Slack or Teams. They cannot have their data unencrypted sitting somewhere in a data centre, usually in the US. These people are often using Skype for Business on-premises. Those are the people often knocking on our door, saying we need something to collaborate remotely, securely. And Skype for Business is leaving [EOL].
With Matrix you get E2EE, you get it onpremise, you’re not vendor locked-in, because it’s an open standard, and you get access to the integrity of the public network the same way you have with email. Those are some of the use cases we’ve seen. We’ve also seen security teams looking for out-of-band communication.
A lot of ideas like this die a painful death on UX. In the enterprise in particular, user adoption also often falls down for new tools if the UI is crap…
Matthew – Historically, this has been our Achilles Heel. We had 45 people in the company before we had any designers; they were all engineers. We now have six people in a dedicated design team in the company making damn sure that our UI is good. Every time we ship something new, it gets better. So yes, a no-brainer: as we push into less technical places like government deployments, we know that if we are not as polished as the competition people will just go and use WhatsApp or Slack or whatever. It’s how a lot of open source projects have perished over the years, because open source purists don’t always care about end users.
Given the uber-security conscious nature of many users, why would they choose a private company like you to host?
We haven’t actually had to persuade anyone. Firstly, it’s all E2EE and we can’t see anything. In fact, people like the UK government whom we assumed would want to host themselves in their own data centres, actually said ‘we’re fine for you to run it in your SaaS environment’. Which by the way is not multi-tenant; it’s a dedicated separate deployment for everybody, so you’re resilient against the kind of outage where everybody is banged on the same multitenant, global cloud deployment and goes down at the same time like a Teams.
Tell us a bit more about the encryption choices you’ve made. Encrypting a global decentralised communication network for lots of users sounds… difficult, particularly given Messaging Layer Security (MLS) is still a work in progress.
Matthew – So the encryption that we use is based on Signal’s double ratchet. What we then did was to add a group ratchet called Megolm on top. Our implementation is called Olm. We use that to exchange key data for Megolm. What we do is we use the one-to-one channels to share the keys for the more sophisticated group ratchet, which means it can scale to thousands of devices; probably 3,000 at the moment. We’re constantly landing pretty major performance increases; so for instance on Android we’re moving from Kotlin and Java to Rust as the engine and that gives us a 10-fold improvement.
When you join a conversation you need to synchronise the keys for your group chat with everyone in the room – and that does mean sending out 1,000-2,000 one-to-one [keys] over the Signal-style ratchet which can take a few seconds, but once it’s done, everybody’s synchronised and there is no latency to chat; it scales pretty well. But we’re also working on MLS as that’s a major improvement over Signal and our stuff. However out of the box MLS doesn’t do decentralisation and that’s a problem for us as Matrix is inherently decentralised, but we’re working with the IETF crew – Cisco, Facebook, Wire, Google and a few others – on a very cool decentralised MLS that works for Matrix. That’s coming along really well, with implementations in TypeScript and in Julia. MLS itself is complicated and an open area of research. It hasn’t been nailed yet.
But if people are dipping in and out of group chats and you have to re-key every time does that not get a bit… crunchy?
Matthew – If you have a room with thousands of devices in it you have to wonder how private it is anyway. Our attitude is that if you go to 2,000 devices you might not re-key because the only thing it’s buying you is perfect forward secrecy. And very often in these rooms, they want people to see the prior history.
Amandine – Basically we’ve tried to build something which can be used in both ways. Either you’re hyper privacy focused and you want perfect forward secrecy. And then you can configure it that way. Or you just want something which is actually usable with your team. And you get it as private as possible. But yes, it means you may have some trade offs in some places, because it’s always going to be UX versus privacy.
What’s the plan when you close the Series B?
Amandine – We’ve seen real acceleration in the market with everything that Matthew mentioned about the pandemic, email issues, etc. So we want to double-down. And we have some great projects that we really want to land. One is peer-to-peer Matrix, where you basically remove all the servers and the servers actually ‘get in’ the app on your phone; so you just install the app and start chatting – then if you want to backup your conversations or access them from another device, you can subscribe to a server which acts like an iCloud for your photos.
That’s one big project. Another is decentralised reputation: Matrix is a decentralised network with government-grade security so there are all sorts of people using it… we want to provide tools for users to filter what they see across the network and filter out things that are illegal for them to see.
Talking of dodgy content, you’ve been working with the French government and HMG – which is keen on encryption backdoors. Have you had conversations about this?
Matthew – The conversations been incredibly straightforward and sensible: all the techies we speak to are aware that backdoors are a really stupid idea that let the bad guys in as well as the good guys. The politicians tend to get corrected by their technical advisors. We’ve invested a lot of time in mitigating abuse in Matrix without backdoors. There are ways to stop people doing bad stuff without blindly carpet-surveilling people like the Stasi.
The way we’re looking at doing it is via decentralised reputation, where we allow people to publish reputation lists that identify content of whatever flavour; it basically empowers users to block the stuff they want to see or don’t want to see on their own terms. So for instance, you might publish an NSFW reputation list of all of the naughty things you found on Matrix. And the government might go and publish its official blacklist of offensive stuff, which is against the law that you really do not want to have on your Matrix server.
You can subscribe to it and use it in order to filter stuff out, if you know where it is. And in general, we’ve seen that you can spot such stuff a mile away because people tend to self-advertise; they go and recruit if they’re terrorists, they advertise if they want to try to create some nasty community; it’s very obvious to spot that. This then gives the users the power to say, ‘well, I’m in the UK: I don’t want that stuff anywhere near my server’, or ‘I just don’t like porn’ or ‘I don’t like Trump’; you put a pin in the map and dial down the volume there. That is basically empowering users to control the algorithms, which in a Facebook world is obviously done by them.
We’re flipping that on its head and letting the users control those algorithms. It might sound like SciFi but we’re actually making good progress. We’ve got a couple of people working full time on it. That’s one of the main things which we’re funding when the Series B lands.