Matrix network

Decentralized means that there can be many different Matrix servers, but users from each server can directly talk to users on other servers. It's like email. You and many other users have their gmail email address but can exchange emails with anybody else (e.g. yahoo mail, hotmail, etc.).

You create your user on any Matrix server and can immediately talk to all Matrix users - including those on other servers. Decentralization / federation gives a lot of autonomy. It is possible for servers to deferate and only allow users to talk within their own server, or block communication with specific server instances. It all depends on the server administrators. You could even host and run your own server to participate in the Matrix network.

A good place to start is https://matrix.org/try-matrix. It will guide you through selecting a client (chat app) and help you register a Matrix account.

Please refer to the matrix.org website for more technical details, protocol specs and additional documentation. The following information tries to summarize key concepts for new users which are not available on most other messaging services.

Core concepts for new users

Rooms and Spaces

A room is a group chat. The creator of the room can set many settings for the room (e.g. if the room can be searched in the public directory or not, who can join, if messages are encrypted or not, who can read previous messages in the chat, manage permissions for other users - i.e. room moderators and room admins).

A space is a collection of multiple rooms grouped together and can have many rooms but also sub-spaces that again can have rooms, and so on.

Many communities create their own spaces with rooms for their topics and interests. You can also find many FOSS projects that organize real-time chat with their members and community with Matrix. It can be a very Discord-like experience.

Matrix account handle

Your full Matrix account handle is written like this: @friend:matrix.fsoc.lol

If you share this handle other users can find you in the Matrix network - no matter which Matrix server their own user account was created on.

The full handle starts with an "@" and the username on the server, then a ":" followed by the server domain name (including subdomain). Many matrix servers use the "matrix" subdomain.

Username & password

As a new user you register with username & password like you do with most services. This allows you to log in and send/receive messages.

When you log in an end-to-end encryption keys are automatically generated and used for encrypted chats. If you log into your account on another device or if you log out and log in again on your main device you will not be able to read old encrypted messages. You have to restore your previous end-to-end encryption keys by entering your "recovery key" first.

Recovery key

Direct conversations and group messages (rooms) don't have to, but can be, end-to-end encrypted. To join encrypted conversations your client needs an encryption key which is created automatically. It is important you back up your "recovery key" to be able to restore your previous end-to-end encryption keys or you won't be able to read old encrypted messages after a re-login or a login on another device.

In most clients you can find it in the settings menu (e.g. under "Security" or "Encryption"). Be sure to back up your security key.

This comes especially handy in those two common situations:

• It allows you to restore the encryption keys in another client. So when you are using multiple devices you need the same encryption keys on all devices to being able to read the same encrypted messages. You can restore the same encryption keys on any other device using your recovery key.
• If you lose your encryption keys (e.g. because you lost your device) you will not be able to read your old conversations. You can restore your original encryption keys using the recovery key.

Additional security features

Account trust verification is another security concept built right into Matrix. It's an additional step that verifies that you really are who you are claiming to be.

When you add another device you might have noticed that your software asks for additional verification (e.g. from another device). This is because in theory someone could have obtained your credentials without permission and is trying to pose as you.

If the new device is not verified it shows to other users. The new device can partake in conversations but other users should be suspicious.

A similar concept exists not only for your multiple devices/clients, but also between users. Users can verify each other to mark each other as trusted.