If it’s the problem that I’ve seen people complain about in the past, it’s effectively the same as HTTPS ‘not supporting’ end to end encryption because it runs over IP and IP packets contain the IP address of where they need to go, so someone can see that two IP addresses are communicating, which is unavoidable as otherwise there’s nothing to say where the data needs to go, so no way for it to get there. Someone did a blog post a couple of years ago claiming Matrix was unsecure as encrypted messages had their destination homeserver in plaintext, but that doesn’t carry any information that isn’t implied by the fact that the message is being sent to that homeserver’s IP.
Message metadata - such as sender, recipient, device ID, and timestamps - is not encrypted at the transport layer, and in many cases remains visible to the homeserver
Wire wrote that article in summer last year to prevent the German IT-Planning Council from adopting Matrix as the communications layer for its consolidated interfederal government-to-citizen messaging infrastructure in the public administration.
So be aware that, to my knowledge, this article is not a good-faith tech blog post but part of public affairs campaign / lobbying attempt.
Would be neat to have meta data encrypted in Matrix, but it’s not a deal breaker for most use cases imo.
Agreed, but metadata not being encrypted remains a fact. Sure, metadata of a single message might not mean much, but when combined with metadata of many messages from many users you can find out a lot about a person and their habits. Especially when cross-referencing with other data sources (social media of other users, phone location, etc.).
Please explain. They don’t have that?
If it’s the problem that I’ve seen people complain about in the past, it’s effectively the same as HTTPS ‘not supporting’ end to end encryption because it runs over IP and IP packets contain the IP address of where they need to go, so someone can see that two IP addresses are communicating, which is unavoidable as otherwise there’s nothing to say where the data needs to go, so no way for it to get there. Someone did a blog post a couple of years ago claiming Matrix was unsecure as encrypted messages had their destination homeserver in plaintext, but that doesn’t carry any information that isn’t implied by the fact that the message is being sent to that homeserver’s IP.
But what if the name of my home server is my private key? Mah jong, alchemists!
https://wire.com/en/blog/matrix-not-safe-eu-data-privacy
Wire wrote that article in summer last year to prevent the German IT-Planning Council from adopting Matrix as the communications layer for its consolidated interfederal government-to-citizen messaging infrastructure in the public administration.
So be aware that, to my knowledge, this article is not a good-faith tech blog post but part of public affairs campaign / lobbying attempt.
Would be neat to have meta data encrypted in Matrix, but it’s not a deal breaker for most use cases imo.
Agreed, but metadata not being encrypted remains a fact. Sure, metadata of a single message might not mean much, but when combined with metadata of many messages from many users you can find out a lot about a person and their habits. Especially when cross-referencing with other data sources (social media of other users, phone location, etc.).
https://youtube.com/watch?v=tL8_caB35Pg
Absolutely, it’s definitely one of the major areas work on the Matrix standard is needed.
There is an MSC (= a spec change proposal) from September 2025 where the folks at Element proposed a solution for how to do this going forward: https://github.com/matrix-org/matrix-spec-proposals/pull/3414?ref=element.io
This blog article explains it more clearly: https://element.io/blog/hiding-room-metadata-from-servers/