Matrix Conference 2024

Authenticated media & how to ship spec features
2024-09-21 , LAB 4

All images, avatars, videos, and files sent over Matrix are represented as "media" for other servers to download, cache, and serve to their users. A design flaw in Matrix meant that this media was unauthenticated, and able to be downloaded by anyone. Fixing this requires a few moving pieces, cross-team dependencies, and a lot of spec work for the ecosystem to upgrade. This talk walks through the spec process to demonstrate its ability to facilitate large and small features going to production quickly, and covers the specifics of Authenticated Media (MSC3916) along the way.


Authenticated Media (MSC3916) is one of those changes which affects the entire ecosystem, so how do you roll it out safely? Are there things which can be done to reduce the impact? How can the MSC process help get the changes out quickly? These are all the sorts of questions we'll be exploring in this talk by walking through the rollout and implementation plans, and reviewing the MSC process to see how it can help get the feature out in the wild quickly.

See also:

Pronouns: he/him

Travis is the Foundation's Director of Standards Development, Trust & Safety (T&S) technical lead, Spec Core Team (SCT) member, Senior Software Developer at Element, and Owner/Operator of t2bot.io in addition to being a hobbyist Matrix developer in his spare time.

Travis was first introduced to Matrix through his local makerspace in 2016, and has been contributing ever since. In 2018 Travis was hired by Element to facilitate the release of Matrix 1.0, work on Element Web (then Riot), and develop early moderation tooling for the Matrix ecosystem. Travis' role today is dedicated to the Foundation's Trust & Safety team with a subfocus in protocol interoperability through his Standards Development hat.

This speaker also appears in: