I wrote a proof of concept that allows the user to sign up to a service using their matrix ID e.g @user:server.test. The user then receives an activation link in an encrypted room from the service. It worked quite easily and within 2 days of fumbling around with the matrix SDK in python and FastAPI, here we are.
This has been in my head for a while and I just wanted to see if it’s possible (the proof is in the pudding code). Emails are insecure and national services are starting to implement communication services on top of matrix. It’s a not inconceivable that citizens might get a government issued Matrix account and communicate safely with the government over a secure protocol. Why not allow other services to do the same?
Imagine if instead of providing your email address for signing up to services you used matrix instead. Your host wouldn’t be able to read your messages and it could replace things like 2FA codes over SMS, activation links in emails, or health documents from your doctor’s CMS in your email inbox.
Should there be enough time, I’d like to try and contribute this login method to forgejo (the software behind codeberg that’s hosting this repository), but let’s see. First it would take learning go 😅
If there’s one constant about Matrix, it is to perpetually reinvent the wheel because it wasn’t invented there in the first place.
I thought it was about reinventing the wheel in a more complicated way that needs more resources and is slower. ¯_(ツ)_/¯
First Problem is the Server nearly everyone uses is dritten in Python. There is no real way to migrate between implementations. That at least could be fixed.
Second Problem is the massive storage space usage. That one is by design and can’t be fixed.
For one thing, I’m glad people finally come to such conclusions. Matrix has been a huge waste, and the tens of millions of investment would have done wonders if poured over better, more mature, healthier and more diverse protocols.