Matrix encryption is flawed too, avatars, reactions etc. are NOT encrypted. Matrix might be an alternative until all flaws are fixed, but that might take years from now.
Most messengers only encrypt the text body. There is some work underway to improve this in XMPP with a new version of the OMEMO standard, but this is not yet implemented in most client.
IMHO the bigger problem with Matrix's OLM e2ee is that they weakened key exchange to be per account and not per device (mainly to make it more scalable in group-chats) and this requires devices to exchange the shared private key which is inherently risky.
BridgeBum@lemmy.ml 2 years ago
There is some risk, sure. I don't see how this would be any more risky than a TLS exchange. Obviously the exchange can be implemented badly, but if done correctly it seems like it would work with certs and send the key encrypted.
I think the bigger risk is the key sitting at rest on multiple devices, some of which are easily lost (cell phones) and could then compromise an account.
poVoq@lemmy.ml 2 years ago
You seem to have a misunderstanding of what public and private keys are. Private keys should never leave the device they were created on, and yes of course having the same key on multiple devices is also a problem.