[Andrew_nenakhov]

The whole issue with XMPP is that users are brainwashed to demand e2ee even without fully understanding what it means and what unavoidable downsides in UX true e2ee brings.

Most users would have the same level of security as with e2ee by simply running their own server. E2ee mostly helps against service owner you don't trust, so just be your own service owner and have nicely syncing history and server side search.

[NoGravitas]

For single-user XMPP servers, this is true, but on the other hand, not everyone is able to run their own server.

I will say, that even though I kind of like the architecture of XMPP better, the Matrix people have put in tremendous amounts of work to overcome the UX problems with e2ee, in particular the multidevice problem (where I have a laptop and a phone logged into the same account and try to participate in the same encrypted conversation from both).

[pkulak]

I totally agree, though I run my own Matrix server and still find value in e2ee because I don't really trust AWS (or maybe my ability to secure AWS).

I suppose I could run the service on a machine in my house, but that's not going to be good for uptime, the NAT screws things up, etc. Plus, even that could be hacked if I fuck something up.

[Andrew_nenakhov]

If you run a legal operation, you don't have to worry about hosting company admins logging into your database. That can be done only on police inquiry.

[pkulak]

Eh. I'm still not storing passwords, keys, documents, photos, et all, plain text in some RDS database.

[Andrew_nenakhov]

On photos/documents, you are in a tiniest of minorities: ~99% of all smartphone users store photos in unencrypted cloud services like Google Photos and use Google Docs and MS Office 365.

(But but chats are surely the holy cow and must be encrypted - strictly demand those same users, paradoxically)

And no modern server stores passwords in plain text, and keys are not stored on servers at all.