State resolution is just a total mess. On the best of days it's a hideously complicated system that sucks crazy resources, and on the worst of days rooms get blown up and bricked. Supposedly it's not as bad as before, but the fact that rooms can get bricked in the first place is bonkers. Just computing the member list of a room is a disaster due to the complex resolution algorithm - I spoke to a homeserver admin once who found that the DB storage space of just the member list can easily reach multiple gigabytes for larger rooms.

Also years later, we still don't have custom emojis, user statuses, user bios, invite links etc. - very basic things that literally every messaging platform has. https://github.com/element-hq/element-meta/issues/339 https://github.com/element-hq/element-meta/issues/573 https://github.com/element-hq/element-meta/issues/426

I'm interested in hearing if anyone has used simplex and what kind of experience it is. It seems like simplex is going for a similar audience as signal but using a very different approach. I don't think they've really had a breakout though and haven't heard it talked about much.

Lies by omission. SimpleX doesn't mask your IP-address by default. It leaks to the server. The ENTIRE public SimpleX network is hosted by two companies, Akamai and Runonflux. Metadata of two conversing users running on the same VPS can be detected with end-to-end correlation attacks, so pray that the two are not PRISM partners or whatever has replaced that program.

I'd be fine with SimpleX if they

1) bundled Tor and had a toggle switch during initial setup.

2) were transparent about what the toggle switch does (lag/bandwidth vs IP masking)

This is crucial as they already have Tor Onion Service server infra set up, but they're not making it easy for a layperson to use those. Instead they lie by omission. Their

"SimpleX has no identifiers"

only means

"SimpleX does not add additional identifiers"

They don't give a damn about your router gluing your IP address, that's increasingly becoming a unique IPv6 address, to every TCP packet header.

https://nebuchadnezzar-megolm.github.io/

Happy holidays, HN… :)

I still have gripes about it. Improvements to the spec and software have been slow lately, due to funding issues. But they are still arriving. The official desktop client remains buggy, bloated, and cluttered. But there are lighter alternatives that do what I need 99% of the time. Much of the meta-data is not yet end-to-end encrypted. But that's still planned, and since it's not as important in my day-to-day chats as it might be if I were whistleblowing, I'm willing to wait.

I continue to use Matrix because there is nothing else offering the combination of features that I most value in it. Notably:

- decentralized

- 1:1 and group chats

- offline message delivery

- multi-device support

- end-to-end message encryption with well-understood ciphers and protocols

- easy enough that I have brought in non-tech-savvy contacts with very little assistance

- cross-platform, on every major desktop and mobile OS

- not tied to google services or libraries

- open-source

- free (in both senses)

- self-hostable

- reasonably anonymous; no need for a real name, phone number, or (depending on homeserver) even an email address

- (in development) scalable audio/video chat that looks very promising

Harder to quantify, but also worth acknowledging: The project lead seems very level-headed, demonstrating good judgment and tremendous patience, and consistently makes himself and the inner workings of this difficult project accessible to the public. This gives me the sense that Matrix continues to develop with sound guidance. Thanks, Arathorn!

https://youtu.be/DdM-XTRyC9c

I disagree so much. Yes Federation is hard and it brings lots of new challenges. But with things like Chatcontrol it's the only way we can continue to communicate securely in the EU. Everything that is not federated has a single entity managing it which can be threatened with punitive actions. With federation everyone can run their own server meaning too many people to go after.

I understand these guys don't want it and they have good reason but federation in general should not die.

I hope maybe if we can be aware that this is a broad set of technologies being driven by a broad set of goals then we can be a bit more gracious when a project isn't perfectly aligning with our personal values and find the common ground and values.

For what it's worth, we've been working on improving Matrix's metadata footprint this year: MSC4362 (https://github.com/matrix-org/matrix-spec-proposals/blob/kay...) got implemented on matrix-js-sdk for encrypting room state (currently behind a labs flag on Element Web: https://github.com/element-hq/element-web/blob/develop/docs/...). Meanwhile more radical proposals like MSC4256 (https://github.com/dklimpel/matrix-spec-proposals/blob/mls-R...) go and remove senders entirely and encrypt room state via MLS.

The reason Matrix hasn't prioritised metadata protection earlier is:

* If you're particularly concerned about metadata footprint, you can run your own servers in whatever network environment you feel like - you are NOT surrendering metadata to some central or 3rd party server as you would in a centralised platform.

* We've had to focus on getting decentralised encryption stable, which turns out to be hard enough without also throwing in metadata protection - it's only this year that we've turned that corner.

* Unless you're using a mixnet, network traffic gives away a significant amount of metadata anyway.

Anyway, yes: Matrix can do better on obfuscating metadata on servers, and we'll continue improving it in 2026.

Meanwhile, if anyone's feeling nostalgic you can see a presentation I wrote preempting the challenge of metadata protection back in 2016 (on the day we first turned on E2EE in Matrix, ironically): https://matrix.org/~matthew/2015-06-26%20Matrix%20Jardin%20E.... In some other world perhaps we would have got to this point sooner, but better late than never.

EDIT: I can't face going through all the other points in this post, but it's worth noting that some of it is just entirely false - e.g. the hackea claims of "an impressive collection of private data being sent to Matrix central servers, even when you use your own instance", or the fact that media isn't authed (it has been since Jun 2024). Meanwhile the abuse situation has evolved significantly in 2025, with stuff like https://matrix.org/blog/2025/02/building-a-safer-matrix/ and https://matrix.org/blog/2025/12/policyserv as well as hiring up a larger trust & safety team at the Matrix Foundation.

I joined the mozilla matrix, and ironically, this caused the auth system to completely break down for some reason since I would log in each time.

It suggested to reset the whatever login data cookie thing because it did not want to trust me anymore, displaying red warning or whatever.

I asked around, and apparently they disagreed about that strict cookie policy, which felt quite ironic coming from the mozilla community.

The person who wrote this just wants a centralized, moderated chat/social media system. Use Discord/Slack/Reddit if you don't like the resiliency of decentralized systems. There are some legit gripes in this massive list, but 90% of this reads as "I want Matrix to be centralized!" Good news, that exists already!

They've lost me right here.

No new complaints: The standard it badgers you to authenticate, then doesn't let you due to errors. Slow to load messages, inconsistent whether edits will show or not, inits channels to an arbitrary time in the past, then you have to click the arrow a few times and wait to get to the latest, the page won't load on mobile, etc.

Has anyone done a comparison between Simplex & any specific P2P systems (the P2P coverage in this article is extremely vague & handwave-y) - e.g. something like Scuttlebutt?

- No multi-device support. I want to send and receive messages using any of my devices, independently, no matter where they are. (Being able to tether a phone to a computer is not sufficient.)

- Messages are dropped if not retrieved a timely manner. 21 days by default, which is shorter than some of my vacations.

- It was not clear to me what happens to undelivered messages when a queue server crashes, loses power, or reboots for maintenance.

- Establishing a chat requires sharing a large link or QR code through some out-of-band channel, which I often find inconvenient.

- Funded almost entirely by venture capital. This suggests to me that it is likely to either vanish or turn to some form of exploiting users, eventually. I don't want to build my contacts network upon that foundation.

- It was not clear to me who controls the queue servers, what incentives exist for their operators, or how their maintenance is funded. Absent that information, I must assume that most or all of them are run by the same people, making it a hair's breadth from a centralized service.

- Frequently repeated marketing claims of having no user IDs, when its message queue IDs are user IDs. The privacy improvement vs. a traditional service is through generating a distinct ID for sharing with each contact in 1:1 chats. (Group chats do not have this feature.) While I consider this valuable (it's like automatically giving you a separate email alias for use with each contact), I despise that it was presented as something that it is not. Perhaps they have stopped making the original claim by now, but even if so, the fact that they lied to people in the first place makes me unlikely to entrust my communications to them.

I prefer Matrix. I'll comment separately regarding why.

That's the way Matrix goes, but that's not an inherent property of federation (XMPP doesn't leak nearly as much metadata as Matrix does, for instance)

Also, there is no free lunch in this space: p2p is slow and inefficient (bandwidth as much as battery) for modern mobile usecases, the workarounds generally consist of having edge servers to act as caches or preferred routing points, and that brings us back to the exact same set of tradeoffs found in the federation model, except with less control.

In short, I agree with the premise that Matrix is terrible, but not that federation is necessarily bad, nor that P2P is clearly superior.

Lost messages, impossibility to backup or recover, search not working and weird unexplainable bugs...

To try to fix a cache issue I once tried to look at the source code, it was an undecipherable hot mess like if it was encrypted and the key was loss also ... :p

The illegal content one is I think the most problematic. Meta and friends don’t employ teams of psychological scarred content moderators for giggles…

I wanted to believe, but sadly privacy must be hard-coded or the people with a large set of technical skill, access to AI agents who will restlessly pursue their mission, and a dysfunctional moral compass will attempt to technologically dominate users.

There's no decentralized protocol as they're centered around their developers. Too much human effort and attention has been centered around software.

The ephemeral gibberish of software developers approaches religious like obsession with sigils and notation levels of absurdity. Believe in their scripture! It will see humanity to the promised land!

Meanwhile in meat space everyone I socialize with is tired of software engineers; "they over complicate everything!" is a common refrain.

This little filter bubble is probably fostering asocial mental illness's in many of its disciples

https://keet.io/