Matrix Con 2024 had a public sector track where various organisations such as NATO, the French Government and the German Healthcare industry outlined the problems they are solving with Matrix.
Though in short, as a large public institution, being able to self-host a secure and decentralised communications network is highly preferable to needing to rely on a centralised service administered by a company in a foreign jurisdiction.
Element is a for-profit company, originally set up to hire the Matrix Core team and is the primary driver for many projects in the Matrix eco-system. Element cannot be successful without a thriving Matrix eco-system.
In the early days the line between Element and Matrix was rather blurred, which is why we set up the Foundation as a separate entity in 2018 to ensure that whatever happened to Element, Matrix could continue as an independent entity.
Except that the Matrix Foundation has already given up control of the reference implementation and protocol architectural choices back to Riot.im/Element.io corporation. This happened a year or two ago.
It was blurred for a handful of years. Now it is clearly in control of Element.io corporation again.
The intention is very much to offer greater financial transparency, in fact doing so is a prerequisite for multiple funding sources.
The Matrix Foundation Governing Board now has a dedicated finance committee, I don't have concrete timelines for publishing, though I would expect this to happen within a small number of months.
I've never run a non-profit, but what's stopping the Foundation from releasing a raw dump of expenses?
Where I live, all government contracts/invoices need to be published before they come into effect. This obviously required some setup, but presumably you already have similar data as a source for the planned report, why not release it?
Because a raw dump of expenses obscures many important details, and sets people up for misunderstanding things and reporting them out of context.
I'd love to get to a point of radical and automatic transparency as you describe, but that takes a great deal of effort to do well – and the Matrix.org Foundation is still in its infancy. Gotta learn to walk before we can run!
Signal and WhatsApp only address the personal messaging usecase, whereas the letter is also talking about wider chat services like Teams.
More to the point, even with e2ee, there is still communication metadata that is leaving your network for a third-party service. In a defense context, you would almost certainly prefer that the data does not leave your network unnecessarily.
The OP is calling out the need for any large org that depends on a FOSS project to contribute to its maintenance.
Currently we don’t have good mechanisms to make this happen.
The post uses Matrix as an example but it applies equally to any project deemed as critical infrastructure which would of course include XMPP, IRC and plenty of others.
To solve this, FOSS projects must work together to advocate for practical funding mechanisms. This is not a zero sum game.
I found this post to be interesting discussion on how a not profit organisation could practically operate to support FOSS maintenance. It still has risks surrounding infiltration by bad actors, but mitigation is easier since staffers are paid.
https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI
What's more the Synapse team recently announced support for Rust meaning that various performance critical sub-components can be ported over from Python.
