> Matrix allows for unencrypted messages so it's inherently less encrypted than Signal.
But that logic, Matrix is less encrypted than Whatsapp, too, which is a crazy thing to say.
> The federation capability also means messages leak metadata.
It's the opposite: The centralized architecture means that there is a single target server to attack for the metadata. With decentralization, you can't easily scale up your attack to all users.
> But that logic, Matrix is less encrypted than Whatsapp, too, which is a crazy thing to say.
From a protocol perspective, it is. Without an open-source WhatsApp client and independent protocol security analysis, it's hard to judge the effectiveness of the encryption, of course.
> means that there is a single target server to attack for the metadata
Signal does not collect or provide much metadata. It has IP:port mappings, for sure, and keeps track of when a user last checked in, but the protocol itself is extremely well-suited to resist analysis.
A lot of information Matrix provides you for "free" once you break the HTTPS tunnel needs advanced analysis to get it out of Signal. Signal's protocol security is really impressive, I don't think there's anything comparable out there.
But that logic, Matrix is less encrypted than Whatsapp, too, which is a crazy thing to say.
> The federation capability also means messages leak metadata.
It's the opposite: The centralized architecture means that there is a single target server to attack for the metadata. With decentralization, you can't easily scale up your attack to all users.