Thursday, 10 October 2019

New Vector scores $8.5M to plug more users into its open, decentralized messaging Matrix

New Vector, a European startup founded in 2017 by the creators of an open, decentralized communications standard called Matrix to drive adoption and grow an ecosystem around an alternative messaging protocol for instant messaging and VoIP apps, has raised an $8.5 million Series A funding round.

Investors in New Vector’s Series A round include enterprise tech specialists Notion Capital and Dawn Capital, along with European seed fund Firstminute Capital.

The team has been showing what’s possible when you think outside the proprietary silo of the usual (messaging giant) suspects for several years now — launching a Slack rival called Riot.IM back in 2016, which runs on Matrix — to offer an open, customizable and secure alternative. (Secure because unlike Slack Riot does offer end-to-end encryption. Though not yet everywhere — but expanding e2e encryption is part of the plan for the Series A.)

Users of Riot can also choose to run the app on their own server so they’re in full control of data hosting. And the app includes a bridging feature to integrate with mainstream chat app rivals like Slack. So it’s a ‘cake and eat it’ approach to modern messaging tech: Control plus interoperability and transparency.

“Slack and WhatsApp have shown just how important instant messaging is for workplace productivity but combining this convenience with total sovereignty and security over data is more valuable than ever,” said firstminute capital’s Brent Hoberman, commenting on the funding in a supporting statement.

“Over the last few years it feels like we have gone backwards with communication platforms like Slack and WhatsApp that are walled gardens where users have very understandable concerns over whether their data is secure and how it is being used,” added Notion Capital’s Jos White in another statement. “At last the market has an alternative with the New Vector services that are based off the Matrix protocol offering open standards and delivering complete data ownership and security.”

New Vector’s Series A fast follows $5M it raised last year — when the team took in a strategic investment from an Ethereum-based secure chat and crypto wallet app called Status.

Earlier dev work on the Matrix protocol was funded with support from a large multinational telecoms infrastructure company for whom the founding team had previously built messaging apps. But that funding dried up as of August 2017, which was when they started casting around for alternatives — initially pitching supporters for donations.

Fast forward a couple of years and with growing momentum for their approach — the Matrix network has expanded to more than 11M users and 40,000 deployments this year, growing daily active users 400% since 2018 — they’ve landed a big chunk of VC in the bank.

This isn’t so surprising when you see some of the users they’re able to name check. Such as the US government; the French government (which forked Riot to launch its own messaging app called Tchap earlier this year, and has chosen Matrix to be its official comms platform); Wikimedia; KDE; and RedHat, to name a few. It also says it’s working with the UK’s National Heath Service and with Mozilla.

The plan for the Series A is thus to step on the gas and scale their hosting platform, burnish the product experience and beef up the protocol to be able to support more governments and enterprises seeking digital sovereignty, messaging autonomy and strong encryption to keep their secrets in increasingly volatile geopolitical times.

Just last week officials from the US, UK and Australian governments leaned on Facebook publicly, calling on the company not to expand its use of end-to-end encryption — unless or until it can ensure access to decrypted comms on warranted demand.

WhatsApp’s e2e encryption is highly respected. But it’s also only as strong as Facebook’s implementation of it. Which isn’t exactly reassuring when the company is coming under high level pressure from its own government to backdoor its apps. So there’s both a security and privacy logic to wanting to eschew data centralization — even if it’s robustly encrypted.

Certainly for a certain type of highly security conscious enterprise and public sector user, which is where Matrix is intended to plug in.

If data is centralized it risks becoming a sitting duck for powerful interests to try to get at, as well as generating a wealth of metadata that the controlling commercial entity can absolutely data-mine. So a robust, decentralized messaging standard that doesn’t demand such trade offs will have obvious appeal to those with resources to custom fit and deploy their own apps.

(For the record, Matrix says its e2e encryption is based on the Double Ratchet Algorithm popularised by Signal but which has been extended to support encryption to chat rooms containing thousands of devices. It also says it uses Olm and Megolm cryptographic ratchets, which are specified as an open standard with implementations released under the Apache license, and which have been independently audited by NCC Group.)

New Vector CEO and Matrix co-founder Matthew Hodgson tells us that growth for Matrix is coming primary from the public sector and adjacent industries (which need to be able to communicate securely with government departments); from open source projects; cryptocurrencies; and activists and NGOs.

“The factors which drive decentralisation here are wanting to be able to have full autonomy and control over your conversations with zero dependencies on a megacorp like Facebook, Google or Slack… without wanting to create an isolated island, but participating in a wider global open Matrix network like the Web itself,” he says. “Also, developers wanting (at last!) an open platform to build communication apps on like the Web, rather than being locked into proprietary communication platforms from a big corp.”

Hodgson points out that governments are “highly decentralized” by nature (i.e. between different departments, ministries, citizens etc) — adding that they “really like end-to-end encryption, especially within a wider open network”.

Or, well, at least the bits of governments that aren’t calling for Facebook to backdoor its apps…

“We are the primary choice for an encrypted yet decentralised communication platform which can span multiple government departments — enforcing different security levels on different servers as needed, with zero vendor lock-in thanks to Matrix,” he continues. “It lets you get the entire public sector — be that academic, healthcare, military, citizens and their adjacent organisations (and adjacent countries!) on the same network, without surrendering control to Facebook, Google, Telegram or anyone else.”

“France and the US Department of Public Safety are already live, and several other countries are in the pipeline,” he adds on public sector deployments. “We expect Matrix to become the backbone for secure intra- and inter-governmental communication in the future.”

In France’s case the government has rolled Matrix out across all 16 ministries — to 5.5M users.

Talking of the future, the plan for the Series A is four-fold. Firstly: Invest in improving the user experience in Riot for the app to be, as Hodgson puts it, “properly mainstream” — aka: “a genuine alternative to WhatsApp and Slack for groups who need secure communication which is entirely within their control, rather than run by Facebook or Slack”.

Second, they’ll be turning on end-to-end encryption by default for all private conversations.

“Decentralised e2e encryption is Hard,” he says with emphasis. “But we are tantalisingly close to having the missing ingredients (cross-signed key verification; E2E-capable full text search; E2E-capable bots) finished — which means we can turn it on across the whole public network by default for private rooms. This is a huge deal, especially given the increasingly obvious risks of centralised end-to-end encryption (a la WhatsApp and Signal).”

Thirdly, the funding will go on building out their flagship Matrix hosting platform (Modular.im) and building it into Riot — “so that groups of users can easily hop onto their own self-sovereign servers”. 

“We already have folks like the Wikimedia Foundation, KDE and GNOME using Modular today (and hopefully Mozilla and NHSX in future), and we’ll be using the funding to get as many people on Modular as possible to help scale Matrix going forwards,” he adds. 

Finally they intend to work on combating abuse. As with any comms platform, there can be a dark side to the stuff people want to share. Throw in e2e encryption and decentralization and the question of how you moderate hateful communications could easily get overlooked. But New Vector is at least thinking about this problem.

“Matrix is a fascinating microcosm of the wider open internet, and the 11M addressable users spans the full spectrum of humanity,” says Hodgson. “We have some really interesting work going on here to empower users to filter out content they don’t want to see (rather than using centralised algorithms to do so), which could be applicable to the wider internet.”

“We’re hoping that the Matrix.org Foundation (the non-profit which control the Matrix protocol) will drive this work but it’s something which is very much on New Vector’s radar too,” he adds.

Asked about Matrix’s security and stability, Hodgson says this was the focus with the big 1.0 release in June — when the protocol exited beta.

“We launched a formal Security Disclosure Policy and hall of fame (https://matrix.org/security-disclosure-policy/) and the protocol has a pretty good security record — other than the drama over the launch of Tchap in France,” he says, referring to the security flaw that was found in the app immediately it launched.

“The researcher who found the flaw made an extremely loud noise about it, but in practice it wasn’t a flaw in the Matrix protocol itself — it was specific to the French deployment’s configuration, and was found prior to launch, and we addressed it within a few hours of being reported,” he adds. “Obviously it should have been spotted before being exposed to the internet, but subsequently France set up a successful bug bounty programme (https://yeswehack.com/programs/tchap) as well as a dedicated audit to avoid problems going forwards.

“Meanwhile we got our E2EE successfully audited by NCC Group back in 2016 (it hasn’t changed substantially since), and together with the E2EE-by-default work mentioned before, we’re continuing to focus on security & stability.”



source https://techcrunch.com/2019/10/10/new-vector-scores-8-5m-to-plug-more-users-into-its-open-decentralized-messaging-matrix/

No comments:

Post a Comment