Matrix Conference 2025

Welcome

This session will present the latest updates from the Foundation itself, and the progress it has made in standing on its own legs during the last year.

As project lead of Matrix, Matthew gives a snapshot of where the project is at. Highlights should include:
* Overview of recent high-profile Matrix deployments and uptake
* Overview of the recent major projects to fix state resets and improve decentralisation reliability
* Overview of making Matrix a safer place via improved Trust & Safety work
* Progress on Matrix 2.0 MSCs (Next Gen Auth, Sliding Sync, MatrixRTC) and uptake
* Progress on Olm/Megolm improvements (history sharing, TOFU, invisible crypto, etc)
* Progress on Next-generation encryption work
...and more!

Nobody likes fax machines, yet everyone still uses them – that's the reality in German hospitals. Since 2019, Famedly has been challenging this status quo. With our TI Messenger, built on the Matrix protocol, we've created a secure and decentralized alternative.
Learn how we're using and extending Matrix to modernize communication in the German healthcare system.

Take a trip back through time with me as we learn about how bridges happened. Why did we do it at all? Whose idea was it to hook up the then fledgling matrix.org network to the biggest IRC network? How many databases were shredded in the line of duty?

Since 2024, the Swiss federal government has been obliged by the new EMOTA law to publish all its software under open source licenses. This new 'Federal Act on the Use of Electronic Means to Conduct Official Tasks' (EMOTA) has had an impact on IT procurement and open source activities in Switzerland. By encouraging the creation of open source communities, the law reduces vendor lock-in and strengthens digital sovereignty.

For decades, government agencies have relied on proprietary, siloed communication systems. Today, several Swedish initiatives are exploring new paths forward.

First, we will provide details on the latest developments within SAFOS, a service designed to establish a potential national standard for secure messaging, video conferencing, and real-time collaboration.

Second, we will share insights from eSam — a voluntary collaboration between public agencies — where a multi-agency task force is evaluating options for a common, open, and federated protocol for real-time communication. We will discuss our evaluation criteria, the challenges, and the potential of solutions such as Matrix to foster true interoperability, decentralization, and robust security for Sweden's public administration.

Join us to learn how Försäkringskassan and eSam are exploring ways to build a future-proof communication infrastructure based on openness and collaboration.

In this talk, we’ll take you through the real-world journey of developing and approving a TI-Messenger - a secure, interoperable messaging application built on top of the Matrix protocol for use within Germany’s healthcare system. What began as am idea soon grew into a tightly regulated, multi-stakeholder project, with high demands on privacy, trust, and compliance.

This session is less about features and more about transformation. It’s a case study of how we shaped a Matrix-based messenger to meet the strict security, interoperability, and governance requirements defined by the gematik specification, and how that shaped our development process in return. Unlike general-purpose Matrix clients, the TI-Messenger is deeply constrained by legal frameworks, security audits, and standardized certification making the path from concept to approval full of unique challenges.

We’ll reflect on what we learned about applying Matrix in high-trust environments, what we would do differently, and how our experience could inform similar efforts elsewhere. Whether you’re working in the public sector, healthcare, or simply curious how Matrix can scale to more regulated use cases, this talk offers an inside look at what it takes to make Matrix meet mission-critical standards.

In this presentation, we will examine processes within the German healthcare system and explore the underlying structural challenges that make intersectoral communication so difficult. We will discuss why Matrix is the ideal protocol for the foundation of this infrastructure and explain how we build upon the Matrix specification to meet healthcare-specific requirements.

Special insights will be shared regarding the challenges and lessons learned during the implementation of the TI-Messenger in Germany’s healthcare system. The presentation will outline the different stages of development and highlight specific use cases that demonstrably improve the quality of care.

Twenty seconds is a long time when someone can’t breathe. At ESA´s LUNA Analog Facility we turned that reality into a design constraint: a moonwalk emergency with voice cut by design, Matrix/Element carrying clinical guidance across a built-in one-way delay. We tested two styles of instant messaging, open free-text versus a tiny, structured grammar, to coordinate assessment, treatment, and evacuation over a delay-tolerant (store-and-forward) network. The first signals are clear: structure lowers cognitive load and keeps decisions moving even when replies arrive “late.” We’ll share what worked, what didn’t, and how the same patterns translate to Earth during hospital IT outages. With publications in progress, this talk focuses on early signals and the method itself, showing how Matrix enabled care under delay and how small changes could improve resilience.

The German public administration aims to consolidate its disparate solutions for G2C and G2B communications and transition to a unified yet decentralized Matrix-based infrastructure. In this talk we will dive into this new federal infrastructure’s target architecture and explore its key requirements, drivers and architecture decisions – including the crucial choice of Matrix as the E2EE communications layer. We further share key learnings from the accompanying political process and reflect on the challenges ahead in constructing, negotiating and implementing transition pathways to achieve change in the complex brownfield-environment of Germany’s administrative IT.

European healthcare communication is at a turning point. Fragmented national systems are reaching their limits, while the need for interoperable, secure, and user-friendly digital spaces across borders continues to grow.
This talk explores how the open-source Matrix protocol has become a strategic foundation for secure messaging in healthcare — powering derived solutions like TI Messenger and CGM Messenger. Our approach highlights not only the technology itself but also the importance of collaboration with the open-source community, especially through our partnership with Element, to drive innovation, scalability, and trust.
Key themes include deep integration into primary systems, the use of headless clients, and tackling challenges around usability, eID identity models, and technical complexity.
We argue that while Matrix alone is not the silver bullet for interoperability, it provides the missing bridge between siloed infrastructures and the vision of a unified European Health Space — rooted in open standards and coordinated implementation.

Last year, we introduced NeoToolSuite, Nordeck’s productivity suite of Matrix widgets designed for efficient collaboration and communication.

This year, our focus shifts to our flagship product: NeoBoard Standalone. This real-time collaborative whiteboard has evolved through continuous development and iteration and now it features an immersive infinite canvas that redefines what’s possible for open-source productivity and creative tools.

Join us for a tour of NeoBoard’s latest features and share our vision for the future of real-time collaboration, powered by the Matrix protocol.

Our project's main goal was to fill a gap by developing a telephony bridge that natively integrates XiVO enterprise telephony (based on SIP) within the alternative and open-source Matrix/Element ecosystem. Our focus with this bridge is to offer a credible and high-performing alternative to dominant proprietary solutions, such as Teams and its "Telephony System" licenses.

[matrix] as an end-to-end encrypted communication standard has its flaws. Flaws in privacy, flaws in complexity. With the standard of Messaging Layer Security (MLS), the [matrix] ecosystem has the opportunity to address old flaws, rethink room state and increase interoperability.

In this talk, I will provide a beginner's guide on challenges of [matrix] 3.0.

-

Element Call, the flagship MatrixRTC application by Element, is shaping the future of secure, federated calling. As the successor to the traditional call system in Element apps, it now powers large-scale, end-to-end encrypted (E2EE) group calls with improved reliability and seamless federation support. This talk follows up on last year’s introduction of Element Call, showcasing a year of rapid innovation — from new media transport mechanisms to enhanced mobile features — all aimed at making secure communication effortless and intuitive.

On July 15, 2025, Germany’s statutory health insurance funds will introduce the Matrix-based instant messaging service TI-M (Telematikinfrastruktur Messenger) into their electronic patient record (ePA) apps. This marks a significant milestone, as Matrix-based messengers will become potentially available to 74 million insured individuals across Germany.

This talk will provide an overview of the nationwide rollout, highlighting the technical and organizational challenges faced during the development and operation of TI-M, including interoperability, security, and scalability within the highly regulated healthcare environment. We will present up-to-date usage data and insights on user adoption, reflecting the initial impact and acceptance of TI-M among patients and healthcare professionals.

Finally, the session will offer an outlook on the future of secure, decentralized communication in the German healthcare system, discussing opportunities for further integration, innovation, and the broader implications for digital health infrastructure.

The BundesMessenger is the soverein communication solution for the German government and armed forces. Developed to be robust, secure and interconnected it serves as the basis for collaboration in the public sector. With a sharp focus on user experience, an uncompromised commitment to free and open-source software and state-of-the-art deployment of cloud technologies, it brings a high-quality messenger to firefighters, soldiers and office workers.

Want to know what makes the BundesMessenger quite a special piece of software? Is it better than fax? And will it shut up after I call it a day? Join the talk to find out!

In this talk we will introduce Synapse Pro, the Matrix server for professional environments from Element. Synapse Pro is built to support professional Matrix deployments in terms of scalability, efficiency and high availability. It comes in two flavours, Synapse Pro for Small Hosts and Synapse Pro for Large Hosts. The Small Hosts solution introduces multi-tenancy capabilities in order to host plenty of small Matrix servers in a resource-saving and cost-efficient way. The Large Hosts solution enhances Synapse with more efficient implementations of its subsystems and provides auto-scaling as well as high availability capabilities. This talk will give you detailed insights on both solutions and their benefits for Element customers.

Can Matrix compete with Big Tech? That remains an open question—but the market conditions in Europe have never been more favorable to sovereign, European software solutions. So how do we build commercially sound companies based on Matrix? This talk will focus on real-world use cases, showcase features built for public-sector customers, explore viable business models, and share hard-earned lessons from bringing Matrix to market.

With Beyond Instant Messaging: Matrix in the Public Sector last year, we presented FITKO and the German Federal Ministry of the Interior joining efforts to pilot a Matrix-based next-generation communication infrastructure for digital government services, with the goal to showcase end-to-end encryption, great usability and machine-readable communication between citizens and public authorities.

Lets take another look at the project, what we have done since and what else there is to come for reaching the German Government via Matrix

Open Source has never been easy, but doing Open Source in the Matrix ecosystem poses a unique set of challenges. Add the pressure of sustaining a company on top of that, and you quickly find yourself in uncharted, and often uncomfortable, territory. This talk reflects on the reality of maintaining open source projects in the Matrix universe, especially from the perspective of a business. It dives into the tension between openness and exploitation, when others take your work without contributing anything in return, undermining sustainability and motivation.

Through real-world experiences and hard-learned lessons, this session will outline the structural and cultural issues that make it harder for corporate contributors to survive in the ecosystem. We'll look at why fair contribution is hard to enforce, how "Trittbrettfahrer" (free riders) hurt long-term progress, and what we as a community - maintainers, companies, and individuals - can do to shift the dynamic. Whether it's licensing strategies, community governance, or pushing for upstream responsibility, this talk will explore the imperfect but necessary mechanisms we need to keep Matrix open, but not exploitable.

The goal isn't to complain, but to open up a grounded and honest discussion about sustainability, fairness, and the future of open collaboration in Matrix.

A whistle stop tour of Element’s progress over the last year! Highlights include Element Server Suite Community, the latest on Element X, Spaces, Threads and Element Call. There’s also Element Server Suite Pro, Synapse Pro and the launch of Element Pro; the Element app specifically for the workplace!

• what the GB
• reviewing the last 12 months and outputs
• showing some of the different processes like establishing WGs, what cttes are, interactions with the fdn
• take some questions

Element X is coming to web and desktop! What does that mean? We’re going to make the apps simple, familiar, reliable and fast! Come learn more about the vision we have put together and all the progress we have made so far!

Access control is the core of any system's security, but usually provided by a single, centralized server. However, access control in a Matrix room is decentralized: every participating server independently decides who is authorized to send and receive which events, without consulting any other server. To the surprise of many, these decisions are still eventually consistent even if all but one server is malicious, but seeing why requires a new way of thinking about access control. I will explain the necessary design patterns from decentralized systems science, and show how they can be weaved together for a practical explanation of what Matrix is, and why Matrix can reach its astonishing levels of security and resilience.

Presentation of the Luxembourg efforts to establish a sovereign instant messaging ecosystem for the public and private sector for Luxembourg.

More details to follow.

Matrix was built to become the open communication of the web and serve everyone. But, as the Internet and email did, its network effect started with governments. Today, and as proven by the audience in the room, most European governments and several others are either using it or looking at implementing it for their communications. This talk will tell the story of how we got there and why.

In this talk we will provide insights on the new Element Server Suite (ESS) editions which provide an official way to deploy Matrix stacks.

ESS is available in three editions
- ESS Community - the free Matrix distribution from Element for small-/mid-scale, non-commercial community use cases
- ESS Pro - the commercial Matrix distribution from Element for professional use
- ESS TI-M - a special version of ESS Pro focused on the requirements of TI-Messenger Pro and ePA

We will dive deep into each edition, explain how they're meant to be used, shed light on the components they include and discuss which use cases they are tailored to.

The federation protocol is how Matrix homeservers communicate between each other. In private federations this isn't particularly challenging as the network is trusted but in the public federation this isn't true. This talk dives into what protocol improvements are in the works to make the public federation more secure against Byzantine actors, particularly against "state resets": an unintended rollback of room state. We'll explore why this problem is hard, what some of the failure modes are, and how we are working on addressing them.

Are we OIDC yet ? YES ! We are !

OpenID Connect evolved as the one and only identity standard in the modern web. With MSC3861, the [matrix] ecosystem is finally moving to OIDC as the authentication standard amongst clients and homeservers.

Out of curiosity, I started implementing a native OIDC implementation from scratch : no OAuth 2.0 library, no Ruma ; just the [matrix] Dart SDK, an HTTP client and the MSC in front of me. This talk will be about the lessons learned.

We successfully migrated Matrix.org to use MAS in April 2025. In this session, we'll cover what was particularly challenging about this migration that necessitated such a high level of fine engineering.

In the span of just 20 minutes, we moved over 65 million sessions and 110 million accounts to the Matrix Authentication Service. We'd like to share some of the details of this migration, what we learned from it, and how you can now benefit from the new, robust set of tools designed to help you migrate your own deployment.

The Invisible Crypto initiative intends to make Matrix easier to use by ensuring that encrypted messaging is secure by default, and the user is not bothered by irrelevant information.

In this talk we will give a status update, hopefully explaining why crypto needed to become slightly more visible on the journey towards making it disappear.

We'll go into some detail about what we've done (and why some of it makes things a little more noisy) and what we plan to do to really get there.

As EU member states (co-)develop sovereign workspace solutions for the public sector, the need for seamless communication between these platforms becomes increasingly important. France, Germany, and the Netherlands are among the countries working on such solutions together, with the goal of facilitating cross-border collaboration and data exchange while maintaining security and sovereignty. In collaboration with our French and Dutch partners, we at ZenDiS are developing a framework to enable communication between our openDesk office and collaboration suite and its international equivalents. Our effort aims to facilitate cross-border information sharing and promote a more integrated European digital landscape.

This talk will present the high-level components of the Rust SDK, recent advances and feature improvements that happened over the last year, and how it can be used to form a complete, fast and robust Matrix client. It will also present two recent use cases of this SDK: one internal TUI client created for debugging purposes, and a proof-of-concept for a possible future ElementX Web!

Being able to read the conversation in a room before you joined is a critical feature for some usecases, but end-to-end encryption makes it tricky to implement.

In this technically-focussed talk, we'll cover the challenges behind implementing "history sharing", why previous attempts in this area failed, and how we solved those problems with minimal impact on the security or efficiency of the protocol.

The French government has deployed a private Matrix federation for French civil servants called Tchap.

Currently this federation has about 300 000 monthly active users and its usage is growing constantly.

Today our federation is closed and we would like to be able to connect with other public French Matrix nodes (local authorities for instance), and also other European countries.

We should implement measures to ensure that the federation remains resilient against potential attacks, both technical (e.g., DDoS, data interception) and organizational (e.g., unauthorized access, insider threats) :
- How can we restrict the servers we wish to communicate with? How can we be sure that we are actually communicating with them? Since TLS can be vulnerable to man-in-the-middle attacks by state actors, we can't rely on it entirely.
- How can we trust the identities of users from external deployments that we don’t control?
- How can we limit the interactions that external users can have with users from our federation?

We spent a lot of time thinking about this and now have a plan that looks legit, and that we are currently implementing. I'm sure you want to know more about it, right?

In this talk, we will share the approach we’ve taken to address these challenges and we will present the architecture we designed.

Secure communication leveraging the Matrix protocol for UNICC and its partners

In this talk, we will share the newest improvements to MatrixRTC. We'll focus on how the security and encryption architecture has evolved to provide robust, private communications for Matrix users. Additionally, we will show how to integrate Element Call into clients using the Rust or JS-SDK in a matter of minutes. Whether you're building a custom Matrix client or want to know what makes MatrixRTC such a great solution for secure communication, you'll walk away with practical knowledge to bring encrypted calling capabilities to your users and an in-depth understanding about the key distribution for real- time (MatrixRTC) sessions.

We will provide you with the latest updates on Element X mobile apps, as well the plan to sunset our classic Element apps. This includes both the current state, as well as a look into what to expect during the next couple of months and details about specific features like threads and spaces that many people are looking forward to on Element X. In the second part we’ll cover the intent and purpose behind the Element Pro apps - who are these for and why, and as part of it, look into how we’re allowing our customers to publish self-branded apps for a complete sovereign messaging solution.

MLS and Matrix don't mix well. But why is that and what can we do about it?

Since I got to touch that area a bit, I'll try to give some answers, but don't expect solutions.

We will be looking how MLS and Matrix work internally, how a tree is a DAG but a DAG not a tree and maybe we will have some glorious idea or get frustrated. No promises!

Why is having large encrypted group calls difficult? How do other providers solve this? The future? Demos!

-

Most modern software applications give total trust to the service provider. End-to-end encrypted (E2EE) services are different: the service provider is a gateway, and the real trust is with other people.

This is unfamiliar, and can make using E2EE confusing. When you add in federation (meaning lots of different service providers) and a diverse set of client apps, trying to make Matrix's encryption understandable is tricky.

It would help to have a shared set of words and definitions. In this talk I describe MSC4161, which attempts to establish a shared vocabulary, and then my own thoughts about some metaphors we can use to make these ideas easier to grasp.

Trixnity is rapidly emerging as a powerful, flexible, and fully asynchronous SDK for building Matrix applications using Kotlin Multiplatform. What many don't realize: Trixnity is already in widespread use - potentially powering apps usable by over 50 million people. It’s embedded in multiple Matrix-based messengers, though you’d only know it by digging into app license disclosures. This talk shines a light on Trixnity’s hidden but significant role in the Matrix ecosystem and why more developers should pay attention. This session also presents the current state of Trixnity in 2025, highlighting key milestones, recent developments, and its growing adoption in real-world applications.

NATO organised a TaskForce-X Baltics event where we very quickly contracted, deployed and integrated telemetry and video streams from uncrewed platforms. This required a lot of coordination and this was done through our on-prem Matrix capability. I would like to share my experience by using Matrix to support this very demanding operational project.

fairkom has developed a [matrix]-based school messenger for the Department of Education of the German state of Rhineland-Palatinate to serve up to half a million users. Schulchat RLP has one code base for all platforms and is available as app on Apple and Google Play Stores.

What makes this solution unique is the deep integration of the identity and user management system from the "Bildungsportal RLP", ensuring seamless use for teachers, students, and even parents - from primary to vocational schools.

In this talk I will present my journey in developing a decentralized and secure communication platform for a university with thousands students and faculty members. Using Matrix and Element as foundation I tailored the solution to meet academic needs, ensure data privacy and integrate with some systems, bots, widgets etc.

The session will cover:
- Why Matrix was chosen over other platforms.
- Technical stack and deployment model.
- Customization of Element and federation decisions.
- Challenges (including authentication, onboarding, moderation and compliance).
- Real-world impact and feedback.
- Future plans including bridging, widgets and improvements.

This case study shows how Matrix can empower large academic communities and help other institutions explore privacy-respecting and scalable alternatives to traditional messaging platforms.

By the way, it is real story. :)

Tammy is a multiplatform Matrix Messenger designed to be redefined by you. Want a different room list layout? Need a messaging interface tailored to a specific use case? Tammy’s extensible architecture makes that not only possible - but easy. In this talk, we’ll showcase how Tammy empowers developers to create radically customized Matrix experiences through its extension system.

We’ll walk you through how we’re using Tammy to build Timmy, a TI-Messenger variant tailored for a very specific user group, with a completely different look and feel - all without forking or rewriting the core client.

Expect a live demo, some under-the-hood insights, and a glimpse into the roadmap: spaces, audio/video, Matrix 2.0 and more. Whether you want a more focused UI, a minimalist mobile mode, or something wildly experimental, Tammy gives you the tools to build it.

Most of the discussions around privacy laws have been focused on the protection of data and condition of processing. But some others rights are starting to be litigated more widley and will soon play a bigger role for IT systems managers. This talk will focus on the GDPR article 16 (right to rectification), and how the current Matrix spec is inadequate for servers operators aiming to let people change their username, since MXID can't be changed (as of this proposal writing in June 2025).

Based on the ongoing work done by the Fedora community on the Fedora Username Change project, on recent legal cases in Europe, we will see why the adoption of MSC 2787 (Portable identites) should be more than a nice to have, and how it intersect with questions of privacy and anti-discrimination. The talk will also touch on the topic of SSO configuration and downstream consumers best practice to deal with such changes.

What is it like to test several Matrix clients every day?
It's about different levels of test automation, but also about manual testing and general ideas for testing in this complex and diverse environment.

This talk will introduce the Helen Nissenbaum's theory of Contextual Integrity as a framework for understanding privacy in messaging platforms. Contextual Integrity views privacy not as keeping information secret, but as making sure information flows in ways that match people’s expectations in a given context, or in other words, what feels appropriate to share, with whom, and for what purpose. For example, if Alice shares her live location with Bob through a messaging app, she likely expects the app to use her location only to deliver it to Bob. But if the app also uses her location to target ads, she may feel that her privacy was breached. The problem isn’t that the location was shared, but that it was shared in a way that didn’t match the context or her understanding of how the information would be used.
I will explain the theoretical framework with examples of how it can be adapted to identify and explain privacy expectations of particular messaging features, and discuss how it can be applied to interoperable messaging to identify potential privacy concerns.

At Oodrive, our mission is to offer a secure and sovereign solution to manage our partners' most sensitive data.
Building on this foundation, we are developing a secure collaboration platform that fully aligns with these values.

Collaboration cannot happen without communication, therefore we decided to integrate a secure chat in our product. We chose the Matrix protocol to achieve that goal.
Now that a first version is out and available to our partners, we want to share with the community how we integrated matrix in our product, and the challenges we overcame.
Namely :
- How we provision user accounts in our matrix instance.
- How users authenticate transparently in the chat.
- Make a demonstration to illustrate the seamless integration

Policy servers (MSC4284) are a new way of providing communities with an additional layer of protection against spam and other unwelcome content. In this talk we'll cover what policy servers are, how they work, and how to set one up for your community on Matrix.

NeoBoard is an open source real-time collaborative whiteboard built on the Matrix protocol. It functions both as a widget within chat-focused Matrix clients like Element Web, and as a standalone web app that acts as a lightweight, whiteboard-centric Matrix client

In this talk, we’ll share how we migrated NeoBoard’s real-time collaboration feature from a peer-to-peer WebRTC implementation to MatrixRTC with a LiveKit backend, a shift that was key to scaling to hundreds of concurrent users. We’ll cover the challenges we faced, the lessons we learned, and the architectural decisions that made the transition smooth. We’ll also touch on what’s still missing and what’s next for both NeoBoard and MatrixRTC.

Join us for an introduction to the Element Server Suite Community, the simplest way to deploy a Kubernetes-based Matrix 2.0-ready stack, maintained by Element.

This workshop will deploy all the components of the suite: a Synapse homeserver with Matrix Authentication Service enabled, a Matrix RTC backend for calls, and an Element web client.

You'll be able to try it on your local laptop using your Docker daemon, or deploy it on a virtual machine with a single-node Kubernetes setup.

Whether you're new to Kubernetes and Matrix or looking to expand your server capabilities, this session will give you the foundation to get started and experience the latest Matrix features on your own machine.

Matrix has become a key enabler of secure, sovereign communication. But the moment it connects to external chat platforms like WhatsApp, it is violating the data privacy characteristics that made it attractive in the first place.

Traditional bridges expose user metadata - who talked to whom, when, and from where - to foreign-controlled services. Polychat proposes a new approach. Rather than mapping Matrix users directly to external accounts, it acts as a depersonalized relay - external services only ever "see" the Polychat bot. Originally created to make cross-platform chat intuitive for non-technical users, Polychat’s architecture has emerged as a surprisingly elegant way to retain metadata.

As the founder of the project and a user experience designer by background, I will share how our design choices inadvertently solved regulatory challenges, and why the Matrix ecosystem - especially public sector leaders - should be interested in the development of the Polychat idea.

Messaging platforms offer to protect user privacy via a variety of features, such as disappearing messages, password-protected chats, and end-to-end encryption (E2EE), which primarily protect message contents. Beyond such features, "untraceable communication" tools for instant messaging protect users from network attackers observing transport layer metadata, which can reveal who communicates with whom, when, and how often. However, unlike E2EE, the effectiveness of these tools depends on large anonymity sets, making widespread user adoption critical. This talk presents a research study with 189 users of messaging apps about their perceptions of "untraceability" as a concept, as well as their opinions on the widespread availability of tools for untraceability. The study explores their perceptions of "untraceability'' from a broad conceptual standpoint; rather than focusing on a particular tool or implementation, we analyze how users reason about what features should be incorporated by two fictitious messaging platforms, Texty and Chatty, to prevent third parties from "knowing who communicates with whom". The results point to a critical gap between how users and privacy experts understand untraceability, as well as tensions between users that see untraceability as a protection to individual privacy and users that see it as a threat to online safety and criminal accountability. Beyond untraceability, I discuss how this research is relevant to the design of messaging platforms that promote privacy as a central value.

This workshop is an "interactive talk" with an introduction by the host but the wish for attendees to also present their ideas about [matrix] bridges, bots & other integrations.

The Cyber Resilience Act is a new European regulation that has the main goal to increase European cyber security and resilience, through accountability. A lot has been said about the impacts of the CRA on open source, in particular towards non-profit foundations, but what about organisations - such as Element - that operate complex licensing models with a mix of monetised and non-monetised products?

In this talk we endeavour to shine a light on our thinking regarding CRA compliance for our products, as well as implications for the wider ecosystem of vendors and communities building on Matrix. We also introduce our roadmap of communications around the CRA, aimed at those using and building on top of our products.

See you next year!