Chatting With Uncle Jim

Psst Over Here

The words we use and the topics we discuss are increasingly scrutinized by those wishing to curtail freedom of expression online. In the "real world" we have the ability to congregate in backrooms, free from prying eyes and flies on the wall. We can tell one another secrets, we can discuss "taboo" ideas without fear of retribution or being "cancelled" at the slightest misstep. When we go online, however, suddenly the freedom to express ourselves meets resistance in the form of vague Terms of Service that allow for the silencing of opinions or ideas deemed "harmful".

The definition of harmful or "inciteful" speech is incredibly vague and unspecific purposefully, and is subject to change quite literally overnight and without warning.

They use terms like "...or otherwise offensive" to cast the widest possible net with which to snag dissent, and they follow the whims of internet trolls which spend their days scouring Twitter for old tweets or videos to be used in today's social climate to destroy reputations and--most importantly--to cause financial damage. Sponsors have dropped podcast advertisements and issued apologies after newly created Twitter accounts with less than 10 followers demanded it be done.

What's more, this heightened movement is inherently cannibalistic, and will inevitably begin to eat its own members. There are only so many "bad takes" on the other side, and so these types of movements can't help but hurt themselves as one tries to leapfrog the others in their ascension. You may think they won't come for you; after all, you don't post provocative or controversial statements online, right? Unfortunately seeking to be neutral in a social war is simply not an option. Taking no action whatsoever is the worst possible move to be made, as both "sides" end up viewing your stance as weak and ineffectual, thus not worthy of respect.

Legally Speaking

American law protects virtually all kinds of speech, legally speaking. There are no such things as "hate speech laws" in the United States, as such speech has been ruled many times to fall under the heading of the First Amendment right guaranteeing free speech. Many other countries around the world are not nearly as lucky. However, even having constitutionally protected free speech does not stop censorship by big tech platforms, nor does it do anything for online "cancel mobs" roaming Twitter and other platforms looking for any chance they can find to take offense. Regardless of your feelings about former President Donald Trump, the fact that big tech platforms were able to collaborate in virtually wiping him off social media entirely should make the hairs on the back of your neck stand up.

If a duly elected President has no recourse in such a scenario, what of you, the average Joe? We have recently seen the deplatforming of an entire social media application, including being removed from Amazon Web Services hosting. The application, Parler, was additionally removed from Apple's App Store and Google's Play Store, totally wiping it from the internet in a matter of hours. The same thing could be done for any of these social media sites hosted by big tech companies such as Facebook or Twitter, though it is doubtful the largest of these players would be removed. They are too busy scraping all of your personal data points and interests from their sites in order to better serve you advertisements, or even worse, to better keep tabs on any sort of dissenting movements toward individual liberty and freedom.

So what is to be done? Just give up going on social media altogether? Or is it better to go on social media and post the black square? Should you repeat a slogan you don't agree with in an effort to fly under the radar? What good is so-called freedom of speech if there is no freedom and socially policed speech? Luckily there are alternatives, and today we will talk about one way you, Uncle Jim, can protect yourself and those you wish to associate with using a self-hosted chat platform. Ideas can be thought through, debates can be had, all the while being done in an environment where there is no need to self-censor for fear of violating the impossibly fluid standards of speech modern big tech platforms purport to uphold.

Enter the Matrix

Matrix is described as a "decentralized conversation store", rather than a messaging protocol. There is no single point of control or failure in a Matrix conversation which spans multiple servers, and as such no central "God mode" switch that can be flipped in order to remove all users and content in one fail swoop. Each user of Matrix has the ability to host and run their own server, giving them self-sovereignty and control over their ability to converse without fear of deplatforming.

Furthermore, Matrix offers the ability to use End-to-End Encryption (E2EE) for chat rooms on your homeserver. This added layer of security is paramount to protecting the ability to freely share ideas amongst one another, as curious outside parties are unable to peer inside for "wrongthink". There are tradeoffs with everything, so rooms created with E2EE mean each user's client must send the keys for decryption, and other features like bridging may not be available. It is important to understand that as the owner of your own server, it is your responsibility to understand what each feature means, rather than haphazardly throwing everything into each room because it "looks cool".

While Matrix is the name of the protocol, users actually interact using clients such as Element, which is available on all major platforms including mobile or web application. The most widely used homeserver implementation for the Matrix protocol is called Synapse, and is what you would actually install as a server administrator. This web may initially seem confusing, but fret not. It is easier than it may seem to spin up your very own homeserver and offer up public or private chat rooms for your friends and acquaintances. I am going to take you through the process of installing Synapse on a Virtual Private Server, or VPS, as using this technique instantly alleviates any concerns about IP address leaks or network configuration issues. Information on getting started with a VPS can be found here, but today I am going to switch it up a bit and go a different route than before.

One thing that remains the same is the need to own a domain name on which you will run the Matrix Synapse server. There are several domain registrars, and I am a fan of using Namecheap as they generally have affordable pricing, and it is very easy to purchase the domain of your choice using bitcoin and less-than-truthful personal information. This is helpful for maintaining your privacy overall, and Namecheap additionally offers domain privacy services to better protect you from unwanted snooping. Once you have obtained your domain name, go ahead and leave the page open as you will need to return in a bit for some DNS configuration.

Next, rather than using Namecheap for VPS hosting as was done in previous articles let's venture instead to Bitlaunch. Here you will be able to sign up using nothing more than an email address, thus keeping your privacy intact. Once inside, simply fund your account using bitcoin and you will have the ability to choose from four different VPS providers, each with their own tradeoffs and abilities. For our purposes here, it is best to choose a DigitalOcean server for one specific reason which I will mention later. Select DigitalOcean from the choices, and then you will be given the option of what image you would like to deploy. This guide will cover using either Debian 10 or Ubuntu 18.04 images, but if you would like to use CentOS or Ubuntu 20.04 you can follow slightly varied instructions in this guide. Let's choose Debian 10, and move to datacenter selection.

There are different options for datacenter location around the world, and I will leave it up to your best judgment where your server should reside. The pricing does not change for location, only for the size of the server deployment. The size of the server you need to deploy may vary depending on how many people you are planning to accommodate, as well as the size of other rooms you may join on Matrix, as the larger the rooms the more memory needed. For the vast majority of people, the smallest server size, which costs about $14 per month, will be plenty. But if you want to beef it up just a bit to be on the safe side, the next highest server size should suit you fine.

Next is configuring the way you will access the server using SSH, either by using SSH keys or a password. SSH keys are recommended here, but rather than get into key creation and all that jazz, it is fine to go with a strong password that you can generate easily now that you are running your own Bitwarden_RS server when you began the journey toward becoming Uncle Jim. Enter the password, 25-30 characters should do, and move on.

Lastly, it is time to choose a name for your new server, which brings us back around to the reason we chose DigitalOcean for the deployment. If you choose a DigitalOcean server on Bitlaunch, it will automatically have the reverse DNS configuration done for you, if you simply name your server the same thing as your purchased domain name. So enter your.domain in that form here, and select Launch Server.

Get Those Synapses Firing

After creation, you will be taken back to your home page and should see the server in its final stages of deployment. Once it is finished, you will see the IP address for your server, and the correct SSH command with which to access. The password will be the one you created moments ago. Open up a computer terminal, or believe it or not, this can even be done using Termux on an Android device. If you are on Windows, you may need to use a program like Putty. In your terminal window, first make sure you have OpenSSH installed. Start off by just typing ssh into your terminal and pressing enter. if you get a result that looks like this:
username@host:~$ ssh

usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]

username@host:~$
then SSH is already installed and ready to be used. If not, then run sudo apt update, followed by sudo apt install openssh-client to install the program. Press y when prompted, and you are ready to go.

Next enter the command to access your server as shown on the Bitlaunch homepage. It should look something like ssh root@111.111.11.111, replacing the 1's here with your actual IP address.

You should then see a prompt which appears something like this:
The authenticity of host 111.111.11.111 (111.111.11.111) can't be established. ECDSA key fingerprint is SHA256:9lyrpzo5Yo1EQAS2QeHy9xKceHFH8F8W6kp7EX2O3Ps. Are you sure you want to continue connecting (yes/no)?
You will need to type out the entire word yes and press enter. Afterward you should see this:
Warning: Permanently added '111.111.11.111' (ECDSA) to the list of known hosts.

Next you will be prompted for your root password, which you defined earlier. Type out the password here and press enter, at which point you should be presented with something like the following:
The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Apr 1 18:54:54 2021 from 111.111.11.111 root@domain:~#

You're in. Now begins the process of installing Synapse on your new VPS server. We will start off by installing prerequisites. Begin first with a simple command to make sure we are set to begin installing. apt-get update should do it. Next, enter these commands, pressing enter after each backward slash until all 3 are entered. Press enter once complete, then press y during installation.

apt-get install build-essential python3-dev libffi-dev \

python-pip python-setuptools sqlite3 \

libssl-dev python-virtualenv libjpeg-dev libxslt1-dev

Once done the next step is to create the directory where you will store Synapse data, as well as preparing a virtual environment. Enter the following commands one at a time:

mkdir -p ~/synapse

virtualenv -p python3 ~/synapse/env

source ~/synapse/env/bin/activate

Next check that the following packages are up to date with

pip install --upgrade pip virtualenv six packaging appdirs

and finally set up and install the Synapse server itself by entering the following commands one at a time:

pip install --upgrade setuptools

pip install matrix-synapse

If you run into problems you can try some troubleshooting tips here but if you follow the commands exactly you will most likely be fine.

Configuration

Before starting Synapse, you will need to generate a configuration file from your newly created virtual environment. Enter pip install -U matrix-synapse, followed by cd ~/synapse. Once that is done you should be in the ~/synapse virtual environment area, and it is time to enter some configurations. The following command will need to be entered, but use your actual domain name purchased earlier rather than the example provided. Keep in mind this domain cannot be changed later without recreating an entirely new server, so be sure the first time. Also mind the reverse slashes on the end of each line, as that keeps the command from executing until all variables are entered. The final config line will need to either be yes or no, which determines whether Synapse will report statistics. I generally default to no for any statistics reporting, and I am sure your server's users would appreciate the added privacy as well.

python -m synapse.app.homeserver \

--server-name example.com \

--config-path homeserver.yaml \

--generate-config \

--report-stats=yes|no

You should see this response when done:

A config file has been generated in homeserver.yaml for server name example.com. Please review this file and customise it to your needs.

Next up is enabling Transport Layer Security, or TLS. This is done using Let's Encrypt and Certbot to install an SSL certificate, activating HTTPS for your server. Since we are running a Debian 10 server, we first need to install Snap, then Certbot. The following commands should be entered one at a time:

apt-get install snapd -y

snap install core

snap refresh core

snap install --classic certbot

ln -s /snap/bin/certbot /usr/bin/certbot

Once done, next up is installing Nginx webserver for Certbot to use for validating the certificate. On Debian 10 that is done with apt-get install nginx. After running this command, you will need to jump back over to your domain registrar that we left logged in earlier. For me it is Namecheap. You will see the domain you purchased there, select the "Manage" button.

Once there, choose "Advanced DNS" from the menu.

Next, select "Add New Record".

Choose "A Record" from the drop down menu. In the "Host" section, enter the symbol @. Then, in the "IP Address" section, enter the IP address of your server in the form 111.111.11.111. Choose "Save All Changes", and you are done.

The next command will begin an interactive script. You will be asked to provide an email address, to agree to the Let's Encrypt Terms of Service, and whether you would like your email address to be shared with the Electronic Frontier Foundation (EFF). This information can be as accurate (or inaccurate) as you choose. Start this process by replacing the example domain with your own in this command:

certbot certonly --nginx -d example.com

Enter any email address you like, press enter again. Then enter y to agree to Let's Encrypt Terms of Service. Finally decide whether you want to accept an email from the EFF by entering y or n followed by the final enter.

Setting Your Rules

You are nearly ready to begin hosting your very own Uncle Jim Matrix chat, now it is time to set some of your own rules, amongst other things. You do that by beginning with the command nano homeserver.yaml. The first place you will be looking to configure will look like this:

One easy way to do this is by pressing Ctl+w, or control then w. That will bring up a text line asking what phrase you want to search for. Enter port: 8008 and press enter. The only editing you will need to do is to erase everything besides [127.0.0.1] from the line beginning with bind_addresses:. the final result should look like the image above, specifically this:
bind_addresses: ['127.0.0.1']

Next up is allowing your fellow travelers to register on your homeserver, if you so choose. As Uncle Jim I would imagine you want to enable this, so once again press Ctl+w and search for enable_registration. You should see the option #enable_registration: false. In order to enable this feature, you will need to delete the # from in front of enable_registration, then change false to true.

Next, press Ctl+w again, then enter the term allow_public_rooms_over_federation. You will see there an option that is commented out, it should look like this:
#allow_public_rooms_over_federation: true
All you need do is remove the # sign from the front of that line. This will allow other homeservers to query your server's rooms, helping with federation across the entire Matrix environment. If you would rather not be discoverable easily by other homeservers, simply disregard this command. Lastly, press Ctl+x, or Control then x, then y and enter to write, save, and exit.

One more file to edit before taking off, so next enter nano /etc/nginx/conf.d/matrix.conf and press enter. This will create a new file to enable the proxy with SSL termination. Next, you can copy/paste this into your file, or enter it all manually as it appears here, only replace the matrix.example.com area with your.domain each time.

For help with simple copy/paste:

server {
listen 80;
listen [::]:80;
server_name matrix.example.com;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
listen [::]:443 ssl;
server_name matrix.example.com;

ssl on;
ssl_certificate /etc/letsencrypt/live/matrix.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.example.com/privkey.pem;

location / {
    proxy_pass http://localhost:8008;
    proxy_set_header X-Forwarded-For $remote_addr;
}

}

server {
listen 8448 ssl default_server;
listen [::]:8448 ssl default_server;
server_name matrix.example.com;

ssl on;
ssl_certificate /etc/letsencrypt/live/matrix.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.example.com/privkey.pem;
location / {
    proxy_pass http://localhost:8008;
    proxy_set_header X-Forwarded-For $remote_addr;
}

}

Copy/paste the above, go back and replace matrix.example.com with your.domain, and press Ctl+x, then y and enter to write and save the file.

Next, you will need to restart and enable Nginx, which is done with the following commands, one at a time.
systemctl restart nginx
systemctl enable nginx

Registering and Logging In

We are almost there, stay with me. Only a few steps away from Uncle Jim's Matrix server going live, but you'll need to register yourself as the first admin user. First, enter the command synctl start to actually start Synapse. Next, you will begin an interactive user creation configuration, which is kicked off by the command:
register_new_matrix_user -c homeserver.yaml http://localhost:8008
Enter your desired username and password, re-enter password, then type yes to enable administration privileges for yourself.

That's it! It is over! You should now be able to log into your Matrix homeserver! Simply type exit and leave the terminal window.

Remember back to the beginning when we talked about Matrix and Synapse being the server configuration, and then clients such as Element being actually used to interact with the server? So if you haven't yet, download Element on desktop, F-droid, or use the web application.

We will go with the webapp for now. Choose "Sign In" and you should see that the default server for matrix.org is selected as your homeserver. You now have an Uncle Jim server spun up though, so choose the "Edit" button near the server name, then "Other Homeserver" option on the next screen.

Type in your domain name where it says "Other Homeserver" in the form https://your.domain, and it should reset you back to the sign in screen. Enter the username and password you just created, and select "Sign In".

To the left you will see the word "Rooms" with a + sign next to it. Click that + sign, and choose to "Create New Room". You will see a pop-up screen that will allow you to name your room, specify a topic, and choose whether this room will be publicly available for others to join, or private and so populated by invite only. Totally up to you. The final configuration will be for End-to-End Encryption to be enabled, and it is on by default. Again remember back to earlier and what exactly your goal is for this room before deciding whether to leave it on by default as it is, or to turn it off. If you turn the room into a public room, you will need to go in the room settings and enable E2EE later. If you leave it as private, E2EE will remain on by default unless you turn it off.

I would advise making more than one room, one with and one without E2EE before allowing others to join, that way you can get things up to snuff before exposing your chat to the world. Once the room is created, click on the name of the room at the top of the screen to bring up the settings. You can then choose "Security and Privacy" from there and enable E2EE, but bear in mind once turned on it cannot be turned off. Again I advise using the tools a bit yourself before opening it up to the world.

Finally, click near your username in the top left of the screen and you can go through the general homeserver settings, where you will surely enable dark mode because you are not a raving psychopath.

Speak Your Piece

This may seem like a rather involved process, but honestly it is cut and paste, fill in the blanks. I have followed this guide to install myself, and now have tweaked it a bit to enable anyone else to do the same after learning where there were slight changes needed to be made. This is the way, paying it forward and showing those interested around you that they--yes, even YOU--can do this as well. If you spin up a server for yourself and your fellow travelers, I can almost guarantee you it will inspire at least one or two of them to follow suit. It doesn't take long for this type of thing to start scaling out and becoming a real force for freedom.

I won't hold you any longer with my ramblings about freedom and the pursuit of individual liberty, especially since you have a new toy to figure out and configure to your preferences. So I leave you with this--with the amount of tools on the market today and the ease with which they can be used, anyone can become Uncle Jim, technically speaking. In reality though, not just anyone is cut out for this job. This is not something to be jumped into recklessly, nor is it to be treated as just some silly thing you decided to do. If you choose to step up and become Uncle Jim for those closest to you, understand that with your great power comes great responsibility. They will be counting on you to provide the services they depend on, and looking to you when they have an issue. You will have the final decision on what sort of speech is allowed on your Matrix homeserver, and also what is not.

This may sound like no issue at all, as I imagine many reading this may fancy themselves something of "free speech" advocates. Talk to me again the first time someone joins the server and begins immediately using racial slurs or making disparaging comments. These decisions may not turn out to be quite as easy as you theorize today. Now I certainly haven't come all this way just to frighten you off this mission, but I feel it is important to state these things so that you can give them their due time in your mind. In the end, the truth is someone has to step up and do these things. It might as well be you, if you have the strength and conviction to do so. Fence-sitting during a culture war only ends up with a pole being stuck in a very uncomfortable position. It cannot and will not be abided. The lines are being drawn all around us every day. Make your choice, and enter action with boldness. Today can be the day you take back some of your power in this digital world.