Aurora is a big deal! I’ve been waiting for the Rust SDK to come to the web.
I’m not fully through the talk yet, but it looks like they’re first modernizing the old application and planning to eventually switch base to Aurora, which seems sensible!
Either way, Rust SDK on the web, finally! This will hopefully make it easier to write other Matrix clients, since the JS SDK is pretty undocumented (and outdated).
So Aurora (https://github.com/element-hq/aurora) is a proof-of-concept we put together of rust-sdk on Web, using the new MVVM components from Element Web. However, the plan is likely not to actually switch base to Aurora, but instead migrate SDK within the existing app codebase eventually. (We might end up using Aurora for other purposes though). Either way, the ground work is the same: to split up the current app into MVVM components which can run on either js-sdk or rust-sdk.
Compared to Signal, where does element stand today in terms of privacy and encryption? Due to the decentralized nature they werent able to offer the same guarantees from what I remember
Matrix allows for unencrypted messages so it's inherently less encrypted than Signal. The federation capability also means messages leak metadata. Furthermore, encrypted messages also contain some metadata in the unencrypted envelope. Some protocol features (emoji reactions) also ended up outside of the encrypted envelope because of that. It's a risk with any protocol that has encryption bolted on and optional.
On the other hand, you can host your own Matrix server and still participate in the network, whereas Signal will have you convince your friends and family to install a custom Signal client if you want to run your own Signal server, for instance because you don't want to rely on Amazon's servers (Signal was down when Amazon went down this morning).
Signal sacrifices network openness for encryption capabilities.
There's also the MLS/MIMI side of things, but AFAIK that work hasn't been completed yet (MIMI isn't even a full RFC yet).
Element/Matrix, with some modifications, has been chosen as the messenger of choice by the French government (Tchap) as well as the German military (BwMessenger, BundesMessenger) and healthcare (TI-Messenger).
> Matrix allows for unencrypted messages so it's inherently less encrypted than Signal.
But that logic, Matrix is less encrypted than Whatsapp, too, which is a crazy thing to say.
> The federation capability also means messages leak metadata.
It's the opposite: The centralized architecture means that there is a single target server to attack for the metadata. With decentralization, you can't easily scale up your attack to all users.
Somewhat related - Can someone explain this to me? France and Germany want to lessen dependence on American organizations, so they choose Matrix, also an American organization.
Matrix, the organisation, takes care of the open source side of things.
BwMessenger is a partnership with "ELEMENT SOFTWARE SARL" (according to https://messenger.bwi.de/datenschutz), the French entity of the commercial side of the people originally behind the open Matrix ecosystem (https://element.io/legal/company-information). I'm not sure why the French entity is doing business with the Germans as Element also has a German entity, but either way the American side is not the one doing the work.
For the American entity, a lot (most?) of the work that's not from unrelated open source contributors seems to be coming in from either EU countries or the UK.
Element is also UK headquartered, albeit with French/German/US subsidiaries when selling to those respective governments. BWI buy via France because when we started working with them we didn’t have a German legal entity yet.
Signal and any kind of Slack SaaS: US infrastructure, US law around data governance. Matrix (and Zulip, for that matter, and mattermost too) encourage self-hosting on your own infrastructure, or at least in-country, even if the upstream security patches are coming from US developers.
If it's open source (and libre software) then it's not as important where the main development offices are (or where the company is incorporated). You still have control.
Thank you, and I see it's registered in the UK.
I think it started in the US? Well, not like it's relevant anymore.
And can you answer this question:
If everyone has secure chat, then won't that benefit criminal organizations?
I struggle to understand the love for private communication when it seems like that would benefit, for example, religious sects and sex abuse rings.
NOT that I like that Zuckerborg keeping all my messages.
> If everyone has secure chat, then won't that benefit criminal organizations? I struggle to understand the love for private communication when it seems like that would benefit, for example, religious sects and sex abuse rings. NOT that I like that Zuckerborg keeping all my messages.
Yes, sort of.
The thing is, the government is already not permitted to wiretap people, at least without reasonable suspicion.
Wiretaps themselves are not admissible in court, and can only be offered as a mechanism to correlate behaviour anyway. At least in the UK. (Which, is ironic when you consider what's going on there with online speech, but I digress).
Factually speaking, in order to do a crime you have to physically do a crime, the police knowing when and where do not require access to your communications to figure out. They will sting people, get people to turn on other people or simply catch red-handed when doing ordinary police work.
If we legitimately believe what the governments of the world are saying: that we need to embolden the police. Then funding them properly is the right start, yet nobody seems to be doing that. The EU has been making cross border communication easier though, which is in-line with emboldening the police, so I'll give them that.
Having more information will do very little to help, for the same reason that phone taps aren't given out freely (and never have been) - because even if you have the data, you have to choose how to act on it, and you'd need the resources to investigate and follow-through.
There is a distinct irony that unencrypted SMS is more secure than online messengers, because there are legal protections.
Are you European? I don't understand that use of hinder. You mean prevent from using? Then no, I don't think preventing normal people from using encryption will prevent criminals from using encryption, and didn't mean to imply that
> If everyone has secure chat, then won't that benefit criminal organizations?
Probably. But criminal organizations also benefit from having electricity, or cars, or a million other things that we all would be much worse off if we didn't have them. Just because something benefits criminal organizations as a side effect is not really a reason to not do it for the benefit of ordinary citizens.
My point wasn't that we should or shouldn't have it. I just get the impression that the same people calling for privacy will be highly outraged the next time, for example, an Austin Wolf (gay porn 'star' who used Telegram to share thousands of files showing abuse of children) situation arises, or it's inevitably revealed that religious sect xyz coordinated over it. Europeans trash talk Telegram (and that is fine), but somehow Matrix is different? How?
One of the biggest differences between Matrix and Signal is that Signal encrypts all room data, while Matrix exposes it. In Matrix, your home server has a view into the name of every group you participate in, and a list of its members and their roles. It also maintains a historical of people who join and leave the group, and when all these events take place.
Other servers that share at least one member of the group will also get at least a subset of this list.
This is true regardless of encryption. If a Matrix room enables encryption, only message contents are encrypted. Nothing else is, including everything mentioned above.
I think these two topics need to be looked at a bit separately, similar to for example WhatsApp, where you have e2ee but there are still lots of privacy risks.
In the matrix ecosystem, as far as I understand, having only one user from the matrix.org homeserver in your room already undermines metadata privacy to some degree. Also, there still are issues with decrypting messages from time to time with certain combinations of clients, rooms and homeservers, which effectively means that the "failsafe" option for getting messages across the network is using unencrypted rooms.
Having free, secure, federated, usable instant messaging is still not solved imho, and I think it's not easy to solve. So far matrix is the best attempt in my book, but it's also not there (yet?).
> So far matrix is the best attempt in my book, but it's also not there (yet?).
IMO XMPP is the best attempt so far, but it's completely outdated by today's standards. Matrix is a modern attempt, but it's just bad. I doubt that Matrix will actually get anywhere usable in the future.
It's absolutely possible to build such a protocol with high performance, seamless UX, Signal's level of privacy and security, and Discord's level of features. It's just a lot of work to actually build the specifications and flagship implementations, compared to just building a good centralized option.
> Matrix is a modern attempt, but it's just bad. I doubt that Matrix will actually get anywhere usable in the future.
Obviously I’m biased, but I seriously suggest looking at the various vids from the Conference. Matrix has definitely had some ups and downs in the past, but right now it is in a good place.
Signal is centralized, so it becomes a huge target of all kinds of hackers and three-letter agencies. This alone is sufficient for me to never touch it. And then, there is this:
It's less encrypted. E.g. you'd think that emoji reactions are end-to-end-encrypted (as they are in Signal). But they aren't[1]. I expect similar implementation issues wrt. the encryption in Matrix.
Signal uses a whole suite of modern cryptography, including post-quantum ratchets for key agreement and zero-knowledge proofs for group membership.
Meanwhile, Matrix has a plaintext mode and knowingly shipped libraries with side-channels for years, by their own admission (and left many clients in the ecosystem depending on the vulnerable C implementation when they rewrote their cryptography protocol in Rust).
Even today, they are not the same protocol. Olm/Megolm is distinct from Signal in a lot of ways that I've outlined in my previous blog posts.
I don't particularly care if people like Matrix, but please don't spread falsehoods about the cryptography being used.
In theory you can do the same with Signal, as they source dump their server code every now and then.
If you reject that on the basis of "we can't know if it's what they're running" or "it's a partial dump", then I don't see how Matrix is any different. Not only we can't know if Matrix servers have modified software, but we also have to trust/verify several servers instead of a single one.
The fundamental difference boiling down to trust isn't primarily in the cryptography; it's entirely down to the infrastructure and the root of control.
Signal is widely regarded as the gold standard for centralised E2EE, but its architecture forces you into two massive, non-negotiable trust compromises:
1) You must trust the Signal corporation with all your metadata. Every routing and handshake detail passes through one single choke point that they control. That is an unacceptable risk for security-minded users.
2) You rely completely on Signal to truthfully publish a pre-compiled binary that actually reflects the open-source code. For the vast majority, this is unverifiable in practice. It's a critical client-side act of faith.
Matrix’s design fundamentally eliminates these single points of failure, shifting the root of trust squarely to the user (or a group you trust):
1) Self-hosting; This is the game-changing feature. Host your own Synapse/Dendrite instance. Your metadata never leaves your control. You move the trust boundary from a corporation to yourself. You genuinely achieve "no communication outside your control."
2) Matrix uses an open specification. You can use FluffyChat, Nheko, or Element. This breaks the coupling between the server and the client. Even if you rely on a third-party server, you can use a client built by a completely different team, making the client-side code independently auditable and verifiable across projects. This is the ultimate defence against subtle backdoors in a single vendor's binary.
TL;DR: Signal offers "trusted third-party" crypto running on a single, unauditable binary. Matrix is decentralised, verifiable zero-trust communication. The comparison isn't about the strength of the AES key or which data it has been applied to; it's about the architectural freedom to not have to trust another entity with either your data or your code. That freedom represents an essential leap in trustworthiness.
Super nice summary. Makes me want to use Matrix again, but the clients have all been very poor in my experience. Element on desktop was okay and I used it for work without issue, but it's not nearly as slick as "scan this QR code and import your contacts" (oh that's another difference, your ability to use the network is governed by Signal allowing you to register an account, typically requiring a phone number for bot prevention, which seems like an extreme step for an app that aims to keep you anonymous.)
You might be making good points, I'm not familiar enough with the context to tell, but whining about downvotes is in bad taste, so a large part of your downvotes probably come from there, mine included.
Apologies, it's frustrating watching my comment go from +5 to -2 in a handful of seconds.
Not that I'm into karma farming (or that it even means anything), but it irritates me to think that people are gaming the discourse here.
There's an implicit groupthink when it comes to seeing greyed out comments; to the point that people may (and do) think that the comment is non-factual or at the very least unpopular. This is especially true in subjects that are critical of Signal.
Quoting the guidelines [0], if you think that's really what's happening, you can try reaching out to the mods.
> Please don't post insinuations about astroturfing, shilling, brigading, foreign agents, and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
I noticed that they renamed the Element mobile app to Element Classic. Has Element X reached feature parity and stability yet? For how long will Classic be maintained?
> The outgoing Element mobile app (‘classic Element’) will remain available in the app stores until at least the end of 2025, to ensure a smooth transition
I can't find any other communication from Element Creations other than that.
The renaming to Element Classic doesn't bode well considering that Element X still doesn't support a vast number of home servers and a number of Synapse authn/authz features.
If they remove it from the app store, my advice for my users is going to be to switch to fluffychat, and I'll eventually migrate away from Synapse to some flavor of Conduit.
As of lately, Spaces are now supported in Element X which possibly brings it to feature parity (at least I wouldn't know what's missing, and I've been using Element X now for some months because of these plans)
User report from 2025: Both the application and web UI are still buggy and slow. This is not acceptable in an application this simple in nature, that has been around for so long.
The only desktop messenger with smooth performance I'v used was Telegram. Signal, WhatsApp, Element, and all the other Electron applications all introduce hard-to-pinpoint latency somewhere. Unfortunately, Telegram is... Telegram.
For XMPP/Matrix/etc. there are plenty of (more) native alternatives but they're not as feature complete as Telegram or their Electron counterparts, unfortunately.
My lack of C++ and Qt experience has still managed to keep my urge to rip out the Telegram protocol and replace it with something else. Maybe I'll try throwing AI at the problem and release a slop POC. Secretly, I'm hoping someone else will do the hard work for me...
The mobile apps for all are fine, though. Electron hasn't hit mobile phones just yet.
I use thunderbird for email and they now let you connect to matrix, irc, xmpp, and whatever Odnoklassniki is. It's quite barebones however, like it looks like people are just adding lines to a google doc, barely any interface at all. Really a stylesheet would go along way, looks like userChrome.css works, so maybe I'll mess with that.
which app are you talking about? as per the conference keynote, there are loads of different ones now, written in different stacks without any overlapping implementations.
If you're talking about the old Element Classic mobile app, then yes, it's now been replaced by Element X (which now has spaces & threads support, and so pretty much has parity with the old app), and it is super fast, and not buggy.
Latest Element X Testflight and nightly both crash for me very consistently when navigating back from two or more levels deep (like from Chats > room > room info and then going back). iOS 26.1 beta (23B5064e). I’ve been blaming it on iOS for now since I can’t go back to not running a beta yet :( Also seems like the notification badge is always = real notifications + 1 which i’ve read happens with Synapse or something but I’ve never found a way to fix it.
Also seems like spoiler messages in Element X appear as just an empty chat bubble that i’ve been meaning to report. And why does sending spoilers on Element require using /spoiler when discord and telegram use `||spoilered text||`?
I really want to love Matrix. I’ve been using it with my girlfriend (on a self hosted Synapse server for us) who barely tolerates it, some other friends who range from also tolerating it to hating it (and having decryption errors a lot with a friend who has several clients they switch between, mostly whenever I send a message from another client like when going from element to nheko). I bridge Telegram, Signal, and IRC to matrix (and probably will add more soon). I’m not sure why I care so much about this chat protocol, but I do for some reason and I really want to see it work.
Right, thanks for clarifying. Yes, the desktop app isn’t as fast as it should be. On mobile we fixed this with Element X; on desktop we’re in the middle of the transition still. The conf talk on Element X Web is pretty good at explaining where it’s at: https://youtu.be/z0ULOptq2vk?t=240
Edit: also, on macOS on Apple Silicon, you can use Element X on macOS as a desktop app, and it works impressively well.
again, which app are you talking about? it's like saying "the web is buggy" but not saying what browser you're using. Looking at the App Store reviews for Element X at https://apps.apple.com/us/app/element-x-secure-chat-call/id1..., there are no complaints about bugs at all (only missing functionality, which has since been added)?
Aurora is a big deal! I’ve been waiting for the Rust SDK to come to the web.
I’m not fully through the talk yet, but it looks like they’re first modernizing the old application and planning to eventually switch base to Aurora, which seems sensible!
Either way, Rust SDK on the web, finally! This will hopefully make it easier to write other Matrix clients, since the JS SDK is pretty undocumented (and outdated).
So Aurora (https://github.com/element-hq/aurora) is a proof-of-concept we put together of rust-sdk on Web, using the new MVVM components from Element Web. However, the plan is likely not to actually switch base to Aurora, but instead migrate SDK within the existing app codebase eventually. (We might end up using Aurora for other purposes though). Either way, the ground work is the same: to split up the current app into MVVM components which can run on either js-sdk or rust-sdk.
Compared to Signal, where does element stand today in terms of privacy and encryption? Due to the decentralized nature they werent able to offer the same guarantees from what I remember
Matrix allows for unencrypted messages so it's inherently less encrypted than Signal. The federation capability also means messages leak metadata. Furthermore, encrypted messages also contain some metadata in the unencrypted envelope. Some protocol features (emoji reactions) also ended up outside of the encrypted envelope because of that. It's a risk with any protocol that has encryption bolted on and optional.
On the other hand, you can host your own Matrix server and still participate in the network, whereas Signal will have you convince your friends and family to install a custom Signal client if you want to run your own Signal server, for instance because you don't want to rely on Amazon's servers (Signal was down when Amazon went down this morning).
Signal sacrifices network openness for encryption capabilities.
There's also the MLS/MIMI side of things, but AFAIK that work hasn't been completed yet (MIMI isn't even a full RFC yet).
Element/Matrix, with some modifications, has been chosen as the messenger of choice by the French government (Tchap) as well as the German military (BwMessenger, BundesMessenger) and healthcare (TI-Messenger).
> Matrix allows for unencrypted messages so it's inherently less encrypted than Signal.
But that logic, Matrix is less encrypted than Whatsapp, too, which is a crazy thing to say.
> The federation capability also means messages leak metadata.
It's the opposite: The centralized architecture means that there is a single target server to attack for the metadata. With decentralization, you can't easily scale up your attack to all users.
Somewhat related - Can someone explain this to me? France and Germany want to lessen dependence on American organizations, so they choose Matrix, also an American organization.
Matrix, the organisation, takes care of the open source side of things.
BwMessenger is a partnership with "ELEMENT SOFTWARE SARL" (according to https://messenger.bwi.de/datenschutz), the French entity of the commercial side of the people originally behind the open Matrix ecosystem (https://element.io/legal/company-information). I'm not sure why the French entity is doing business with the Germans as Element also has a German entity, but either way the American side is not the one doing the work.
For the American entity, a lot (most?) of the work that's not from unrelated open source contributors seems to be coming in from either EU countries or the UK.
Thank you, it looks like my assumption was wrong
Matrix isn’t US at all; it’s a UK Non Profit.
Element is also UK headquartered, albeit with French/German/US subsidiaries when selling to those respective governments. BWI buy via France because when we started working with them we didn’t have a German legal entity yet.
It appears to have been started by Americans: https://en.wikipedia.org/wiki/Matrix_(protocol), https://en.wikipedia.org/wiki/Amdocs
Who perhaps chose the UK in an effort to distance themselves from the US
As I said, I see now my assumption was wrong
Signal and any kind of Slack SaaS: US infrastructure, US law around data governance. Matrix (and Zulip, for that matter, and mattermost too) encourage self-hosting on your own infrastructure, or at least in-country, even if the upstream security patches are coming from US developers.
Thank you, that helps me understand it better
Oh, and as everyone has said. Only some of the developers are from the US
If it's open source (and libre software) then it's not as important where the main development offices are (or where the company is incorporated). You still have control.
Seems like the majority of the team are in the EU anyway: https://matrix.org/foundation/about/
Thank you, and I see it's registered in the UK. I think it started in the US? Well, not like it's relevant anymore. And can you answer this question: If everyone has secure chat, then won't that benefit criminal organizations? I struggle to understand the love for private communication when it seems like that would benefit, for example, religious sects and sex abuse rings. NOT that I like that Zuckerborg keeping all my messages.
> If everyone has secure chat, then won't that benefit criminal organizations? I struggle to understand the love for private communication when it seems like that would benefit, for example, religious sects and sex abuse rings. NOT that I like that Zuckerborg keeping all my messages.
Yes, sort of.
The thing is, the government is already not permitted to wiretap people, at least without reasonable suspicion.
Wiretaps themselves are not admissible in court, and can only be offered as a mechanism to correlate behaviour anyway. At least in the UK. (Which, is ironic when you consider what's going on there with online speech, but I digress).
Factually speaking, in order to do a crime you have to physically do a crime, the police knowing when and where do not require access to your communications to figure out. They will sting people, get people to turn on other people or simply catch red-handed when doing ordinary police work.
If we legitimately believe what the governments of the world are saying: that we need to embolden the police. Then funding them properly is the right start, yet nobody seems to be doing that. The EU has been making cross border communication easier though, which is in-line with emboldening the police, so I'll give them that.
Having more information will do very little to help, for the same reason that phone taps aren't given out freely (and never have been) - because even if you have the data, you have to choose how to act on it, and you'd need the resources to investigate and follow-through.
There is a distinct irony that unencrypted SMS is more secure than online messengers, because there are legal protections.
Funding police outweighs the benefit organized crime may get from communicating securely ?
So you think that if normal people aren't allowed to use encryption that would hinder organized crime to use encryption? :-0
Are you European? I don't understand that use of hinder. You mean prevent from using? Then no, I don't think preventing normal people from using encryption will prevent criminals from using encryption, and didn't mean to imply that
To "hinder" means to make it more difficult to use something, or "to restrict" or "to prevent" someone from using it.
https://www.merriam-webster.com/thesaurus/hinder
Very much so.
> If everyone has secure chat, then won't that benefit criminal organizations?
Probably. But criminal organizations also benefit from having electricity, or cars, or a million other things that we all would be much worse off if we didn't have them. Just because something benefits criminal organizations as a side effect is not really a reason to not do it for the benefit of ordinary citizens.
My point wasn't that we should or shouldn't have it. I just get the impression that the same people calling for privacy will be highly outraged the next time, for example, an Austin Wolf (gay porn 'star' who used Telegram to share thousands of files showing abuse of children) situation arises, or it's inevitably revealed that religious sect xyz coordinated over it. Europeans trash talk Telegram (and that is fine), but somehow Matrix is different? How?
Freedoms tend to also benefit criminals, yes. That's kind of unavoidable.
Then crime will increase
See also: https://support.torproject.org/abuse/#abuse_what-about-crimi...
One of the biggest differences between Matrix and Signal is that Signal encrypts all room data, while Matrix exposes it. In Matrix, your home server has a view into the name of every group you participate in, and a list of its members and their roles. It also maintains a historical of people who join and leave the group, and when all these events take place.
Other servers that share at least one member of the group will also get at least a subset of this list.
This is true regardless of encryption. If a Matrix room enables encryption, only message contents are encrypted. Nothing else is, including everything mentioned above.
I think these two topics need to be looked at a bit separately, similar to for example WhatsApp, where you have e2ee but there are still lots of privacy risks.
In the matrix ecosystem, as far as I understand, having only one user from the matrix.org homeserver in your room already undermines metadata privacy to some degree. Also, there still are issues with decrypting messages from time to time with certain combinations of clients, rooms and homeservers, which effectively means that the "failsafe" option for getting messages across the network is using unencrypted rooms.
Having free, secure, federated, usable instant messaging is still not solved imho, and I think it's not easy to solve. So far matrix is the best attempt in my book, but it's also not there (yet?).
> So far matrix is the best attempt in my book, but it's also not there (yet?).
IMO XMPP is the best attempt so far, but it's completely outdated by today's standards. Matrix is a modern attempt, but it's just bad. I doubt that Matrix will actually get anywhere usable in the future.
It's absolutely possible to build such a protocol with high performance, seamless UX, Signal's level of privacy and security, and Discord's level of features. It's just a lot of work to actually build the specifications and flagship implementations, compared to just building a good centralized option.
> Matrix is a modern attempt, but it's just bad. I doubt that Matrix will actually get anywhere usable in the future.
Obviously I’m biased, but I seriously suggest looking at the various vids from the Conference. Matrix has definitely had some ups and downs in the past, but right now it is in a good place.
On XMPP, I agree. I think requirements also changed a lot over the years with smartphones and mobile internet access everywhere.
And yeah it's definitely possible, but it's a lot of work, both technically and from an organizational perspective (funding, governance, etc).
Signal requires a phone number, and AFAIK the PIN to prevent carrier-level attacks (well known) is not enabled by default.
Signal is a cryptographically well thought out protocol that reduces meta data.
Matrix does not even encrypt emoji reactions.
Signal is centralized, so it becomes a huge target of all kinds of hackers and three-letter agencies. This alone is sufficient for me to never touch it. And then, there is this:
https://news.ycombinator.com/item?id=42788647
https://news.ycombinator.com/item?id=39445976
It's exactly the same encryption tech, but a bit more trustworthy than signal.
It's less encrypted. E.g. you'd think that emoji reactions are end-to-end-encrypted (as they are in Signal). But they aren't[1]. I expect similar implementation issues wrt. the encryption in Matrix.
[1]: https://github.com/matrix-org/matrix-spec/issues/660
This is factually incorrect.
https://soatok.blog/2025/02/18/reviewing-the-cryptography-us...
https://soatok.blog/2024/08/14/security-issues-in-matrixs-ol...
Signal uses a whole suite of modern cryptography, including post-quantum ratchets for key agreement and zero-knowledge proofs for group membership.
Meanwhile, Matrix has a plaintext mode and knowingly shipped libraries with side-channels for years, by their own admission (and left many clients in the ecosystem depending on the vulnerable C implementation when they rewrote their cryptography protocol in Rust).
Even today, they are not the same protocol. Olm/Megolm is distinct from Signal in a lot of ways that I've outlined in my previous blog posts.
I don't particularly care if people like Matrix, but please don't spread falsehoods about the cryptography being used.
can you expand on how its more trustworthy than signal?
You can validate the code that's running on the client and the server, in theory
You can validate the code running on the client (well, not on iOS, but that's true for all iOS apps unless you've jailbroken your phone).
If Signal works well, you shouldn't need to validate what code is running on the server in the first place.
In theory you can do the same with Signal, as they source dump their server code every now and then.
If you reject that on the basis of "we can't know if it's what they're running" or "it's a partial dump", then I don't see how Matrix is any different. Not only we can't know if Matrix servers have modified software, but we also have to trust/verify several servers instead of a single one.
The fundamental difference boiling down to trust isn't primarily in the cryptography; it's entirely down to the infrastructure and the root of control.
Signal is widely regarded as the gold standard for centralised E2EE, but its architecture forces you into two massive, non-negotiable trust compromises:
1) You must trust the Signal corporation with all your metadata. Every routing and handshake detail passes through one single choke point that they control. That is an unacceptable risk for security-minded users.
2) You rely completely on Signal to truthfully publish a pre-compiled binary that actually reflects the open-source code. For the vast majority, this is unverifiable in practice. It's a critical client-side act of faith.
Matrix’s design fundamentally eliminates these single points of failure, shifting the root of trust squarely to the user (or a group you trust):
1) Self-hosting; This is the game-changing feature. Host your own Synapse/Dendrite instance. Your metadata never leaves your control. You move the trust boundary from a corporation to yourself. You genuinely achieve "no communication outside your control."
2) Matrix uses an open specification. You can use FluffyChat, Nheko, or Element. This breaks the coupling between the server and the client. Even if you rely on a third-party server, you can use a client built by a completely different team, making the client-side code independently auditable and verifiable across projects. This is the ultimate defence against subtle backdoors in a single vendor's binary.
TL;DR: Signal offers "trusted third-party" crypto running on a single, unauditable binary. Matrix is decentralised, verifiable zero-trust communication. The comparison isn't about the strength of the AES key or which data it has been applied to; it's about the architectural freedom to not have to trust another entity with either your data or your code. That freedom represents an essential leap in trustworthiness.
Super nice summary. Makes me want to use Matrix again, but the clients have all been very poor in my experience. Element on desktop was okay and I used it for work without issue, but it's not nearly as slick as "scan this QR code and import your contacts" (oh that's another difference, your ability to use the network is governed by Signal allowing you to register an account, typically requiring a phone number for bot prevention, which seems like an extreme step for an app that aims to keep you anonymous.)
You might be making good points, I'm not familiar enough with the context to tell, but whining about downvotes is in bad taste, so a large part of your downvotes probably come from there, mine included.
Apologies, it's frustrating watching my comment go from +5 to -2 in a handful of seconds.
Not that I'm into karma farming (or that it even means anything), but it irritates me to think that people are gaming the discourse here.
There's an implicit groupthink when it comes to seeing greyed out comments; to the point that people may (and do) think that the comment is non-factual or at the very least unpopular. This is especially true in subjects that are critical of Signal.
Unfortunately, many people work this way: "I don't like this, therefore it's false"
There's eight billion something humans on the planet, I think it's pretty okay if seven of them disagree with what you're saying.
Yeah.
Just weird that they all found my comment at the same time.
.. and it happens, every time, a slow build up of points, maybe some ups and downs, then suddenly it falls off a cliff. It's.. it's too perfect.
Quoting the guidelines [0], if you think that's really what's happening, you can try reaching out to the mods.
> Please don't post insinuations about astroturfing, shilling, brigading, foreign agents, and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
[0] https://news.ycombinator.com/newsguidelines.html
I noticed that they renamed the Element mobile app to Element Classic. Has Element X reached feature parity and stability yet? For how long will Classic be maintained?
> The outgoing Element mobile app (‘classic Element’) will remain available in the app stores until at least the end of 2025, to ensure a smooth transition
https://element.io/blog/mas-migration-unleashes-element-x-on...
I can't find any other communication from Element Creations other than that.
The renaming to Element Classic doesn't bode well considering that Element X still doesn't support a vast number of home servers and a number of Synapse authn/authz features.
If they remove it from the app store, my advice for my users is going to be to switch to fluffychat, and I'll eventually migrate away from Synapse to some flavor of Conduit.
You can learn more about Element X migration plans from last weekend's Matrix conference here https://youtu.be/_cahXxr8d-4?si=0b9qyjiEYVpMczDy&t=442
Element X now has initial support for threads & spaces (as of last week), which were the main things missing from full parity with Element Classic.
As of lately, Spaces are now supported in Element X which possibly brings it to feature parity (at least I wouldn't know what's missing, and I've been using Element X now for some months because of these plans)
Absolutely not. It doesn't have commands and probably a lot more.
It also does not have parity by having deliberate breakage like calls.
It's a sluggish buggy mess, so I guess you could say it has parity in that aspect.
User report from 2025: Both the application and web UI are still buggy and slow. This is not acceptable in an application this simple in nature, that has been around for so long.
The only desktop messenger with smooth performance I'v used was Telegram. Signal, WhatsApp, Element, and all the other Electron applications all introduce hard-to-pinpoint latency somewhere. Unfortunately, Telegram is... Telegram.
For XMPP/Matrix/etc. there are plenty of (more) native alternatives but they're not as feature complete as Telegram or their Electron counterparts, unfortunately.
My lack of C++ and Qt experience has still managed to keep my urge to rip out the Telegram protocol and replace it with something else. Maybe I'll try throwing AI at the problem and release a slop POC. Secretly, I'm hoping someone else will do the hard work for me...
The mobile apps for all are fine, though. Electron hasn't hit mobile phones just yet.
I use thunderbird for email and they now let you connect to matrix, irc, xmpp, and whatever Odnoklassniki is. It's quite barebones however, like it looks like people are just adding lines to a google doc, barely any interface at all. Really a stylesheet would go along way, looks like userChrome.css works, so maybe I'll mess with that.
which app are you talking about? as per the conference keynote, there are loads of different ones now, written in different stacks without any overlapping implementations.
If you're talking about the old Element Classic mobile app, then yes, it's now been replaced by Element X (which now has spaces & threads support, and so pretty much has parity with the old app), and it is super fast, and not buggy.
Latest Element X Testflight and nightly both crash for me very consistently when navigating back from two or more levels deep (like from Chats > room > room info and then going back). iOS 26.1 beta (23B5064e). I’ve been blaming it on iOS for now since I can’t go back to not running a beta yet :( Also seems like the notification badge is always = real notifications + 1 which i’ve read happens with Synapse or something but I’ve never found a way to fix it.
Also seems like spoiler messages in Element X appear as just an empty chat bubble that i’ve been meaning to report. And why does sending spoilers on Element require using /spoiler when discord and telegram use `||spoilered text||`?
I really want to love Matrix. I’ve been using it with my girlfriend (on a self hosted Synapse server for us) who barely tolerates it, some other friends who range from also tolerating it to hating it (and having decryption errors a lot with a friend who has several clients they switch between, mostly whenever I send a message from another client like when going from element to nheko). I bridge Telegram, Signal, and IRC to matrix (and probably will add more soon). I’m not sure why I care so much about this chat protocol, but I do for some reason and I really want to see it work.
Hi! I'm referring to the one on element.io/download marked "Desktop" I haven't tried element.x. Seems to be phone only?
Right, thanks for clarifying. Yes, the desktop app isn’t as fast as it should be. On mobile we fixed this with Element X; on desktop we’re in the middle of the transition still. The conf talk on Element X Web is pretty good at explaining where it’s at: https://youtu.be/z0ULOptq2vk?t=240
Edit: also, on macOS on Apple Silicon, you can use Element X on macOS as a desktop app, and it works impressively well.
For Desktop, use nheko as the client app. It's lightning fast.
It's not buggy? You should try going to the app store(s) and looking at reviews.
again, which app are you talking about? it's like saying "the web is buggy" but not saying what browser you're using. Looking at the App Store reviews for Element X at https://apps.apple.com/us/app/element-x-secure-chat-call/id1..., there are no complaints about bugs at all (only missing functionality, which has since been added)?