I really wanted matrix to succeed, but I've completely and entirely given up on it now.

State resolution is just a total mess. On the best of days it's a hideously complicated system that sucks crazy resources, and on the worst of days rooms get blown up and bricked. Supposedly it's not as bad as before, but the fact that rooms can get bricked in the first place is bonkers. Just computing the member list of a room is a disaster due to the complex resolution algorithm - I spoke to a homeserver admin once who found that the DB storage space of just the member list can easily reach multiple gigabytes for larger rooms.

Also years later, we still don't have custom emojis, user statuses, user bios, invite links etc. - very basic things that literally every messaging platform has. https://github.com/element-hq/element-meta/issues/339 https://github.com/element-hq/element-meta/issues/573 https://github.com/element-hq/element-meta/issues/426

I'm interested in hearing if anyone has used simplex and what kind of experience it is. It seems like simplex is going for a similar audience as signal but using a very different approach. I don't think they've really had a breakout though and haven't heard it talked about much.

>Unlike any other existing messaging platform, SimpleX has no identifiers assigned to the users

Lies by omission. SimpleX doesn't mask your IP-address by default. It leaks to the server. The ENTIRE public SimpleX network is hosted by two companies, Akamai and Runonflux. Metadata of two conversing users running on the same VPS can be detected with end-to-end correlation attacks, so pray that the two are not PRISM partners or whatever has replaced that program.

I'd be fine with SimpleX if they

1) bundled Tor and had a toggle switch during initial setup.

2) were transparent about what the toggle switch does (lag/bandwidth vs IP masking)

This is crucial as they already have Tor Onion Service server infra set up, but they're not making it easy for a layperson to use those. Instead they lie by omission. Their

"SimpleX has no identifiers"

only means

"SimpleX does not add additional identifiers"

They don't give a damn about your router gluing your IP address, that's increasingly becoming a unique IPv6 address, to every TCP packet header.

I still wonder why my experience and the experience of my friends, community and family with Matrix has been so positive compared to what people describe all of the time. Maybe it's because something changed in ~2025 when I started using it again? Both Beeper (my main Matrix provider, the one that preconfigures WhatsApp, Signal, SMS etc. bridges) and Element (the new mobile app and EMS for hosting). I onboarded something like two dozend non-technical people to it, and they are all happily using it every day, mostly to use the bridges that come with Beeper. Haven't heard a single complaint, even switching devices just works now. Almost all communities I care about (GNOME and so on) have Matrix servers, and since the spaces feature launched it's been really competitive with Discord, even UX-wise thanks to the new apps on desktop and mobile. Yet all I hear on HN and elsewhere is people complaining about UX issues that just have not appeared a single time for myself. Maybe it's people using non-compliant clients, old servers, or some other strange configuration? It's a mystery to me.

I don't have opinions about Matrix (a more-secure version of Discord or IRC seems like a reasonable thing to want) but want to put a word in for reading the Nebuchadnezzar paper, which is kind of a master class in cryptanalyzing secure messaging protocols, and really drives the point home that the hard part of a group secure messaging system isn't encrypting messages (anybody can do that) but rather in securely managing group membership without trusting servers:

https://nebuchadnezzar-megolm.github.io/

Btw, if anyone wants to read the flipside to this, I just posted the annual Matrix holiday update: https://matrix.org/blog/2025/12/24/matrix-holiday-special/

Happy holidays, HN… :)

> Why Federation Must Die

I disagree so much. Yes Federation is hard and it brings lots of new challenges. But with things like Chatcontrol it's the only way we can continue to communicate securely in the EU. Everything that is not federated has a single entity managing it which can be threatened with punitive actions. With federation everyone can run their own server meaning too many people to go after.

I understand these guys don't want it and they have good reason but federation in general should not die.

Moxie (Signal Founder) gave a talk about the issues with federation at CCC in 2020, he took a crazy amount of flak for it, a lot of it from the Matrix community. Lots of the issue highlighted are in this post.

https://youtu.be/DdM-XTRyC9c

I've been on Matrix for 6 years or so. Some of that time was painful (especially when the largest public server was overloaded by a surge of new users in 2020). It's better now. I can't remember the last time I saw a decryption failure.

I still have gripes about it. Improvements to the spec and software have been slow lately, due to funding issues. But they are still arriving. The official desktop client remains buggy, bloated, and cluttered. But there are lighter alternatives that do what I need 99% of the time. Much of the meta-data is not yet end-to-end encrypted. But that's still planned, and since it's not as important in my day-to-day chats as it might be if I were whistleblowing, I'm willing to wait.

I continue to use Matrix because there is nothing else offering the combination of features that I most value in it. Notably:

- decentralized

- 1:1 and group chats

- offline message delivery

- multi-device support

- end-to-end message encryption with well-understood ciphers and protocols

- easy enough that I have brought in non-tech-savvy contacts with very little assistance

- cross-platform, on every major desktop and mobile OS

- not tied to google services or libraries

- open-source

- free (in both senses)

- self-hostable

- reasonably anonymous; no need for a real name, phone number, or (depending on homeserver) even an email address

- (in development) scalable audio/video chat that looks very promising

Harder to quantify, but also worth acknowledging: The project lead seems very level-headed, demonstrating good judgment and tremendous patience, and consistently makes himself and the inner workings of this difficult project accessible to the public. This gives me the sense that Matrix continues to develop with sound guidance. Thanks, Arathorn!

Like any opposition party, the anti big tech crowd is actually a loose coalition of different goals and interests. I've noticed that as these platforms get through the earlier stages of "will it even work" the differences in values are becoming more pronounced and controversial. The primary two groups seem to be those who value federation and see centralized control and algorithms as the threat and those who value encryption and see surveillance as the threat. Obviously these two things aren't mutually exclusive and we all want to see new platforms that can solve for both. But there's a quite distinct difference in the primary priority and consequent technical decisions.

I hope maybe if we can be aware that this is a broad set of technologies being driven by a broad set of goals then we can be a bit more gracious when a project isn't perfectly aligning with our personal values and find the common ground and values.

I have to say, this comes across as incoherently babbling by someone with an axe to grind. The things they say are bad about Lemmy/Matrix are in conflict with the other things they want.

The person who wrote this just wants a centralized, moderated chat/social media system. Use Discord/Slack/Reddit if you don't like the resiliency of decentralized systems. There are some legit gripes in this massive list, but 90% of this reads as "I want Matrix to be centralized!" Good news, that exists already!

I use the strict cookie policy on firefox, and set cookies to be deleted at shutdown. I just save credentials and login to platforms each time.

I joined the mozilla matrix, and ironically, this caused the auth system to completely break down for some reason since I would log in each time.

It suggested to reset the whatever login data cookie thing because it did not want to trust me anymore, displaying red warning or whatever.

I asked around, and apparently they disagreed about that strict cookie policy, which felt quite ironic coming from the mozilla community.

/me sighs; Merry Christmas everyone.

For what it's worth, we've been working on improving Matrix's metadata footprint this year: MSC4362 (https://github.com/matrix-org/matrix-spec-proposals/blob/kay...) got implemented on matrix-js-sdk for encrypting room state (currently behind a labs flag on Element Web: https://github.com/element-hq/element-web/blob/develop/docs/...). Meanwhile more radical proposals like MSC4256 (https://github.com/dklimpel/matrix-spec-proposals/blob/mls-R...) go and remove senders entirely and encrypt room state via MLS.

The reason Matrix hasn't prioritised metadata protection earlier is:

* If you're particularly concerned about metadata footprint, you can run your own servers in whatever network environment you feel like - you are NOT surrendering metadata to some central or 3rd party server as you would in a centralised platform.

* We've had to focus on getting decentralised encryption stable, which turns out to be hard enough without also throwing in metadata protection - it's only this year that we've turned that corner.

* Unless you're using a mixnet, network traffic gives away a significant amount of metadata anyway.

Anyway, yes: Matrix can do better on obfuscating metadata on servers, and we'll continue improving it in 2026.

Meanwhile, if anyone's feeling nostalgic you can see a presentation I wrote preempting the challenge of metadata protection back in 2016 (on the day we first turned on E2EE in Matrix, ironically): https://matrix.org/~matthew/2015-06-26%20Matrix%20Jardin%20E.... In some other world perhaps we would have got to this point sooner, but better late than never.

EDIT: I can't face going through all the other points in this post, but it's worth noting that some of it is just entirely false - e.g. the hackea claims of "an impressive collection of private data being sent to Matrix central servers, even when you use your own instance", or the fact that media isn't authed (it has been since Jun 2024). Meanwhile the abuse situation has evolved significantly in 2025, with stuff like https://matrix.org/blog/2025/02/building-a-safer-matrix/ and https://matrix.org/blog/2025/12/policyserv as well as hiring up a larger trust & safety team at the Matrix Foundation.

We've been happy Matrix users. Apart from less technical folks losing their encryption keys every now and then and certain other users having issues with flatpak permissions it's been an uneventful experience... until now. We're losing a domain due to contractual obligations and it seems the only way to migrate to a new one is to start over.

The table comparisons here of Simplex vs Signal, XMPP & Matrix don't seem particularly interesting (like for like) beyond demonstrating the general differences between decentralised & federated systems.

Has anyone done a comparison between Simplex & any specific P2P systems (the P2P coverage in this article is extremely vague & handwave-y) - e.g. something like Scuttlebutt?

Element web and PC applications are still, in 2025, a mess. I have heard you have to use it on Mobile using the ElementX.

No new complaints: The standard it badgers you to authenticate, then doesn't let you due to errors. Slow to load messages, inconsistent whether edits will show or not, inits channels to an arbitrary time in the past, then you have to click the arrow a few times and wait to get to the latest, the page won't load on mobile, etc.

> Why Federation Must Die

They've lost me right here.

Why I chose not to use SimpleX after investigating it last year:

- No multi-device support. I want to send and receive messages using any of my devices, independently, no matter where they are. (Being able to tether a phone to a computer is not sufficient.)

- Messages are dropped if not retrieved a timely manner. 21 days by default, which is shorter than some of my vacations.

- It was not clear to me what happens to undelivered messages when a queue server crashes, loses power, or reboots for maintenance.

- Establishing a chat requires sharing a large link or QR code through some out-of-band channel, which I often find inconvenient.

- Funded almost entirely by venture capital. This suggests to me that it is likely to either vanish or turn to some form of exploiting users, eventually. I don't want to build my contacts network upon that foundation.

- It was not clear to me who controls the queue servers, what incentives exist for their operators, or how their maintenance is funded. Absent that information, I must assume that most or all of them are run by the same people, making it a hair's breadth from a centralized service.

- Frequently repeated marketing claims of having no user IDs, when its message queue IDs are user IDs. The privacy improvement vs. a traditional service is through generating a distinct ID for sharing with each contact in 1:1 chats. (Group chats do not have this feature.) While I consider this valuable (it's like automatically giving you a separate email alias for use with each contact), I despise that it was presented as something that it is not. Perhaps they have stopped making the original claim by now, but even if so, the fact that they lied to people in the first place makes me unlikely to entrust my communications to them.

I prefer Matrix. I'll comment separately regarding why.

Not alone. We started with Matrix, but we are very happy with Zulip now.

I disagree that federation must die. Federation has problems, but it solves the most important point which is to avoid that one company controls everything. Whether you have identities, or servers associated or bla bla bla all of that is secondary to preventing centralization of power.

That’s a pretty lengthy list.

The illegal content one is I think the most problematic. Meta and friends don’t employ teams of psychological scarred content moderators for giggles…

Discourse "loading" screen is the worst user experience. It's long, non-informative and meaningless.

Several years ago I was looking for something to use as a family chat server. Many of my friends/coworkers were using Slack/etc., but since my immediate family members didn't already have a preferred chat app, I was hoping to self-host something open-source. Matrix was under very active development at the time and I was pretty excited about the prospect of using it. Matrix didn't even have E2EE yet (I think it was under development), and that really wasn't a feature I needed or cared about (disappointing to read about all the trade-offs involved in this post though). The computational/storage costs for Matrix really were way too burdensome though. I ended up going with Jabber (Snikket). A jabber server costs essentially nothing to run. Highly recommend.

> [federation] offers a degree of censorship resistance, as the messages or images are replicated across multiple servers, making it difficult for any single entity to censor or control the content.

That's the way Matrix goes, but that's not an inherent property of federation (XMPP doesn't leak nearly as much metadata as Matrix does, for instance)

Also, there is no free lunch in this space: p2p is slow and inefficient (bandwidth as much as battery) for modern mobile usecases, the workarounds generally consist of having edge servers to act as caches or preferred routing points, and that brings us back to the exact same set of tradeoffs found in the federation model, except with less control.

In short, I agree with the premise that Matrix is terrible, but not that federation is necessarily bad, nor that P2P is clearly superior.

As someone who has witnessed a malicious Matrix admin, it has become glaringly obvious that operating on a platform that hinges on any sort of trust in a human who can oversee metadata (even those who you consider to be good friends) is not viable.

I wanted to believe, but sadly privacy must be hard-coded or the people with a large set of technical skill, access to AI agents who will restlessly pursue their mission, and a dysfunctional moral compass will attempt to technologically dominate users.

Death by a thousand features. A cryptographically secure simple listserv is _well_ within reach

It's all soylent green in the end; people.

There's no decentralized protocol as they're centered around their developers. Too much human effort and attention has been centered around software.

The ephemeral gibberish of software developers approaches religious like obsession with sigils and notation levels of absurdity. Believe in their scripture! It will see humanity to the promised land!

Meanwhile in meat space everyone I socialize with is tired of software engineers; "they over complicate everything!" is a common refrain.

This little filter bubble is probably fostering asocial mental illness's in many of its disciples

I wondered from the beginning why matrix was adapted so quickly. It's cryptographic protocol is so flawed. Most of the leaks could be easily prevented.

Use keet, true p2p & secure chat. No servers.

https://keet.io/