Privacy Guides

Linearized matrix wont be replacing the current way rooms work, especially with how they want to make the clients p2p eventually, its just for the DMA and convincing them to go with matrix

Except that the Element web-client also phones home to matrix/element mothership.

It doesn't matter what server you use, unless you do not interact with anyone from matrix.org.

you’re referring is using XMPP without OMEMO

OMEMO encrypts text messages for VOIP you need DTLS-SRTP encryption or Jingle session encryption. OMEMO has no concept of cross signing, ie one device being trusted and therefore the others either if they do an authentication with each other. Device verification has to be done each session which is a massive pain.

warns you your message content is unencrypted if this is disabled

The point is that Matrix 1:1 calls are always encrypted and soon with MSC3401: Native Group VoIP Signalling 1:many VOIP calls will be as well. Having foot guns about what might be encrypted or not in a client isn't very private at all.

Also, XMPP has better (imo) and more numerous clients than Matrix on every platform except iOS and MacOS (No better XMPP client than Element on these platforms).

I've used Nheko and that's pretty good. Last time I checked the XMPP clients that existed had a lot of rough edges and feature inconsistency.

I definitely prefer an extensible protocol to a much heavier, metadata-leaking, less-feasible to self host solution like Matrix.

That is definitely your opinion, Matrix has shown to be very feasible in a commercial sense as there are many providers and commercial clients using it, french, german government etc. There are also quite a few clients using EMS. They claim: "Matrix is an open network for secure, decentralised communication, connecting 80M+ users over 80K+ deployments."

Which is probably a lot more than XMPP.

Matrix really can be quite lightweight enough that it will be entirely possible to run a homeserver locally in WASM which is what the Matrix P2P project is about. https://arewep2pyet.com/ has more details about that. It's also possible to have very light Matrix servers Breaking the 100bps barrier with Matrix, meshsim & coap-proxy. The reason that a lot of public Matrix servers are quite "heavy" is because they have many numbers of users, and activity. Synapse has also made huge gains in this regard to what it was originally, and we know that Dendrite uses a lot less resources (that I've tested privately).

With RFC 9420 aka Messaging Layer Security (MLS) it should be entirely possible to have large E2EE rooms without too much of a performance hit. Matrix is also working on MLS: A giant leap forwards for encryption with MLS. They have a site tracking that: https://arewemlsyet.com/

The point is a lot of testing and thought goes into these things.

metadata-leaking

You're pretending XMPP doesn't have metadata between servers, it certainly does it's really no more private than Matrix.

This is what Matthew Hodgson (Arathorn) had to say about it:

Talking of sloppiness, that hackea.org article is a huge steaming pile of FUD about Matrix.

For what it’s worth, the team who came up with Matrix was originally based in two separate startups: one in the UK doing VoIP, one in France doing mobile dev. Both got acquired by Amdocs in 2010, but we ended up forming an independent “incubated startup” first to build telco apps, and then we came up with the idea of Matrix in ~2013. We then built out Matrix until 2017 when Amdocs killed our funding, having run out of patience for what amounted to generous FOSS philanthropy.

We then set up New Vector (now Element) as an entirely independent UK/FR startup, and have received zero funding from Amdocs since. To be crystal clear: Amdocs has zero privileged influence or control over Matrix (or Element, for that matter), and has zero access to the Matrix servers we operate as Element. And besides - the whole point of Matrix is that you can and should run your own servers so you can pick who to trust, even if you don’t trust the project itself.