XMPP arguably has some of of the strongest crypto functionality there is, it’s just too dependent on the app to feel safe, since all of the vulnerabilities in these ecosystems are basically down to the client implementation.
Absolutely, and an argument can be made about captive ecosystems controlling both clients and servers. They also represent a single point of failure, so there’s no magic bullet. In practice it’s also not that different than keeping up with your browser’s/OS’/phone’s updates and XMPP has that for itself that it has (unlike Matrix) a vibrant community of clients and servers supported by diverse parties (commercial and not).
XMPP arguably has some of of the strongest crypto functionality there is, it’s just too dependent on the app to feel safe, since all of the vulnerabilities in these ecosystems are basically down to the client implementation.
Absolutely, and an argument can be made about captive ecosystems controlling both clients and servers. They also represent a single point of failure, so there’s no magic bullet. In practice it’s also not that different than keeping up with your browser’s/OS’/phone’s updates and XMPP has that for itself that it has (unlike Matrix) a vibrant community of clients and servers supported by diverse parties (commercial and not).