Matrix vs. XMPP

/pix/xmpp.svg

What are XMPP and Matrix and what makes them special?

XMPP and Matrix are two decentralized and federated free sofware projects for chat, including true end-to-end encrypted chat.

Users can either install the software on their own server if they want, but they can also easily register on any public server—both allow any XMPP or Matrix user to talk to users on their server or on any other one. In essence, it works like email: you might have an email account on a different site than your friend, but all accounts on all sites can communicate.

In a world where most communication is done on centralized proprietary platforms without end-to-end encryption like Facebook, Telegram and Google, Matrix and XMPP both are permanent solutions to communication privacy. Even based boomerware like IRC has to play second fiddle to them.

The only question is, "Which is better? XMPP or Matrix?"

Matrix vs. XMPP: Which is better?

After timely research and experience, I will say that XMPP is superior to Matrix. I'll talk about why here, but I'll firstly discuss Matrix's apparent advantages over XMPP.

There are some use-cases where Matrix is preferrable to use and Matrix is somewhat easier for normal people to start using. However, Matrix, although it is still end-to-end encrypted has larger metadata liabilities. Although Matrix is decentralized, there are many issues that make it too reliant on the "main" Matrix.org server. It also has more significant problems in that metadata is spread from server to server.

Matrix's advantages over XMPP

Matrix is more normie friendly.

Although there are many Matrix clients out there, there is one "primary" one, Element (formerly called Riot). Element is a lot more streamlined and easier to use than most all other clients, and it is available on all platforms. This is because it is an odious Electron-based application, but that it is a big advantage to be able to tell your friends just about one program they can use on all platforms.

Matrix now comes End-to-end encrypted by default.

The standard Matrix-Synapse server now encrypts all chats and private rooms with end-to-end encryption by default. This is not the case for most XMPP servers. For example, OMEMO encryption can be used with XMPP servers, but it usually requires extra setting up and many XMPP clients do not have proper or easy compatibility with default End-to-end encryption (you may have to manually select to encrypt communications for each chat).

Matrix's default functionality is more "intuitive."

If someone sends you a message, you expect it to show up on all your devices, not just the one that checks first. When you install a new application on your phone, you sort of expect it to be able to view previous conversations in the chat. XMPP does not necessarily work like this by default (I should say that some XMPP servers do allow this), but in general Matrix chats are really more like entire chat histories that multiple people can edit and sync.

This makes Matrix a lot more familiar in functionality to old AOL/Google chats, or things like Discord or Telegram, which people are used to and find convenient. XMPP can indeed do all this, but it requires more setting up, and you are more likely to run into unexpected things when setting it up yourself.

XMPP's advantages over Matrix

But all that said, as I said above, XMPP is better than Matrix.

XMPP servers are easier to manage than Matrix.

The default Matrix server software is atrocious. Trying to do something "simple" like deleting a user account from the command line is frustration. You might have to open up databases yourself and do it manually. There is a distinct lack of configuration options in Matrix compared to XMPP servers and XMPP server usually have a good command-line interface to do basic things.

XMPP is lightweight. Matrix is big bloatware.

I just logged into a VPS where I host both a Matrix and an XMPP server. It has about 1G of RAM. Right now, 27.7% of my memory is hogged by the Matrix server, while the XMPP server is only using 1.4%. That makes Matrix a major resource hog, while XMPP is the kind of thing you can spin up on your already-existing VPS and not really have to worry about it.

This is no big surprise because the default Matrix server is soyware written in Python. While the Matrix team is allegedly working on a better non-Python server-side, XMPP already has many different kinds of server software to choose from, some of the more popular ones being ejabberd and Prosody IM.

Matrix is less decentralized.

This might be somewhat related to the above issue, but very few people actually run their own Matrix servers and instead, just use Matrix.org, which is the Matrix server of the official company. This means that policies and blocks issued by Matrix the organization can functionally disconnect who they want from most Matrix users.

Additionally, the default settings in the Matrix server configuration use matrix.org and vector.im. These sites thus get a lot of independent metadata from other unsuspecting instances.

Matrix is a metadata disaster.

It gets worse. Because Matrix doesn't really just exchange individual messages, but because it syncs entire chats to all involved servers, this means that while all messages might be end-to-end encrypted, the conversation metadata is known to all servers, including what accounts are involved, when messages are sent and other account information made public (for example, users can add their emails and phone numbers to their accounts). See more here.

That means that all Matrix servers, especially Matrix.org, has a huge repository of metadata. Although chats are thankfully encrypted, encrypted chat logs are synced between all relevant servers, spreading metadata far and wide, and nearly always back to Matrix.org.

Privacy with Matrix used to be even worse. Passwords used to be verified on a centralized identity server, and much more.

You're probably wondering how any of this could get any worse...

   

...

   

Take a guess...

   

...

   

🇮🇱 Matrix is linked to Israeli intelligence! 🇮🇱

Matrix was developed and funded by a company Amdocs. Amdocs is an Israeli company that has since moved to America and has near total knowledge of American telephone communications.

You can read about the fun history of Amdocs here. More about Matrix and Amdocs here.

Since American telephone records have "mysteriously" fallen into the hands of Israel, there are many questions as how this has happened. Perhaps this Israeli company which has had many Israeli military and intelligence officers involved with it and which also has all American telephone records might be involved?

Actually, this is just like Matrix. Amdocs does not have access to telephone audio (so far as I know), they only traffic in metadata (when calls are made and between whom). Matrix functions the same way. Chats are at least end-to-end encrypted (which still puts this Israeli honeypot lightyears ahead of proprietary spyware like Telegram), but Matrix metadata is easily available to server administrators.

Now to be clear, formally, since 2017, Amdocs no longer is the open sponsor of Matrix. It is instead funded by a break-off organization called Vector. But Matrix/Vector has somehow remained very, very well-funded for a "community-driven" project: they raised $8.5 million, that's a lot for free stuff! Crowd-funding for relatively unknown open source software projects is apparently much more lucrative than I thought!

(Of course, we all know that this is a baseless and widely deboonkted anti-semitic conspiracy theory as Our Greatest Ally^®️^ Israel would never do anything bad to us at all.)

In conclusion

Matrix is federated and free software which is end-to-end encrypted, but it's bloated and the company behind it might be a privacy danger. Using Matrix is indisputably better than using Telegram or Google or Facebook on nearly every count, but XMPP outclasses Matrix on pretty much everything.

XMPP is minimal software that is easy to run on a small server. It requires more setup time and has the Linux-like "problem" of there being a lot of "fragmentation" (i.e. choices), but XMPP is a much better long-term tool despite the fact that it might require you to set a couple more settings to get it how you want. XMPP is also more scalable and customizeable.

I do run a Matrix server because I had to move some Telegram-using friends to something better and I was worried that the world of XMPP might be a little much. Retrospectively, I think I could've just switched them to XMPP, and I might still in the future, but Matrix is simpler for people to grasp and install if they don't know too much about computers.

How the XMPP environment can be improved

It would be very nice to have a cross-platform XMPP chat platform. Obviously I don't want Electron trash like Matrix's Element (although Element is intuitive enough), but when I say cross-platform, that might just be several different XMPP clients (one Linux, one Android, one iOS, etc.) that decide to go for similar design principles and branding. This might sound stupid, but it makes the environment accessible to people unfamiliar with it because they know that one program (or "branding") they can look up and recomend friends.

Other note

I suspect some people will be a little upset I "only" talked about Matrix and XMPP as chat protocols. In reality, both are highly extensible and can to many more things. I'll talk about that when I feel it's relevant, but most people looking into them are looking for an actually secure chat system.