Notices by Element (element@mastodon.matrix.org)

The latest Signal and WhatsApp breaches targeting German and Dutch government officials prove that consumer apps have no place in government.

❌ As European governments pursue digitally sovereign strategies, they should take the next step: Ban the use of consumer apps like Signal and WhatsApp for government-related conversations.

Secure government communications need infrastructure designed for the public sector - not repurposed consumer tools.

https://element.io/blog/latest-signal-and-whatsapp-breaches-show-that-consumer-apps-have-no-place-in-government/

@aral This is not the case. See https://element.io/en/legal/ethics for the public ethics policy of who we sell to.

🔐 From April 2026, only verified devices can send or receive end-to-end encrypted messages on Element.

This further ensures you can trust every message and stay protected from potential malicious activity, following the Matrix spec update announced at #MatrixConf2025.

Prepare by reading the actions required! https://element.io/blog/verifying-your-devices-is-becoming-mandatory-2/

📣 OverwHelmingly exciting news from The Matrix Conference!

Introducing the new Helm-based Element Server Suite (ESS) - our family of products designed as an “out-of-the-box” way to deploy, host and maintain a Matrix-based system.

It comes in three editions:
🌐 ESS Community
🔹 ESS Pro
🇩🇪 ESS TI-Messenger

ESS users can now also enjoy Element Admin; the new interface that makes managing users, rooms and compliance requirements straightforward.

Read all the details: https://element.io/blog/welcome-to-the-all-new-element-server-suite-family-of-helm-charts/

@ntnsndr @matrix The gap between EXA and EA should be tiny - just spaces and threads, both of which are now in beta. The comparison table is https://docs.google.com/spreadsheets/d/17_j_HAPZEopqDAbKKsawz3YwdhZLmQHXl_CrbTNlH9Q. Why can’t your server support it, ooi?

Element users on the default http://matrix.org homeserver are currently impacted by a serious database outage (https://mastodon.matrix.org/@matrix/115136245785561439)which will take at least 12 hours to recover - many apologies to everyone impacted. Users on their own deployments are of course unaffected.

Apple withdrawing ADP from its UK iCloud service was inevitable, and is a serious wake up call for the UK government.

While the UK government may have had good intentions, trying to undermine E2EE has backfired catastrophically.

No way Apple would capitulate and sabotage the privacy of its service globally.

As 70 years of geopolitical stability fractures, the UK is weakening the nation’s cyber defences through its flawed obsession with blanket surveillance.

https://www.independent.co.uk/news/uk/politics/apple-government-cybersecurity-data-protection-sky-news-b2702490.html

We've signed the open letter to the UK Home Secretary asking for withdrawal of the technical capability notice issued to Apple under the IPA.

We are once again asking the UK government to listen to the experts who continuously explain that there are no safe backdoors into encryption. End-to-end encryption protects fundamental rights and national security, and should not be undermined.

You can add your voice by signing this letter before the 20th of February.

https://www.globalencryption.org/2025/02/joint-letter-on-the-uk-governments-use-of-investigatory-powers-act-to-attack-end-to-end-encryption/

@boud @nemobis Interesting. @matrix tried to pitch for EDIC funding about a year ago, but it went nowhere - it looks EDIC is focused on funnelling money from EU->Govts rather than to projects. Meanwhile €5M/y is too big for NGI. Hadn't come across ERICs; will check. If we'd had baseline funding for Synapse dev we wouldn't be in this position.

@nemobis yup, and be vendor-locked to SpaceX in doing so: https://www.bloomberg.com/news/articles/2025-01-05/italy-plans-1-5-billion-spacex-telecom-security-services-deal.

Another solution here could be if governments decided to actually support FOSS by funding its maintenance & dev by subscribing to the paid product, rather than freeriding. ZenDiS in Germany is a great example of this. But unfortunately, they're almost unique in this, hence Synapse Pro.

@nemobis the funding gap we're try to plug for Synapse and associated Matrix dev is very roughly around $5M/y. So over 5 years, that'd be $25M.

🚨Nation-scale Matrix deployments will fail if built on the community version of Synapse.

The community version of Synapse is not designed or intended for use by commercial Matrix hosting providers to serve huge nation-scale deployments. Just as a suspension bridge has a weight limit and will collapse if you exceed it - the same goes for community Synapse.

Deployments supporting millions of users need Synapse Pro.

https://element.io/blog/scaling-to-millions-of-users-requires-synapse-pro/

@troed We'd also like everything to be open source. But the reality is that even with AGPL, we're still stuck in the pattern that enormous deployments use FOSS Synapse without contributing to its dev/maintenance costs.

Every time an opportunity that we're counting on to fund the team turns around and says "oh, FOSS Synapse is good enough, and we can use it for free, bye" we find ourselves needing to provide a very concrete reason not to freeride - hence Synapse Pro.

In banning WhatsApp, the Scottish government has a wonderful opportunity to introduce secure communications to transform trust, ways of working and productivity across the entire public sector.

https://element.io/blog/scotlands-brave-new-world-of-end-to-end-encrypted-workplace-messaging/

💥 Boom! Synapse Pro rewrites the economics of nation-scale Matrix deployments with high density multi-tenancy, high availability and elastic horizontal scaling.

Synapse Pro is the most cost-efficient Matrix backend available for large-scale use and saves nationwide deployments millions.

Available under a commercial license, Synapse Pro will also help fund and accelerate the continued open source development of Synapse for the benefit of all of Matrix.

https://element.io/blog/synapse-pro-slashes-costs-for-running-nation-scale-matrix-deployments/

Watch Försäkringskassan (Sweden's Social Insurance Agency) present at #MatrixConf on using Element as part of a sovereign and secure collaboration service (called SAFOS) for parts of Försäkringskassan and several other government agencies.

https://youtu.be/XLt70u0btsM

Security release day! Element Web v1.11.81 has landed on Element Web, Element Desktop, and Docker Hub. This version includes a security fix for a high severity vulnerability. Please upgrade! 🧵

For more information see https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x and https://github.com/element-hq/element-desktop/security/advisories/GHSA-963w-49j9-gxj6

NOTE - The Matrix.org Foundation is disclosing two vulnerabilities in matrix-js-sdk and matrix-react-sdk today. These have been PATCHED ALREADY, since Element Web and Desktop version 1.11.70.

📢 After moving to AGPL for Synapse, we’re now finalising licence changes for related projects. We’re also switching the apps to (A)GPL.

The intention is to ensure system integrators and other proprietary forks of our software support its dev.

https://element.io/blog/sustainable-licensing-at-element-with-agpl/

See the blog for full details!