> Practically speaking, that means that people and organisations running a Matrix server with open registration must verify the ages of users in countries which require it. Last summer we announced a series of changes to the terms and conditions of the Matrix.org homeserver instance, to ensure UK-based users are handled in alignment with the UK’s Online Safety Act (OSA).
At least you can self-host matrix and messages are end to end encrypted, unlike IRC.
> Practically speaking, that means that people and organisations running a Matrix server with open registration must verify the ages of users in countries which require it.
Practically speaking, I would just ignore this requirement. The UK government has no jurisdiction on this side of the pond.
There are a few IRC clients that support OTR. irssi-otr is one [1] weechat-otr is another [2]. Pidgin though I have not used it in a very long time. Hexchat using an always work in progress plugin. There may be others.
OTR could use some updates to include modern ciphers similar to the recent work of OpenSSH but probably good enough for most people.
E2EE aside having chat split up into gazillions of self hosted instances makes it much harder for chat to be hoovered up all in one place. It takes more effort to target each person and that becomes a government scalability issue. Example effort: [3]
Links 1 and 2 have not had updates in 10 and 8 years respectively, they probably don't even compile anymore. They implement OTRv3 which was published in about 2005 and uses 1536-bits primes. As far as I know, neither the protocol nor the implementations were audited (and especially not audited recently). This is not good encryption at all.
Additionally, OTRv3 does not allow multiple clients per account, which makes it unusable for anyone who wants to chat from two devices.
You can try to self-host. Neither Synapse nor Dendrite is in a good state for running a server. I tried Dendrite for a while and it was always playing catchup to Synapse, despite being the supposed successor, and is now not even under development? I can't even tell what's going on over there.
Anyway, my main experience of Matrix is "failed to decrypt message". It's... not great. I wish it were better.
You did it wrong. The correct approach is to flip a coin and let it decide between tuwunel and continuwuity, then self hold that until it dies along with its database format
IRC is also most commonly used for open servers where anyone can join whenever they want to without as much as needing to register for an 'account'! You just pick a nickname out of thin air and off you go.
In that kind of environment, end to end encryption really doesn't add value.
- notes left there for work, family organization, etc basically things for which an email is "too much" but a small scrap of text seen by some serve the purpose well
- calls, whether audio-only or audio + video
For social use, I see Lemmy or Nostr/Habla more than Matrix. But for all of this, there's a major lack of a single app that is easy go install-able, pip install-able, or cargo build-able without a gazillion dependencies and a thousand setup problems, to the point that most people just choose Docker, using stuff made by others that they know almost nothing about because setting up and maintaining these solutions is just too complex.
I appreciate their effort but isn't Matrix (the company) based out of the UK and primary hosted instances on AWS in the UK? The UK were the first AFAIK to create such internet laws [0]. I could imagine people running their own instances in places where the age laws are not yet active but that number is shrinking fast. [1]
Their solution is for everyone to pay for Matrix with a credit card to verify age. I assume that means there must be a way to force only paid registered accounts to join ones instance? What percentage of the accounts on Discord are paid for with a credit or debit card? Or boosted? I don't keep up with terminology
> isn't Matrix based out of the UK and primary hosted instances on AWS in the UK?
It doesn't matter what country you run your server in or where your company is based; if you're providing public signup to a chat server then the countries (UK, AU, NZ etc) which require age verification will object if you don't age verify the users from those countries. (This is why Discord is doing it, despite being US HQ'd). In other words, the fact that The Matrix.org Foundation happens to be UK HQ'd doesn't affect the situation particularly.
(Edit: also, as others have pointed out, Matrix is a protocol, not a service or a product. The Matrix Foundation is effectively a standards body which happens to run the matrix.org server instance, but the jurisdiction that the standards body is incorporated in makes little difference - just like IETF being US-based doesn't mean the Internet is actually controlled by the US govt).
> Their solution is for everyone to pay for Matrix with a credit card to verify age.
Verifying users in affected countries based on owning a credit card is one solution we're proposing; suspect there will be other ways to do so too. However: this would only apply on the matrix.org server instance. Meanwhile, there are 23,306 other servers currently federating with matrix.org (out of a total of 156,055) - and those other servers, if they provide public signup, can figure out how to solve the problem in their own way.
Also, the current plan on the matrix.org server is to only verify users who are in affected countries (as opposed to try to verify the whole userbase as Discord is).
> It doesn't matter what country you run your server in or where your company is based; if you're providing public signup to a chat server then the countries (UK, AU, NZ etc) which require age verification will object if you don't age verify the users from those countries. (This is why Discord is doing it, despite being US HQ'd).
Whether it matters depends very much on what sort of organization you are.
Discord is a multinational for-profit corporation planning an IPO. It takes payments from users in those countries, likely partners with companies in those countries, and likely wants to sell stock to investors in those countries. Every one of those countries has the ability to punish Discord if it does not obey their laws, even if it does not have a physical presence there.
The situation is likely quite different for most of the 23,306 Matrix servers that federate widely. The worst thing Australia, for example could do to one of their operators is make it legally hazardous for them to visit Australia.
> (This is why Discord is doing it, despite being US HQ'd)
Right, but also the US isn't far behind on the same legislation wave. It's a lot less likely to be US federally regulated in the same way that the EU is debating EU-wide legislation, but a handful of US States have a version of this legislation already on the books and about to be enforced, or considered about to be on the books (some of which like South Carolina's partially passed bill written to be enforceable Day 1 with no grace period).
(Tangential to your comment but apropos of the Discord news...)
Have any of the Matrix/Element teams seriously considered taking advantage of current events by offering a gamer-focused class of premium account, for Discord refugees who want to redirect their Nitro budgets to fund Matrix gaming features? (Perhaps on a separate homeserver, to avoid the lag during times when matrix.org is overloaded.)
If it were positioned as Patreon-style crowdfunding rather than selling a finished product, and expectations were set appropriately, I wonder if it could end up a nontrivial source of income with which to develop features that Matrix deserves but corporate/government customers won't pay for.
I appreciate that answer, it makes sense that it is based on the country. What I'm hoping to avoid is having to give my actual identity to all services on the internet. It will just allow terrible monitoring and oversight that isn't helpful for democracy. I don't trust the current us administration to know everything I say, everything I do, I don't really trust any government to have that power (and I want to stop crime and abuse..). I like some privacy. We are heading to that already with the Texas and Florida age requirements on the internet today.
This matrix discussion here is missing the point - many people don't want ubiquitous tracking of everything we do on the internet. You and matrix are seemingly not honestly addressing that point, because matrix doesn't seem different discord (in the requirements).
Matrix is a protocol, not a service. It's likely the UK government can enforce laws against content and accounts hosted on the matrix.org servers, but no single government has jurisdiction over the entire network.
That sounds more like a recipe for overreach than a method to escape the law, to be honest. Governments don't typically go "aw, shucks, you've caught us on a technicality" without getting the courts involved.
Clueless lawmakers will see this app called Element full of kids chatting without restrictions and tell it to add a filter. When the app says "we can't", the government says "sucks to be you, figure it out" and either hands out a fine or blocks the app.
There are distinctions between the community vibe Discord is going for (with things like forums and massive chat rooms with thousands of people) and Matrix (which has a few chatrooms but mostly contains small groups of people). No in-app purchases, hype generation, or kyhrt predatory designs, just the bare basics to get a functional chat app (and even less than that if you go for some clients).
I'd say being based in the UK will put matrix.org and Element users at risk, but with Matrix development being funded mostly by the people behind matrix.org that implies an impact to the larger decentralized network.
I thought it was both and their hosted service is in the UK. Is it not? I know people can host their own but I have had very little success in getting people to host their own things. Most here at HN will not do anything that requires more than their cell phone. Who knows maybe Discords actions will incentivize more people to self host.
Couldn't you simply set up your own instance and link up with the wider network? I guess you would have to age verify yourself if you live in a country that requires it, but regulating that would be sort of hilarious.
Whether or not authorities with jurisdiction over you would notice your instance (homeserver) or bother you about age verification is an issue you'd have to consider for yourself.
Couldn't you simply set up your own instance and link up with the wider network?
I honestly have no idea. As much as they love money I am not paying my lawyers to research AI this one. I would probably wait for others to get made example of.
It's an interesting legal question, but I would imagine for a federated service, the burden of proof should be on the individual's home server for age verification. That's where the user account is, after all.
Matrix is basically labeled "adults only" everywhere, so restricting certain servers/rooms due to possible innocent eyes is likely out of scope.
I don't care about what Australia wants. If I ran a private Matrix instance (e.g. to chat with my gaming buddies) I wouldn't even agree to divulge who is registered on it.
I've been threatened by the governments of Pakistan and Germany for stuff I've said pseudonymously on the Internet. As much as they may think everybody needs to care about their laws, I happen not to.
> Since then Australia, New Zealand and the EU have introduced similar legislation
I am not aware that the EU pushed legislation onto us here in central Europe with regards to "Age Verification". I am not saying it has not happened (I simply don't know right now), but this needs a source rather than just a statement. From what I remember, local media in german critisized the UK, so it would be strange to see the same legislation suddenly come into effect here.
Also, it seems we did not really win a lot if a private company operates matrix.
The EU will probably wait until the launch of a digital wallet that can do anonymous age verification. Otherwise it won't get enough political support.
Greece/Austria/Finland/Belgium/Italy also discussing.
The best one for me is Portugal, parliament approved this law all while the country is being devastated by hurricane winds and flooding with several calamity zones. They are really bringing Law into effect by maximum obfuscation.
EU anonimity online is over because ivory tower folks want to speedrun all of us into 1984.
And this is obviously just a stepping stone to mass message scanning. The revolution will not be organizable.
>If it doesn't have enough of the utility, performance, and positive UX, it will never gain enough market share to matter.
That's part of why billionaires will continue to screw people over. They will try and stay in bed with the familiar evil, rather than put up with the temporary inconvenience of freedom.
And it's a negative spiral. Less users means less money to bring in staff which means less means to improve. Discord didn't become discord in a month, but other competitiors don't get that grace period.
Last time I tried matrix (~2022) they still didn't have voice channels--they had voice calls but not a mechanism where people can join/leave a particular voice chat at will. To me this is a must have feature for anyone who has used discord/mumble/ventrilo.
I was actually playing with voice rooms the other day. One can create a standing call room that people can join or leave as they see fit, without having to set up a new call each time. Discord currently has more integrations with streaming and voicechat rooms, but they had a bit of a head start, and even Element (let alone Commet & Cinny) are catching up
I agree with you. The good news is that it looks like some of the alternate clients are focusing on it. https://commet.chat/ has voice channels (video rooms but default to camera off), and cinny's element call support PR defaults to camera off in video rooms as well iirc.
It is really great to see a post from the Matrix Foundation that forthrightly acknowledges it is not ready for mainstream adoption and shows awareness of its limitations. I hope this is a good omen for the future of Matrix.
Readit News
> Practically speaking, that means that people and organisations running a Matrix server with open registration must verify the ages of users in countries which require it. Last summer we announced a series of changes to the terms and conditions of the Matrix.org homeserver instance, to ensure UK-based users are handled in alignment with the UK’s Online Safety Act (OSA).
At least you can self-host matrix and messages are end to end encrypted, unlike IRC.
Practically speaking, I would just ignore this requirement. The UK government has no jurisdiction on this side of the pond.
https://en.wikipedia.org/wiki/Ryanair_Flight_4978
There are a few IRC clients that support OTR. irssi-otr is one [1] weechat-otr is another [2]. Pidgin though I have not used it in a very long time. Hexchat using an always work in progress plugin. There may be others.
OTR could use some updates to include modern ciphers similar to the recent work of OpenSSH but probably good enough for most people.
E2EE aside having chat split up into gazillions of self hosted instances makes it much harder for chat to be hoovered up all in one place. It takes more effort to target each person and that becomes a government scalability issue. Example effort: [3]
[1] - https://github.com/cryptodotis/irssi-otr
[2] - https://github.com/mmb/weechat-otr
[3] - https://archive.ph/4wi5t
Additionally, OTRv3 does not allow multiple clients per account, which makes it unusable for anyone who wants to chat from two devices.
Why not provide the URL
Some people cannot access archive.today sites
These sites also serve CAPTCHAs. They block users who prefer not to use Javascript for non-interactive www use, e.g., reading documents
Anyway, my main experience of Matrix is "failed to decrypt message". It's... not great. I wish it were better.
Unable to decrypt has improved quite a bit fwiw
In that kind of environment, end to end encryption really doesn't add value.
Even without registering my nick, I would expect a modern protocol to keep my pm communication private by default.
- notes left there for work, family organization, etc basically things for which an email is "too much" but a small scrap of text seen by some serve the purpose well
- calls, whether audio-only or audio + video
For social use, I see Lemmy or Nostr/Habla more than Matrix. But for all of this, there's a major lack of a single app that is easy go install-able, pip install-able, or cargo build-able without a gazillion dependencies and a thousand setup problems, to the point that most people just choose Docker, using stuff made by others that they know almost nothing about because setting up and maintaining these solutions is just too complex.
Their solution is for everyone to pay for Matrix with a credit card to verify age. I assume that means there must be a way to force only paid registered accounts to join ones instance? What percentage of the accounts on Discord are paid for with a credit or debit card? Or boosted? I don't keep up with terminology
[0] - https://en.wikipedia.org/wiki/Online_age_verification_in_the...
[1] - https://avpassociation.com/4271-2/
> isn't Matrix based out of the UK and primary hosted instances on AWS in the UK?
It doesn't matter what country you run your server in or where your company is based; if you're providing public signup to a chat server then the countries (UK, AU, NZ etc) which require age verification will object if you don't age verify the users from those countries. (This is why Discord is doing it, despite being US HQ'd). In other words, the fact that The Matrix.org Foundation happens to be UK HQ'd doesn't affect the situation particularly.
(Edit: also, as others have pointed out, Matrix is a protocol, not a service or a product. The Matrix Foundation is effectively a standards body which happens to run the matrix.org server instance, but the jurisdiction that the standards body is incorporated in makes little difference - just like IETF being US-based doesn't mean the Internet is actually controlled by the US govt).
> Their solution is for everyone to pay for Matrix with a credit card to verify age.
Verifying users in affected countries based on owning a credit card is one solution we're proposing; suspect there will be other ways to do so too. However: this would only apply on the matrix.org server instance. Meanwhile, there are 23,306 other servers currently federating with matrix.org (out of a total of 156,055) - and those other servers, if they provide public signup, can figure out how to solve the problem in their own way.
Also, the current plan on the matrix.org server is to only verify users who are in affected countries (as opposed to try to verify the whole userbase as Discord is).
Whether it matters depends very much on what sort of organization you are.
Discord is a multinational for-profit corporation planning an IPO. It takes payments from users in those countries, likely partners with companies in those countries, and likely wants to sell stock to investors in those countries. Every one of those countries has the ability to punish Discord if it does not obey their laws, even if it does not have a physical presence there.
The situation is likely quite different for most of the 23,306 Matrix servers that federate widely. The worst thing Australia, for example could do to one of their operators is make it legally hazardous for them to visit Australia.
Right, but also the US isn't far behind on the same legislation wave. It's a lot less likely to be US federally regulated in the same way that the EU is debating EU-wide legislation, but a handful of US States have a version of this legislation already on the books and about to be enforced, or considered about to be on the books (some of which like South Carolina's partially passed bill written to be enforceable Day 1 with no grace period).
The US landscape is shifting rapidly on this: https://en.wikipedia.org/wiki/Social_media_age_verification_...
Have any of the Matrix/Element teams seriously considered taking advantage of current events by offering a gamer-focused class of premium account, for Discord refugees who want to redirect their Nitro budgets to fund Matrix gaming features? (Perhaps on a separate homeserver, to avoid the lag during times when matrix.org is overloaded.)
If it were positioned as Patreon-style crowdfunding rather than selling a finished product, and expectations were set appropriately, I wonder if it could end up a nontrivial source of income with which to develop features that Matrix deserves but corporate/government customers won't pay for.
We need more stuff hosted through obfuscated channels (Tor, I2C, etc) and more user friendly access to those networks.
This matrix discussion here is missing the point - many people don't want ubiquitous tracking of everything we do on the internet. You and matrix are seemingly not honestly addressing that point, because matrix doesn't seem different discord (in the requirements).
tldr, means for American firms to sue due to burdonsome regulations, also some contitution stuff.
Clueless lawmakers will see this app called Element full of kids chatting without restrictions and tell it to add a filter. When the app says "we can't", the government says "sucks to be you, figure it out" and either hands out a fine or blocks the app.
There are distinctions between the community vibe Discord is going for (with things like forums and massive chat rooms with thousands of people) and Matrix (which has a few chatrooms but mostly contains small groups of people). No in-app purchases, hype generation, or kyhrt predatory designs, just the bare basics to get a functional chat app (and even less than that if you go for some clients).
I'd say being based in the UK will put matrix.org and Element users at risk, but with Matrix development being funded mostly by the people behind matrix.org that implies an impact to the larger decentralized network.
I thought it was both and their hosted service is in the UK. Is it not? I know people can host their own but I have had very little success in getting people to host their own things. Most here at HN will not do anything that requires more than their cell phone. Who knows maybe Discords actions will incentivize more people to self host.
Whether or not authorities with jurisdiction over you would notice your instance (homeserver) or bother you about age verification is an issue you'd have to consider for yourself.
I honestly have no idea. As much as they love money I am not paying my lawyers to research AI this one. I would probably wait for others to get made example of.
Matrix is basically labeled "adults only" everywhere, so restricting certain servers/rooms due to possible innocent eyes is likely out of scope.
Deleted Comment
I am not aware that the EU pushed legislation onto us here in central Europe with regards to "Age Verification". I am not saying it has not happened (I simply don't know right now), but this needs a source rather than just a statement. From what I remember, local media in german critisized the UK, so it would be strange to see the same legislation suddenly come into effect here.
Also, it seems we did not really win a lot if a private company operates matrix.
That's old news, now is all about "think of the children".
This is too synchronous not to be arranged with the Commission. My vote is on Europol and Palantir lobbying.
France - https://www.lemonde.fr/en/pixels/article/2026/01/31/social-m...
Spain - https://english.elpais.com/technology/2026-02-04/is-16-a-goo...
Denmark - https://edition.cnn.com/2025/10/08/tech/denmark-children-soc...
Portugal - https://www.reuters.com/world/europe/portugal-approves-restr...
Greece/Austria/Finland/Belgium/Italy also discussing.
The best one for me is Portugal, parliament approved this law all while the country is being devastated by hurricane winds and flooding with several calamity zones. They are really bringing Law into effect by maximum obfuscation.
EU anonimity online is over because ivory tower folks want to speedrun all of us into 1984.
And this is obviously just a stepping stone to mass message scanning. The revolution will not be organizable.
If it doesn't have enough of the utility, performance, and positive UX, it will never gain enough market share to matter.
E2EE encryption doesn't matter if you don't have someone else to communicate over it with!
That's part of why billionaires will continue to screw people over. They will try and stay in bed with the familiar evil, rather than put up with the temporary inconvenience of freedom.
And it's a negative spiral. Less users means less money to bring in staff which means less means to improve. Discord didn't become discord in a month, but other competitiors don't get that grace period.
Discord/Twitch/Snapchat age verification bypass - https://news.ycombinator.com/item?id=46982421 - Feb 2026 (435 comments)
Discord faces backlash over age checks after data breach exposed 70k IDs - https://news.ycombinator.com/item?id=46951999 - Feb 2026 (21 comments)
Discord Alternatives, Ranked - https://news.ycombinator.com/item?id=46949564 - Feb 2026 (465 comments)
Discord will require a face scan or ID for full access next month - https://news.ycombinator.com/item?id=46945663 - Feb 2026 (2018 comments)`
They should really rebrand their home server to another name, so the Matrix name is unambiguously referring to the protocol.