7 minutes reading time (1439 words)

Riot.im - a secure messenger?


Having reviewed Threema and Signal in recent days, we are now going to bounce over to a more team orientated messenger: Riot/Matrix

When I say ‘team orientated’, well, Riot is more like Slack in so far as it is a ‘person to person’ chat which allows you to communicate with someone as an individual (under People as per Riot) or within a group (or Room as per Riot). Favourites can also be highlighted to provide ease of access and heightened visibility on screen.

As an example, Decentralize.Today uses Riot on a day and daily basis as a team chat for everything we do on the site, on meet-ups and planning and at an individual and team (and sub team) level.

So starting with the registration, this is reasonable simple and straightforward. No telephone number or email required, just choose a username and a password and you are good to go. At least that is the theory, I have had numerous contacts who have actually needed to sign up on the desktop in order to make Riot operate on their phones. That said, you can download Riot on Linux, Windows, MacOS, Android and iOS and it also comes with an convenient browser version.

The Matrix service behind the scenes is the real communication protocol and is both secure and universal (open, decentralized, federated, bridged). Riot/Matrix offers you end-to-end encryption (sadly not out of the box!), however, to enable this requires you to select it in settings for each and every room and individual contact/chat you create. 

For greater detail on the encryption aspect of Riot, check out the following link:


For greater detail on the Matrix, see below

Riot offers anonymity via federated servers, with group and private chats as well as support for bots creation and the ability to read and write on other networks including Twitter, Discord, Skype, Gitter, IRC, email and more.

Riot also offers Voice and Video Calls, both of which were excellent in our tests. Riot has a full history of all chats on their server site, which means that if you have multiple devices you can always pick up on a conversation with a newly added device. A word to the wise here though, you will need to have your Key backup ready if you want to read preview messages on any new device.

If you chose to use encrypted chat with any one of your contacts this requires manually verification from both parties. This may sound like an extreme pain, especially if you are in a large group(s), however, it is a one time ask and ensures full encryption and security for all your messaging.

Upon creating a Room you can chose if that group is listed within the Riot directory or that it is an invite only group that is not listed nor detectable via Riots/Matrix search. There is a Global group directory available to all featuring, among other things, chats with bitcoin whales, other crypto communities, Linux chatrooms etc.  Great feature and well worth a look!

You can set a Room photo, name and topic. In settings you can also set the Room for muted notifications or if it is one of your favourites.

Setup allows you to determine who can access the Room, for example:

- Only people who have been invited
- Anyone who knows the Room link, apart from Guests
- Anyone who knows the Room link, including guests

You can also chose who can read the Room’s history:

- Anyone
- Members only (from the time of selecting this option)
- Members only (since they were invited)
- Members only (since they joined)

You can share pictures and files just as you would on a similar team chat such as Slack.

One great feature is the ability to delete messages to all recipients within a Room/chat! (which makes it so much easier to clean up any mess after a ‘long’ night out haha!).

On bridges, Riot/Matrix provides things like Etherpad, Google Docs/Calendar, GitHub, Wikipedia Search, Google Image Search, RSS Feed, even Travis CI and more, see https://about.riot.im/features#bridges It's still counting and programmers can utilize it to develop custom widgets.

Whilst Riot is best characterized as the usage software, Matrix is the unifying communication protocol. It allows differing communication networks to combine. It is decentralized, federated and bridged.

Decentralization ensures that no one entity or company has control over the connections and data. This is achieved by having all servers within use connect with each other (they are federated) regardless of their physical location. Users from all servers can thereby connect with all others. By comparison, un-federated service setups can not facilitate this.

Matrix is an ‘open’ protocol. Unlike Microsoft Skype, this protocol is free (libre) and gratis (without paying) for anybody to re-implement into the form of software. This means anybody can create their own ‘Riot’ software if they so wish and won't be banned or need to reverse engineer the Matrix protocol.

Indeed, there are many other combination with Matrix such as Nheko/Matrix, Fractal/Matrix and NaChat/Matrix. The protocol is constant, namely Matrix, but the programs will vary. You could consider these like Cutegram on the Telegram desktop. Out of these, you’re probably better off staying with the original but in case you are curious.....

Fractal is an official Matrix desktop client for GNOME, it's under active development and could be considered a an alternative to Riot Desktop for GNU/Linux users.

Quaternion is a cross-platform desktop Matrix client, developed in C++/Qt.

Spectral is a Matrix desktop client for macOS. developed using Swift4.

This section is for system administrators who want to know more about the real difference between Matrix by comparison with silo services like WhatsApp or Slack.

Specification of the Matrix Protocol is open: https://matrix.org/docs/spec/

Synapse, the Matrix server software, is available so you can deploy your own Matrix server and join the federation: https://github.com/matrix-org/synapse,

The basic documentation for Matrix, Riot, Synapse is here: https://matrix.org/docs/guides.

Modular.im, is a hosting service for Matrix server with Riot et al, full integration, provided by the Matrix developers and reasonably priced:  https://www.modular.im,

Matrix FAQ which answers important questions such as what is federation and why Matrix is an open standard: https://matrix.org/docs/guides/faq.

One important feature to mention here is that you can find Riot on f-droid (the open source only available on Android App Store). This is worthy of mention because you don't find Signal or Threema on f-droid. By way of background, one of the Matrix servers, to be exact the main home servers, suffered an attack in April which messed up a lot of projects. It transpired that all android users who had downloaded Riot from the official Google PlayStore were affected and Riot required everyone to login again and download a new android version. Those people who installed on iOS or the f-droid version were not affected. Well, not from install the new app on their phones, but to generate new keys and change the login password.

Let me briefly expand about the servers. Matrix has a home server located at matrix.org, which is the pre-selected option when you download the app. This was the one affected by the problem they faced in April this year. There are many other options available, check out: https://www.hello-matrix.net/public_servers.php

And you can always host Matrix and therefore Riot yourself on modular or at your own host. Everything is open source and when we monitored the f-droid version of Riot we had no other connections or data collections apart from to the actual home server we are on.

Last but not least even with the f-droid version you will be able to get push notifications, and this without any Google services being involved! Matrix/Riot is a true winner, but don’t forget to activate end-to end encryption.

We do have one small but ugly concern we want to put out there and I hope the developers of Riot are reading this. People who use iOS have been complaining for a long time via GitHub about the font size on iOS and, honestly, it can't be that difficult to make the font size adopt the same as set in your phone or does it have its own settings? Just the way you have it already for android users. Even on my iPad, I have real difficulties reading texts when I don’t have my specs on.....and some of the colour combinations are, shall we say, questionable....red on black??

One final observation: status, the service we will review in the coming days, invested USD 5 million into Riot. We will dig deeper into why Status invested into Riot and ask why? See you soon!


Comments (0)

Rated 0 out of 5 based on 0 voters
There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest. Sign up or login to your account.
Rate this post:
Attachments (0 / 3)
Share Your Location