There are so many great reasons to be on Signal. Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations. Don’t sleep on this opportunity…
Editing to add the link to the messages: https://archive.is/2025.03.26-131842/https://www.theatlantic.com/politics/archive/2025/03/signal-group-chat-attack-plans-hegseth-goldberg/682176
Matrix shares metadata in plaintext with every participating server: who talks to who, when and how often.
Source newer than the 2010s?
https://spec.matrix.org/latest/#room-structure
The content of the messages can be encrypted. Who is in a room and who sent each message is not. See the “shared data” section of the chart.
Encrypting that data would require something like Sealed Sender (like Signal), and that is entirely absent from the spec and any implementation.
Edit: to the people downvoting, this is the literal Matrix spec upon which all the implementations rely. You are asking me to prove the absence of something in it. If you could, point me to the section that comments on the encryption of metadata in the spec. You may not like the answer (I’d love for it to encrypt metadata too!) but that doesn’t change the fact that it doesn’t encrypt metadata at this time.
I’m not downvoting but I can say I was definitely hoping for more a study where data is probably leaking (ie theory vs practice). I know there had been some things like this the better part of a decade ago hence my time restriction, but maybe nothing new.
Looking at the shared data section you mentioned I don’t really get how it’s possible to avoid the system knowing who is in a room – except by limiting yourself to safe servers. Signal does that with a central system, but matrix certainly would allow self hosting such that this data doesn’t leak between servers.
The weird thing about that section to me is it says the messages are listed as json objects but…I don’t see how that works with room encryption. I suppose the json objects include the encryption data but I thought they had to do something weird for room encryption to make the double ratchet perform well.
However, unlike Signal, you can exclude external participating servers entirely.
(I heavily prefer XMPP to Matrix tho, even though I host both)
yeah, no shit, it’s decentralized.
If you don’t want that metadata visible then host your own server and require your organization to use only that server, there are settings specifically to enforce this use-case.
the french government uses matrix for communications, it’s fine.