Time for me to make another tech rant...

There's a new IoT technology out there, called Matter. You may have heard about it.
It promised to make all your smart tech work together and not need the cloud or all these hubs.

Then it launched. Everyone still seems to ask you to use their own app anyway, you still need hubs in your home, it still uses the cloud, and you might be wondering what happened.

Well, I have bad news. It's fundamentally anti open-source, anti-freedom, and thoroughly taken over by big data already.
(Disclaimer: I write this from what I know of several years rabidly following what was available about the standard from before it was even published, which is thus from public information sources. Some of this information could have been itself wrong, and may since have been changed or deleted, but it's what I currently know. It's also heavily summarized with no references because this is, again, years worth of information and I have better things to do than write this in the first place or find my sources again after so long. I do recommend https://www.mattercouldbebetter.eu/ and https://staceyoniot.com/ as a starting point. Google also has a guide, though it hardly goes into what I consider full detail and is a bit confusing to navigate. You'll see what I mean by what it takes to get a self-built device registered there, though.)
Sections:

• It's anti open source
• It's anti freedom (a superset of the above)
• It's not local
• It's anti-privacy
• It won't even reduce the number of paperweights
• Matter Casting is best described as evil

Let's start with the "open source" bit. The source code is available... under a license that doesn't grant external IP rights. So, you can use the code but you have to license the technology too. Which requires you to play ball with the CSA (unless you're making a single one-off device and not selling it to anybody, and there are more issues there that I'll get to later). The CSA is the alliance/consortium/whatever behind Matter.

(Side note, which also makes me bitter: The CSA also now includes Haier, the company that recently threatened to sue someone who made an open source way to use their smart products. And now Haier is a member of CSA, possibly to implement Matter (well, it could be Zigbee) which allegedly performs the same task. You'll see why it's not at all the same soon...)

If you want to get your device approved by the CSA, you will need to sign on with them for either $7K or $20K a year. Then you need to go pay a test lab to check that your device works properly and pay another few grand to get the device actually certified. A prerequisite is also that you get it certified by the Wi-Fi, Thread, and/or Bluetooth alliances as well, which is at least as much money again in all likelihood. You're not doing this without a mature revenue stream and probably a lot of free cash.

The "fun" part is that you have to repeat at least some of this possibly as often as you make firmware updates. I'm not a lawyer and this stuff is incredibly hard to understand, but if you make updates to certain parts of the device's functionality, your approval isn't "valid" anymore and you have to basically tell the CSA what you changed and if you're lucky they'll grandfather it in from the previous firmware that was approved.
That is the optimistic version. If you change how you implement Matter at all you have to get the device fully re-tested and re-approved.
The former "easy" case appears to refer solely to changes in internal firmware that doesn't affect how it implements or responds to Matter commands, and it's still anything but. It also can take several weeks to get this completed, which makes it hard to release firmware in a timely manner and takes up a lot of developer time (again, hard for indie companies).

Once the software is approved, it's loaded onto the Matter device with a unique per-device cryptographic key. Surrounding this is a complex cryptosystem implementing something like our worst fears of secure boot. If your device doesn't have a valid key signed by the CSA, apps implementing Matter are encouraged not to let it work at all. It is mandatory for them to also say that your device may be "unsafe."
(Ironically, I'm fairly sure the actual secure boot is optional. But they can have literal secure boot too.)

This makes it fundamentally nearly impossible to run your own open firmware on a Matter device because the firmware has to be approved and then signed by the CSA for it to actually join the Matter ecosystem. Even if you build it yourself. Now, if you were to try to sell it, please keep in mind that it still wouldn't work, and then you'd also get sued.

You may be seeing the anti-freedom part already. It's heavily Tivo-ized, which is a term referring to when Tivo made its source code available but used secure boot so you could "look but not touch." If you tried to modify or run your own code, it'd simply refuse to work.
Case in point, if you try to use a self-developed device with an ecosystem or phone made by a well known search engine company, you have to get a developer account, register keys, and perform complex key setup steps using tools from the incredibly bloated "open source" Matter SDK. This makes it hard get working, and the registration is personalized (you can't sell a device this way, the customer has to do it) and "scary." It does technically help with security, but compared with many other secure and encrypted platforms, they've intentionally left it this way I suspect more to discourage people from not just buying an existing closed-source device.

(The SDK itself also downloads a ton of binaries from the Internet as part of its build process, so you can't easily run it offline, make an offline copy, or easily tell just what it's doing on your computer or to your new device. Is it even open source if you can't easily make it with fully open source tools and/or lobotomizing the build system to use local binaries/sources? But I digress.)

It gets worse, though. That seamless setup thing, which they did mostly get right? It's not an Android component (iOS is more obviously not open, either). It's actually part of Play Services, which is a closed-source dependency behind all Google-powered apps. It is provided under license to device manufacturers and updated in the background directly by Google. Play Services runs at a level higher than the actual device administrator and has near-root access to your device. In fact, that's how it sets up Matter devices without personally providing network credentials. You can't in fact access that information as an app developer, but Play Services runs at such a level that it has direct access to your network password and can send it to your new Matter device. Play Services will continue to update on its own even if your device manufacturer stopped providing OS updates, which is mostly why it was created in the first place.

(It's also this thing that is responsible for tattling if your device is rooted and making your banking apps not work, exfiltrating several megabytes of surveillance data per day, and running the DRM that lets apps say what you can do with your phone. Future Android versions won't even have the phone or messaging apps anymore, they'll get rolled into the closed source apps too. I don't think you can really call it a mobile OS anymore, not on its own.)

You can't, thus, talk to Matter devices from your phone without Play Services. We don't really know what it takes to install that (the license agreement itself is incredibly secret), but it's relatively clear that manufacturers are required to install a minimum load of sponsored apps, meet quite a number of system requirements, and not produce any phones without this spyware built in. Yes, spyware; Said parent company makes money from surveillance-powered advertising and they realized that they could get more data if they owned the devices people used to access the Internet directly. So think twice about buying their computers and routers too! This was also why they got into the home assistant space to begin with. Now they have a live feed of what interests you, your voice, camera feeds around you, what lights are on, how many rooms you have, live logs of your interactions with all these devices (aside from the phones themselves... I bet it's really interesting to them when your phone reports that it's on and that Chrome is viewing this site at 2 AM since you have history sync enabled with default security credentials. )

You could build a Matter reference from the SDK, but it would take an incredible amount of space (since the default version is bundled into a hidden app common to all closed-source Matter whereas this one has to be linked directly into your app) and you'd have to give it your network credentials directly.

That assumes, of course, that you're using Wi-Fi. Thread, another protocol supported by Matter, is something I will honestly admit I know little about. However, it was Google's own creation and you actually need an app to set it up. When I checked a few years ago before Matter was publically released and I was chasing down rumors and reading the code in the SDK, there didn't seem to be an open source version of that app at all. I'm not sure it's actually possible to set up Thread devices using the open-source variant of the SDK or an open-source app (the reference code for which was, and still is, locked behind the most expensive membership tier of Thread, which doesn't actually let you build Thread devices. For that you needed a different tier (second most expensive) that doesn't give you source access to the app). I don't even have words for how insane this is.

Either way on that bit, if you're on iOS (and I have seriously no idea why you are at this point if you read this), it's seemingly not actually possible to use Thread functionality in your app, even when using the iOS-based Matter libraries. You have to pay for a special development license (the free tier won't help you this time) and then have your app reviewed for why you need access to Thread once you have the license! And that's just to build it!

Next up, the local connectivity. Ironically, Matter did too good a job with this. It doesn't work outside of the home. At all. The hub requirement is actually so the big IoT ecosystems can install a device in your home that asks their cloud if there have been any commands lately, then it issues them over Matter. When you're away from home, your phone can contact the cloud (but not the home, because NAT and firewalls prevent that), which can talk to your hub since that has an outgoing connection from the home. This is incredibly simplifying how NAT works and that there are actually ways to get an incoming connection through it, but none of those are really cloud-free and the approach I describe is the easiest and most likely anyway.

So Matter is only local if you're local and using a homebrew app. If you're using a major, well-known app, it'll have some cloud component so it can work when you're away from the house. I imagine most of them try to use the cloud even when you are at home, but some don't to at least some credit.

Lastly, the anti-privacy section. MatterCouldBeBetter goes into this a little, but for background I point out how basically every current IoT device relies on the cloud and machine learning (inaccurately called "AI"). There have been a number of scandals about leaked images from cameras and even roombas, and of course, there was recently an article about a GM/U of M university partnership that revealed that live GPS data from 6-10% of cars could make traffic lights much more efficient. What the article actually said was that the 6-10% number was the number of connected GM cars on the road, heavily implying that the number was picked because GM gave the university GPS data from apparently every one of their customers that had a connected vehicle and that this was what the university had managed to do with it. I have to wonder if the owners of those cars were asked about this.

(Note: other research has revealed that with a location stream like this, only a few visited locations or times are needed to de-anonymize you completely. Of course, GM already has this linked with your profile, literal driving habits/styles, favorite radio stations, possibly your voiceprint, favorite in-vehicle apps or navigation destinations... And since the information is available to them the government is perfectly allowed to ask for this "public" information and store it indefinitely too...)

Back to Matter, it's basically a language. It encodes "words" that devices can ask each other. It's honestly quite an achievement. But it's still very limited. Only certain functions of certain devices work at all. And even for things that are supported... well, it also connects them to the Internet as an innocent side effect of its setup. It's only reasonable that manufacturers would want to do more with their products, so they'd establish a side channel for more advanced control than Matter supports.

The problem is that manufacturers also love to get more data on your usage habits, so since the device is on the Internet already, they just export literally every bit of interaction data back through their connection.
The other issue is that Matter is literally just an interface. The functionality is provided by the manufacturer's firmware in the backend. That stuff, especially in cases where Matter isn't ready yet, such as how it still doesn't support energy monitoring or cameras, is frequently tied to the cloud or machine learning models to function. So, even if they wanted to be ethical, a lot of stuff is just dependent on the cloud and big data anyway.

I'll be honest; Matter hasn't exactly failed this one, it's just that companies started salivating at realizing all these smart devices are directly connected to the Internet now, which isn't even that different considering that this was largely the case before this, too. This time it's the companies' fault.

The final issue - the amount of e-waste, or paperweights.
Effectively, as I understand it, updating a device literally costs money in recertification fees and the company has to remain a CSA member too (and keep up their own local part of the PKI that lets a phone detect if your Matter device is safe or homemade, too, which is also either a self-hosting complexity or a value-added fee they have to pay to a company that does host). This makes it more costly to support devices and probably they will be discontinued faster since the company needs to sell a newer model to support the upkeep costs. StacyOnIOT said there's some method to keep support up if a company has left the CSA, but color me skeptical.

if a product stops receiving updates, old versions of the Matter standard, which has updated twice a year so far, have a very short shelf-life. You can expect maybe a year or two, depending on how many old versions remain supported behind the newest, before it no longer works.

This update rate in itself also makes it very hard for a manufacturer to support the devices. They have to use the new version of the standard once it's released (though I'm not sure how this applies to software updates on previously-published devices?), so that's a treadmill of developer effort too.

Matter Casting - bonus topic
I'm leaving this mostly as homework if you are interested, because I don't know much about it myself and because I've spent several hours writing this now, but essentially it lets a device open an app on a TV and/or send it a URL of a video to play. The issue is, both sides HAVE to pass the certified device check or they'll refuse to communicate, and there's a further per-whatever whitelist of devices that are allowed to communicate, too. I haven't bothered to read it closely enough to tell whether this means that a smart TV will only work with its choice of pre-approved phones/tablets/whatever or that an app that wants to cast can be picky about what TV it supports. This despite the fact that the streams themselves can still support DRM, so it's not like it's any more likely to allow piracy.

But you can kiss your dreams of cross-platform generic casting goodbye, especially if you wanted it to work with PCs or to let you cast non-audio/video content (since it doesn't have support for that at all). I'm not even convinced that we're going to see cross-manufacturer casting. It'll probably only work between an LG TV and LG phone, or something equally exasperating where major businesses have made expensive licensing agreements (if you have to ask how much it would cost, I'm guessing you won't get permission to cast. :P).
As for PC, with Matter being mostly a Linux-only build system but with it costing a lot to certify (and being a lot of effort) it would be easiest to put on Linux but you're never going to see funding for it and it fundamentally couldn't be open source. Meanwhile you may see it on W$ or Mac, but it's going to probably cost.