[Arathorn]

Speaking as project lead for Matrix, the protocol does currently expose more metadata to the server than it should. Specifically, the main issues are:

* no sealed-sender (but see the OP on why this is not a panacea)

* server can see which users are in which rooms

* plaintext room names & topics (so serverside search can work)

* aggregations (metadata around reactions, edits, replies, threads - ie who reacted to what and with what emoji)

We’ve been working away improving this - for instance MSC3414 defines a way to encrypt key/value events like the above, and an implementation landed this summer. Similarly per-room user ids are planned too. However, it’s not trivial to get right, and we are underresourced so the work is going slower than we’d like. Also, decentralisation at least means the metadata doesn’t pool in some centralised place (as signal’s traffic footprint does, for instance). If you run your own server, then the threat may be acceptable.