[goodpoint]

XMPP leaks less metadata than alternative like Matrix, but it still very vulnerable to traffic correlation attacks from an external observer, server compromise and malicious server admin. Far from ideal.

Briar mitigates[1] these risks by using p2p messaging over Onion Services.

[1] mitigates: it's well known that even Tor cannot protect from correlation attack from a global observer but mounting such attack requires billions (see PRISM). Correlating traffic from/to an XMPP server is trivially easy for any person that has access to logs from a network device or can run a tcpdump on an hypervisor.

[MattJ100]

Traffic correlation attacks are very difficult to mitigate. Even Tor is not immune to this (see research such as [1], and the Tor project's own statements that the design is not resistant to analysis by a global network observer). Also Briar may be unsuitable for some use cases where you want to remain anonymous to people you communicate with[2].

Some research has been done into communication networks that are resistant to traffic analysis, such as Vuvuzela[3]. Unfortunately most such solutions requires permanent connectivity and bandwidth utilization, which makes them impractical for battery-powered mobile devices.

I'm firmly of the belief that no communication tool is suitable for all use-cases, but that we need to build open interoperable ecosystems that fulfil a range of needs, and help educate people about them.

[1]: https://nusenu.medium.com/the-growing-problem-of-malicious-r...

[2]: https://code.briarproject.org/briar/briar/-/wikis/FAQ#does-b...

[3]: https://vuvuzela.io/

[ezst]

tor isn't perfect, but if that's good-enough for your use-case, you can use/host a server over it: https://gist.github.com/dllud/a46d4a555e31dfeff6ad41dcf20729...