[fsflover]

> Matrix allows for unencrypted messages so it's inherently less encrypted than Signal.

But that logic, Matrix is less encrypted than Whatsapp, too, which is a crazy thing to say.

> The federation capability also means messages leak metadata.

It's the opposite: The centralized architecture means that there is a single target server to attack for the metadata. With decentralization, you can't easily scale up your attack to all users.

[jeroenhd]

> But that logic, Matrix is less encrypted than Whatsapp, too, which is a crazy thing to say.

From a protocol perspective, it is. Without an open-source WhatsApp client and independent protocol security analysis, it's hard to judge the effectiveness of the encryption, of course.

> means that there is a single target server to attack for the metadata

Signal does not collect or provide much metadata. It has IP:port mappings, for sure, and keeps track of when a user last checked in, but the protocol itself is extremely well-suited to resist analysis.

A lot of information Matrix provides you for "free" once you break the HTTPS tunnel needs advanced analysis to get it out of Signal. Signal's protocol security is really impressive, I don't think there's anything comparable out there.

[tptacek]

It's not a crazy thing to say. It's a complicated question.