Please read our guide here: How to Install and Use Matrix
First thing to understand is that Riot is the App and Matrix is the Server. (Like how Firefox lets you use the web, but Firefox does not host websites. The Matrix Server is like an email server, where its users are known as
username:matrixURL . (for example, I am
zip:brickshop.io) Think about how from your Gmail account, you can use the google-email-server to send and receive messages with other email-servers. Matrix works in the same way: you can join chatrooms anywhere in the network and contact any other user in the network.
To use my Matrix account that lives @ brickshop.io, I open my Riot app that can be found at https://chat.brickshop.io . Any Riot client can be used to login to any Matrix server, but using both at the same site just makes sense to me in terms of simplicity. In that app, it already knows that the “homeserver” I want to create an account on / login to is brickshop.io – but I have the freedom to choose otherwise. After inputting my homeserver, a simple username + password combo gets me into my chats.
If you choose to use the Mobile app instead (Riot.im), logging in is a three step procedure: first, enter the “homeserver” (matrix address for your account). Then, enter your username. Last, enter your password. It's that simple!
I prefer to configure Matrix servers in a way that new users only need to enter three peices of data to create an account: username, password, password confirmation. I also configure my Matrix servers so that all new accounts are automatically added to a “General” chat – Discord strategists can chime in here.
Once logging in, you can see the chatrooms you're a member of and private messages. It looks and behaves 90% the same as Discord so I don't feel it necessary to say how to switch between rooms and send messages –
So really, if you can remember these three things, you can get into Matrix:
Just like e-mail!
@user:server -- a @user #room:server -- a #room !group:server -- a !group
A group in Matrix is similar to the notion of a Discord server, eg, a directory of common chatrooms. Unlike Discord, you can add public rooms made by other users to your group! EG if the Media team has 5 working groups, the !media:server group can index these for ease of use.
#general:brickshop.io– in the web app, this is done through the “EXPLORE” button in the top left corner.
By default, Matrix rooms are non-encrypted, although your connection to the server is encrypted and communication between servers is encrypted. However there is nothing stopping a malicious server from logging IP addresses or public messages. On the other hand, if you set a room to be encrypted (or join a room that is encrypted) all communication in the room is only viewable to the members of the room – sort of like Signal.
If you want maximum safety, get Tor or a VPN, make a brand new username, and connect that way; and use encrypted rooms when possible. This minimizes your threat attack surface to only what other chatroom members can see: timestamp, username, server, message. You can read more about the encryption used here:
Another factor that makes Riot a bit different from Signal is that you control your encryption key. So you have, in a sense, a second password; when adding new devices or apps to your account, you can manually enter this “second password”, or have a screen open up on your old account and new account with a “Verify” button to click.
Unlike Signal, which does not encourage users to manually verify each others' keys (but allows for it and warns when keys change), Matrix is very loud about telling you that other users are unconfirmed. The confirmation process works by showing both users a string of emoji which they are encouraged to verify on an alternative communication method (phone call, email, Facebook, Discord, etc). This is a one-time process.
For our purposes, you can join a room and assume all users are themselves; then, when they add a new device, Matrix will alert you – if you fear someone has been compromised, this can be a useful feature. A hard thing about privacy is deciding what level of distrust is necessary. The Opsec team is encouraged to draft a “best practices” guide.
Rooms can be set to invite-only. They can also be set to “users with link can join”. This is great for organizing that requires additional security, especially for encrypted rooms.