They still have a large metadata leak that to my understanding can’t be fixed until they introduce stuff like pseudo anonymous user handles and room handles.
Where did you read that Signal uses MLS? I could not find any claims of using MLS on Signal’s specs page or their GitHub repo. Also MLS doesn’t mean anything on its own, see Soatok’s blog on MLS.
Soatok is currently in the process of writing a blog post about another vulneribilty they found in Matrix’s encryption, and with Matrix’s history of numerous vulnerabilities, I would stay away from that shit. No matter how “good” the algorithm is in theory, it is all about implementation. Matrix also has very brittle encryption, often times many messages will become unrecoverable, which is terrible UX.
You’d be better off just selfhosting XMPP+OMEMO, with the caveat that it is also flawed and leaks plenty of metadata.
The best alternatives to Signal (but not Discord) are SimpleX and Briar. Both are significantly better than XMPP/Matrix for privacy and security.
You’re right, I was wrong about signal using MLS. I recall reading it somewhere but can’t find the source now.
As for my response, it was about forward secrecy which they do claim to have now. Yeah I wouldn’t rely on matrix E2EE right now, and until its been seriously audited and replaced with something security experts agree on.
For a discord replacement (with public not E2EE rooms) it seems to be the best replacement just because that’s where communities are right now. XMPP+OMEMO is not that interesting to me because I don’t know of any communities that are on there or other users to be a Discord replacement and its E2EE story is not as good as Signal to be a Signal replacement.
For a signal replacement I’m not sure SimpleX or Briar are there yet. SimpleX doesn’t have multi device support last time I checked which is annoying if you’re used to useing signal on your phone + desktop. Any Briar doesn’t work on IOS, so if you chat with anyone who has an iphone they are SOL.
The other problem with Matrix for me is that Element call (the protocol) is not present in most public instances and isn’t very straightforward to selfhost. The default is jitsi which is not E2EE. Pretty major IMO because if Matrix is supposed to be a Discord alternative and supposedly E2EE but VC isnt encrypted, pretty yikes.
Also they have claimed for years that they have forward secrecy. Has something actually changed recently?
I’ll preface saying I’m not a security expert but my understanding Is sometime in 2025 they changed the encryption scheme in matrix following a lot of disclosures of how it was broken to a new scheme that uses MLS and supports forward secrery. I haven’t seen a post yet from security experts discrediting it yet. It sounds like it still has issues from what you’re saying, about soatok disclosing some new problems with it.
On the call side they have element call instead of relying on a jisti widget (but only a few client support it). Afaik it supports encryption. They talked about it last year at the matrix conference https://cfp.2025.matrix.org/matrix-conf-2025/talk/BQZHAH/
Does matrix have forward secrery now since the switch to MLS? (I.E. the same encryption scheme Singal uses) https://matrix.org/blog/2025/06/dispelling-myths/
They still have a large metadata leak that to my understanding can’t be fixed until they introduce stuff like pseudo anonymous user handles and room handles.
Where did you read that Signal uses MLS? I could not find any claims of using MLS on Signal’s specs page or their GitHub repo. Also MLS doesn’t mean anything on its own, see Soatok’s blog on MLS.
Soatok is currently in the process of writing a blog post about another vulneribilty they found in Matrix’s encryption, and with Matrix’s history of numerous vulnerabilities, I would stay away from that shit. No matter how “good” the algorithm is in theory, it is all about implementation. Matrix also has very brittle encryption, often times many messages will become unrecoverable, which is terrible UX.
You’d be better off just selfhosting XMPP+OMEMO, with the caveat that it is also flawed and leaks plenty of metadata.
The best alternatives to Signal (but not Discord) are SimpleX and Briar. Both are significantly better than XMPP/Matrix for privacy and security.
You’re right, I was wrong about signal using MLS. I recall reading it somewhere but can’t find the source now.
As for my response, it was about forward secrecy which they do claim to have now. Yeah I wouldn’t rely on matrix E2EE right now, and until its been seriously audited and replaced with something security experts agree on.
For a discord replacement (with public not E2EE rooms) it seems to be the best replacement just because that’s where communities are right now. XMPP+OMEMO is not that interesting to me because I don’t know of any communities that are on there or other users to be a Discord replacement and its E2EE story is not as good as Signal to be a Signal replacement.
For a signal replacement I’m not sure SimpleX or Briar are there yet. SimpleX doesn’t have multi device support last time I checked which is annoying if you’re used to useing signal on your phone + desktop. Any Briar doesn’t work on IOS, so if you chat with anyone who has an iphone they are SOL.
The other problem with Matrix for me is that Element call (the protocol) is not present in most public instances and isn’t very straightforward to selfhost. The default is jitsi which is not E2EE. Pretty major IMO because if Matrix is supposed to be a Discord alternative and supposedly E2EE but VC isnt encrypted, pretty yikes.
Also they have claimed for years that they have forward secrecy. Has something actually changed recently?
I’ll preface saying I’m not a security expert but my understanding Is sometime in 2025 they changed the encryption scheme in matrix following a lot of disclosures of how it was broken to a new scheme that uses MLS and supports forward secrery. I haven’t seen a post yet from security experts discrediting it yet. It sounds like it still has issues from what you’re saying, about soatok disclosing some new problems with it.
On the call side they have element call instead of relying on a jisti widget (but only a few client support it). Afaik it supports encryption. They talked about it last year at the matrix conference https://cfp.2025.matrix.org/matrix-conf-2025/talk/BQZHAH/