[amatecha]

OMEMO is the only E2EE standard to use now (I mean, barring occasional outliers, but OMEMO is the norm). That's cool, I'm talking to people on XMPP every day with people who have zero intention of moving unless something better (by their definition) comes along. XMPP seems to be gaining popularity as one of the last possible options for a genuinely decentralized encrypted chat protocol that isn't beholden to a singular closed org/corp. I just personally onboarded like five people and they're all like "this is awesome" and.... wait, did you just say "at least I can run this in a browser tab where it can't pwn my system"? Please search "browser exploit rce" on your favorite search engine. Here's one from two weeks ago: https://windowsforum.com/threads/cve-2025-21279-remote-code-...

I used to have a couple 1:1 Matrix chats with friends where I was trying to bridge the whole "different OS" issue for E2EE chat. Neither of them use Matrix anymore, and we were all having issues with Signal (my account is still b0rked). It was just too much hassle. So I mean, the anecdotes go both ways here.

[mrusme]

I'm a fan and active user of XMPP. However, it unfortunately is true that encryption is a can of worms. OMEMO should be the standard, yet there is fragmentation in terms of the specific OMEMO spec version that clients use. Not even the most prominent clients keep up with the latest spec, as can be seen here [1]. One of the issues is, that everything prior to 0.4.0 uses AES-128-GCM, instead of the standard that is used by other platforms (eg Signal), that is AES-256-CBC with HMAC-SHA-256. In plain English this means that most mainstream XMPP clients do not offer encryption at a level that can and should be expected these days.

[1]: https://xmpp.org/extensions/#xep-0384-implementations

[dzaima]

Browser sandbox escape to userspace exploits are still much harder to make though, compared to... uh.. a userspace to userspace exploit, given that the latter takes literally (actually literally) zero effort, and as such you don't have one every couple weeks, but rather an ∞ of new exploits per second.

(that said, a web-based client has the aspect that an exploit could be inserted at any point with only a page restart necessary, whereas a native client would need updating; but hopefully you update your client, lest you start missing out on new protocol features!)