Getting Started
Account Creation
Automatic registration is currently disabled to combat spam and not deal with account verification. If you want an account on sizecraft.net, simply DM @yagokoro on Twitter or send me an email at brainofthemoon@fastmail.com with your request which includes the username you'd like to have (for example: @example-account:sizecraft.net). Once the account is created I will respond back with your username and temporary password.
If you don't want to wait for yagokoro to manually create your account, Sizecraft is currently does not block federation requests from any other servers, so, if you already have a matrix.org account you can freely use it should you prefer.
Client
Next, it is highly recommended to download a desktop client, though, a web-only interface is available. Element is the standard and most full featured client. There are substitutes, some of which are just as full-featured, but this guide will be written for someone using Element.
Logging In
So, you have an account and want to log in. When starting Element for the first time you are greeted to this screen.
If you wanted to create an account with matrix.org, this would be the time to do so. If you already have an account simply select "Sign In". Now you are presented with the following screen.
If you just try and enter your username here it will fail. This is because your homeserver is set to matrix.org. Simply click "Edit" and change the value to https://sizecraft.net. This value needs to be exact with the https:// and without www or any other prefix.
With the homeserver changed, you're ready to log in and get going!
Configuring Element
Element is quite similar to Discord, however, there are a few important differences to understand due to the nature of a federated service and end to end encryption.
Cross-signing
Firstly, Direct Messages are encrypted by default. All encrypted messages are stored securely in the database in a way that even if the system administrator manually looks at the data they cannot read the messages. Even your client cannot read the messages if you log into a new device. The solution to this is to set up Cross-signing. In brief, Cross-signing allows messages to be signed by multiple devices. To enable Cross-Signing, simply navigate to Settings > Security & Privacy and then scroll down to the Cross-signing section and ensure that the checkbox is set.
Key Backup
Because encrypted chats require an existing session to share keys with a new login, what do you do if you lose all your sessions or no longer have access to them? This is what the key backup is for. Element will create a secure backup copy of all of your sessions' encryption keys in the server. This backup will be protected by a password which will be required to access a session's keys. This password cannot be reset or change. If you lose your password you will be unable to access your Key Backup.
To setup Element's Key Backup, go to Settings > Security & Privacy and then scroll down to the Secure Backup section and follow the prompts to configure it.
Sessions
Sessions are an important concept to understand when using Matrix. In short, a session is a login to an account. For example, if your account has a login on Element Desktop and Element Android then you have two sessions. A list of all active sessions can be found under Settings > Security & Privacy.
Verified vs Unverified Sessions
There are two types of sessions: verified and unverified. A verified session is a way of marking a session you know is secure and not compromised. An unverified session will not receive encryption keys for encrypted rooms and will be unable to see any messages as a result. The best way to visualize this is to describe the type of attack it is designed to prevent.
Suppose Alice uses the same username and password for her Matrix account as her Netflix account. Alice shares her account information to Bob. Bob wants to see if he can get into Alice's account so he tries her credentials and is able to get in. However, Bob's session on Alice's account is unverified and Alice will be notified that a new session has been created. Alice will be asked to verify the session to confirm that it is her. Alice can then reject the session to force Bob's session to be logged out and she knows to change her password. Additionally, none of Alice's encrypted chats were leaked since the compromised session would not have shared the required keys for Bob to read Alice's chat history.
Other User's Sessions
Matrix also cares about other user's sessions, and you will be asked to verify using a similar procedure to verifying a new session on your own account. Once again, the best way to conceptualize the process is to go through the a kind of attack it prevents.
Suppose Alice meets eve at a convention and they exchange emails and phone numbers. Bob overhears this and designs an attack to gain access to Alice's account. He knows that Alice and Eve have exchanged emails, but that Eve doesn't have a Matrix account. Bob creates a new Matrix account using a username he knows Eve uses to impersonate her and sends Alice a message request on Element, which Alice accepts. Alice now thinks that she's talking to Eve, though all of "Eve's" messages appear with a red shield next to them in encrypted rooms. The shield indicates that the message is coming from an unverified session. Being dutiful about her security, Alice begins to verify the session, which involves comparing emoji between herself and Eve. Alice calls Eve to see if her emoji match, and Eve lets her know that she doesn't even have a Matrix account. Because of this, Alice now knows that the account she has added on Matrix is not Eve.
In short, verifying other users' sessions is a way to make sure that the account you added on Matrix is the same person you think it is. It is optional to do so, but never a bad idea especially if you plan to discuss sensitive information in an encrypted room.