Using matrix as is out of the box is relatively secure but you need to be aware that a lot of metadata ends up on the servers of a UK based for-profit & venture capital funded company (New Vector).
Using 3rd party clients should really be encouraged.
Mostly no, but the best way to deal with such meta-data is not to store it, or at least delete it as soon as possible. Which is the exact opposite of what Matrix does.
Hmm, sadly that isn’t the case, a lot of metadata on XMPP is also exchanged only TLS transport encrypted and is thus available on the server in clear text. The main difference to Matrix is that it generates and exchanges much less metadata and most XMPP servers are configured to delete all the metadata after a relatively short period of time.
Using 3rd party clients should really be encouraged.
metadata is not encrypted as per matrix protocol, it’s not the client’s fault
Would it even be possible to encrypt some basic metadata? I doubt that.
Mostly no, but the best way to deal with such meta-data is not to store it, or at least delete it as soon as possible. Which is the exact opposite of what Matrix does.
What kind of metadata are we talking about?
This issue has a general overview.
xmpp encrypts everything, metadata included
it’s not easy and makes the protocol really hard to implement but it is possible
Hmm, sadly that isn’t the case, a lot of metadata on XMPP is also exchanged only TLS transport encrypted and is thus available on the server in clear text. The main difference to Matrix is that it generates and exchanges much less metadata and most XMPP servers are configured to delete all the metadata after a relatively short period of time.
🤔 that does seem to be the case, maybe i was thinking of signal (it truly encrypts all metadata)