It also has several questionable endorsements and users, such as Jack Dorsey ( Twitter’s founder ), Elon Musk, and Mark Zuckerberg ( Facebook’s founder ).
Since when does Zuckerberg endorses Signal?
The best way to describe federation, is to think of email
The best way to do private/secure messenging is to do it similarly to the least private and secure messaging protocol in use?
Phone # Identifiers
This entire section completely ignores that Signal isn’t designed to talk to random people. It’s designed to talk to your friends/family/coworkers, who most likely already have your phone number. It makes it super easy to migrate. There’s no way my grandma would be able to add me on briar…
It also completely ignores the work that is being put into adding username that would allow you to talk to people without having to give them your phone number.
It also completely ignores Signal’s history. Initially it started as a way to encrypt SMS, so phone number were not an option anyway.
Signals database, which we must assume is compromised due to its centralized and US domiciled nature […] Message senders and recipients
Except that they don’t have the message senders thanks to sealed sender
Recently, signal has been attempting to integrate a cryptocurrency called MobileCoin, into the app itself. What a messaging platform has to do with an obscure cryptocurrency is a little vague; but there is probably some money driving this. Since Marlinspike doesn’t allow 3rd party clients, it is impossible to avoid these types of unwanted “features”.
Payment in Signal has been a major request since the migration from WhatsApp. In multiple countries WhatsApp has a payment feature that is hugely popular. At least they try to improve on such feature by using crypto to make it private, while not using proof of work which destroys the environment. And it’s not like they have actually shipped it. It’s only in the beta channel in a few countries…
Signal’s use luckily never caught on by the general public of China ( or the Hong Kong Administrative region ), whose government prefers autonomy, rather than letting US tech control its communication platforms
Yeah, it’s obviously because of that, and Chinese apps are a heaven of privacy and zero state censorship.
He uses signal, I don’t think he’s publicly endorsed it. Read over that sentence again.
The best way to do private/secure messenging is to do it similarly to the least private and secure messaging protocol in use?
I’m just describing how it works, this seems overly combative. Encryption is a different topic than federation. Emails and phone calls are federated, yet insecure.
This entire section completely ignores that Signal isn’t designed to talk to random people. It’s designed to talk to your friends/family/coworkers, who most likely already have your phone number. It makes it super easy to migrate. There’s no way my grandma would be able to add me on briar…
That “ease of migration” comes at a cost: namely that signal’s centralized server now knows your identity. And yes while briar isn’t quite user friendly yet, its just as easy to share a user_id string as it is a phone number. With matrix or XMPP I can share my ID with a link.
sealed sender
I don’t know enough about this to comment, but signal still has to know who to send the message to. That means that the server must decrypt the recipient at some point.
Payment in Signal has been a major request since the migration from WhatsApp. In multiple countries WhatsApp has a payment feature that is hugely popular.
I’d argue that most people don’t want a cryptocurrency bundled in their chat apps. This is a really strange thing to defend.
For the last one, its telling that you deleted half my sentence. The full sentence is this:
Signal’s use luckily never caught on by the general public of China ( or the Hong Kong Administrative region ), whose government prefers autonomy, rather than letting US tech control its communication platforms, as most of the rest of the world naively allows.
Many countries have now realized their mistake in letting US tech companies control their social media platforms, and are trying to adopt the PRC model of home-grown chat apps. A great example is India, where Facebook and Youtube ( 2 US tech companies ), are the most popular social media apps. This was a glaring mistake allowing these US surveillance giants to so completely own the social media landscape of India.
I don’t know enough about this to comment, but signal still has to know who to send the message to. That means that the server must decrypt the recipient at some point.
He uses signal, I don’t think he’s publicly endorsed it.
That’s not what in you essay. Also, this is a fact that I doubt a lot since he owns WhatsApp.
The story about that was when there was the huge Facebook data leak, allegedly, his phone number was in it, and it was possible to see that he was registered on Signal. At the time I tried to fact check this but couldn’t find anything that convinced me 100% of the veracity of this fact. I haven’t checked again so there may be some more convincing evidence available today.
Also, him being registered on it wouldn’t necessarily mean he is a user of Signal. He could have just registered to see what the competition looked like.
And if it were true that Marc Zuckerberg used Signal everyday, I would take it as a very strong confirmation that Signal is trustworthy. A quick way to test whether a conspiracy is true or not it to check if it would affect the rich and powerful.
Anyway, rich people endorsing Signal doesn’t mean anything. I hate Elon Musk too, but he just jumped on the bandwagon when it was already leaving and Signal was already gaining in popularity. A broken clock is right twice a day.
its just as easy to share a user_id string as it is a phone number
It’s not. I can dictate my phone number. I can’t do it for a cryptographic user id.
With matrix or XMPP I can share my ID with a link
With Signal I don’t have to because my phone number is already in their address book. When username arrive in Signal, a similar feature will likely be available anyway (though this is speculation, I don’t really know what it will look like and I don’t have the motivation to look at their WIP github branches).
sealed sender
I don’t know enough about this to comment, but signal still has to know who to send the message to. That means that the server must decrypt the recipient at some point.
It still is much less valuable than what you claim in your essay. They might be able to track you via your IP but that’s much less efficient and can be easily prevented via a VPN or using the builtin censorship circumvention proxy. Cryptography ensures that the rest cannot leak.
I’d argue that most people don’t want a cryptocurrency bundled in their chat apps. This is a really strange thing to defend.
If it is transparent and the use of crypto is hidden to the user while still preserving their privacy, it could be amazing. There’s no reason not to try, the beta version of the app is there exactly for this.
Many countries have now realized their mistake in letting US tech companies control their social media platforms, and are trying to adopt the PRC model of home-grown chat apps. A great example is India, where Facebook and Youtube ( 2 US tech companies ), are the most popular social media apps. This was a glaring mistake allowing these US surveillance giants to so completely own the social media landscape of India.
While I do wish my country (France) and other EU countries would do more in terms of regarding our concerning digital dependency on the US, I don’t see how the PRC is any better. They don’t have FB and other platforms which in some way is a good thing, however they have massive state surveillance in all of their internet platforms, and secure communication methods are banned.
If you live in France, why would you want a US company to own and control your communications? That was the main thrust of the article, which you never addressed.
With Signal I don’t really have to trust anyone regarding the confidentiality of the messages. The App is FLOSS, has been audited and is under a high level of scrutiny. The protocol itself is recognised as the golden standard regarding E2EE for asynchronous messaging by the cryptography community. I’m a student in cybersecurity/embedded systems. I understand the underlying double ratchet protocol, which I have studied and I am working on right now.
I don’t really need to trust anyone regarding confidentiality when I use Signal. If there were a service comparable to Signal in terms of ease of use, features and security but french, I’d use it. There’s olvid but it’s not FLOSS and has much worse UX, and Matrix/XMPP are less secure while being much harder to use (I do use matrix on a self-hosted server by some people I know).
I’m much more concerned about the Google and Huawei crap that I can’t remove from my phone and that I know is siphoning data for advertisement currently than some grand conspiracy that would be fooling the entire cyber-security community, with no concrete motive.
Non of your points are really any concrete proof of Signal being backdoored.
As I noted in my article, remember when signal went a whole year without publishing their server source code updates?
Non of your points are really any concrete proof of Signal being backdoored.
I also addressed this, in the NSL section. It is illegal for signal to tell you that, otherwise they all face heavy prison time. Your default position then is to “trust” US services… not a good idea from a privacy standpoint given the history of surveillance disclosures.
However, Signal is like the one application that’s user friendly and is NOT compromised, and you seem to be completely attacking it.
I have reason to believe that Signal is NOT compromised. and the code is indeed Open Source and can be trusted.
I don’t trust the US, but I do trust Moxie Marlinspike to be a privacy advocate, he has spent his entire career being an advocate for privacy.
although Signal went a whole year without publishing server source code because they were being subtle about introducing mobilecoin crypto-asset support, and they didn’t want people to jump hog wild into mobilecoin. However, they now have released the server source code, therefore I do not think this is a valid argument.
I appreciate your critique and well written essay, as well as your motivation. Thank you again for writing this, and I will heed your advice and be more skeptical of signal foundation. However, but I have followed Marlinspike for years, and was an early signal adopter, so I do have some trust that the project is not compromised.
comment from lobster also makes some good points here, and I tend to agree with this guy
This take comes up every so often, e.g. in some of the linked articles. I’m sympathetic to many of the concerns raised, but I’ve yet to see serious engagement with some of the deeper issues raised. For example:
A significant number of security and privacy-enhancing technologies (PET) have received US military funding or other support. See: Tor from the Naval Research Lab, OpenBSD from DARPA. SELinux comes from the NSA. The Open Technology Fund has also support Ricochet, WireGuard, ?
Delta.chat, and Briar (that the author recommends), etc. (link). Are all these tools suspect?
As an aside, the EU also funds a significant number of PETs. While not as egregious as the US, the EU is no enemy of mass surveillance, either.
One reason for Signal’s centralization is, in short, that it’s hard to update federated protocols, including their security features. E2E encryption in XMPP or email is still a pain, and far from usable for most people. I hope that e.g. Matrix can pull it off, but they face challenges that centralized services don’t. With a centralized service, you know that you can handle unforeseen security developments quickly. Shouldn’t this be a key priority for a security tool?
Using phone numbers as identifiers has its benefits: you don’t need to store users’ contacts on your servers. A service like Wire, that does allow you to sign up without a phone number, has to store your full social graph on their end. Avoiding this sort of metadata is a hard problem — Signal has opted for minimizing the amount they store.
It’s hard to overstate how much ease of use matters when it comes to gaining mass adoption for these tools. For a long time, privacy & security tools were super user-unfriendly, reserved only for a small technical elite (see PGP). If we want to combat mass surveillance, we need tools that the masses want to install (in my experience, it’s hard enough to convince activist groups to migrate off Discord or Slack — the alternatives need to be similarly easy to use).
How do you feel about the guy who donated 50 million to Signal? He probably has the most influence on the project second only to Marlinspike.
How do you feel about marlinspikes ruthlessly banning all third party clients and server implementations
I do agree that it is somewhat of an issue, but there was only one instance of this happening, where a fork of Signal was about to be added to fdroid. It’s not like they haven’t justified themselves. Anyway the features of LibreSignal (no hard requirement on Google Play services), was implemented in the official app. There are still two third party clients that exist: Axolotl and signal-cli. They don’t want to deal with third party client that they can’t update and thus need to keep support for outdated versions of the protocols that would introduce a lot of complexity and risks introducing downgrade attacks.
It also allows them to roll out “quality of life” features faster such as stickers, video calls, groups v2, and more recently groups where only admins can post, which would be harder to keep backward compatible.
The openness of Signal has already been fruitful. The protocol has been implemented in many other platforms, such as Matrix, WhatsApp and even Messenger.
However, Signal is like the one application that’s user friendly and is NOT compromised, and you seem to be completely attacking it.
That’s what annoys me the most here. We have one FLOSS project that is very high quality, secure and gained significant popularity, and we start shooting it down ourselves…
As I noted in my article, remember when signal went a whole year without publishing their server source code updates?
It was only the server side, which anyway we can’t attest is what is actually running on their servers, and there were some other repositories that contained up to date code. This was still concerning.
Your default position then is to “trust” US services…
This is not my default position. It is an informed choice based on the scrutiny and recognition that signal has worldwide.
So if we don’t know what runs on the server side, how do we know then that this is not used to map user networks, i.e. who communicates with who? From an activist POV wouldn’t that be a significant risk?
Also, even if you trust the company today, given that it is US based, it is subject to the gag orders the US government agencies hand out. So that makes it still a problem, no?
If that were the case, the sealed sender stuff would a complete lie, which would seem out of character for Signal.
Of course they know which client connects when to their server and sends messages to them.
Why ? The authentication can be done on the receiving side through cryptography. Why would it be required for the server to also authenticate the sender?
If that were the case, the sealed sender stuff would a complete lie, which would seem out of character for Signal.
It seems like your loyalty to signal isn’t based on any facts or history whatsoever. I go over the untrustworthy history of signal’s founders, but you’ve ignored all those points in your replies so far.
I go over the untrustworthy history of signal’s founders
The OTF also funds the following:
Briar, Tor, Wireguard, Delta Chat, Bind9, CGIProxy, CertBot, K-9 Mail, Tails, NoScript, QubesOS, The Guardian Project
You going to say that Briar is a good alternative despite receiving funding from the CIA just like Signal? How about QubesOS or NoScript. Are they also no longer trustworthy because they’re funded by the OTF?
I go over the untrustworthy history of signal’s founders, but you’ve ignored all those points in your replies so far.
Regarding your radio free asia funding story, Whisper Systems was founded in 2010 according to Wikipedia, while the funding from the open tech fund started in 2013.
There’s a lot of differences between Funding and FOunding. At that point it was already open sourced. It’s really far fetched to think that somehow, the US took control of it at that point.
You even ignore the point that Whisper System temporarily belonged to twitter, also a US company, which would have been a much simpler way for the US to seize control of the project than to go through some fund bla bla bla
If the only thing they have is an IP address it is much less info than the actual phone number of who sent the message. It can also be very easily prevented by using a VPN or the built-in anti censorship proxy.
It doesn’t necessarily mean that the phone number is sent with every API call.
The real authentication of who sent the message happens on the receiver’s device when they decrypt it.
In a centralized database without, this seems like it’d be trivial to get around. You’d only have to look at the client sent messages and correlate them to the receiving ones.
It’s more complex than that. The client doesn’t authenticate itself to the server. It only shows a certificate that says “I have a right to send messages to this person”. This certificate is anonymous and was initially generated by the receiver, and then sent via the encrypted session.
The server could still correlate the IP, which is much less valuable and can be hidden through VPNs or even the built-in censorship circumvention proxy.
Federation increases censorship resistance. I do not think it necessarily decreases privacy, although having metadata strewn across multiple servers may be a risk. Still, I think the comparison with email is a bit of a strawn man argument, since it is not only the federated nature of email which makes it easy to surveil but also the fact it is unencrypted by default.
Moreover, email these days is concentrating in the hands of a small number of providers (gmail, etc).
XMPP seems a lot more distributed at this point in time.
Federation makes it much harder to keep metadata private, though you could technically achieve the level of privacy found in Signal, it’s not easy.
In practice, Signal is a lot better at protecting your metadata than Matrix and XMPP.
Now that matrix has a lot of different clients and implementation, of would be super hard for them to implement something like Sealed Sender, which Signal was able to deploy very easily. I find it very unlikely that matrix will end up fixing its privacy issues. While Signal will be able to evolve and fix them. They are currently working on usernames for example.
Since when does Zuckerberg endorses Signal?
The best way to do private/secure messenging is to do it similarly to the least private and secure messaging protocol in use?
This entire section completely ignores that Signal isn’t designed to talk to random people. It’s designed to talk to your friends/family/coworkers, who most likely already have your phone number. It makes it super easy to migrate. There’s no way my grandma would be able to add me on briar…
It also completely ignores the work that is being put into adding username that would allow you to talk to people without having to give them your phone number.
It also completely ignores Signal’s history. Initially it started as a way to encrypt SMS, so phone number were not an option anyway.
Except that they don’t have the message senders thanks to sealed sender
Payment in Signal has been a major request since the migration from WhatsApp. In multiple countries WhatsApp has a payment feature that is hugely popular. At least they try to improve on such feature by using crypto to make it private, while not using proof of work which destroys the environment. And it’s not like they have actually shipped it. It’s only in the beta channel in a few countries…
Yeah, it’s obviously because of that, and Chinese apps are a heaven of privacy and zero state censorship.
He uses signal, I don’t think he’s publicly endorsed it. Read over that sentence again.
I’m just describing how it works, this seems overly combative. Encryption is a different topic than federation. Emails and phone calls are federated, yet insecure.
That “ease of migration” comes at a cost: namely that signal’s centralized server now knows your identity. And yes while briar isn’t quite user friendly yet, its just as easy to share a
user_id
string as it is a phone number. With matrix or XMPP I can share my ID with a link.I don’t know enough about this to comment, but signal still has to know who to send the message to. That means that the server must decrypt the recipient at some point.
I’d argue that most people don’t want a cryptocurrency bundled in their chat apps. This is a really strange thing to defend.
For the last one, its telling that you deleted half my sentence. The full sentence is this:
Many countries have now realized their mistake in letting US tech companies control their social media platforms, and are trying to adopt the PRC model of home-grown chat apps. A great example is India, where Facebook and Youtube ( 2 US tech companies ), are the most popular social media apps. This was a glaring mistake allowing these US surveillance giants to so completely own the social media landscape of India.
Then you shouldn’t be spreading FUD about it.
That’s not what in you essay. Also, this is a fact that I doubt a lot since he owns WhatsApp. The story about that was when there was the huge Facebook data leak, allegedly, his phone number was in it, and it was possible to see that he was registered on Signal. At the time I tried to fact check this but couldn’t find anything that convinced me 100% of the veracity of this fact. I haven’t checked again so there may be some more convincing evidence available today.
Also, him being registered on it wouldn’t necessarily mean he is a user of Signal. He could have just registered to see what the competition looked like.
And if it were true that Marc Zuckerberg used Signal everyday, I would take it as a very strong confirmation that Signal is trustworthy. A quick way to test whether a conspiracy is true or not it to check if it would affect the rich and powerful.
Anyway, rich people endorsing Signal doesn’t mean anything. I hate Elon Musk too, but he just jumped on the bandwagon when it was already leaving and Signal was already gaining in popularity. A broken clock is right twice a day.
It’s not. I can dictate my phone number. I can’t do it for a cryptographic user id.
With Signal I don’t have to because my phone number is already in their address book. When username arrive in Signal, a similar feature will likely be available anyway (though this is speculation, I don’t really know what it will look like and I don’t have the motivation to look at their WIP github branches).
It still is much less valuable than what you claim in your essay. They might be able to track you via your IP but that’s much less efficient and can be easily prevented via a VPN or using the builtin censorship circumvention proxy. Cryptography ensures that the rest cannot leak.
If it is transparent and the use of crypto is hidden to the user while still preserving their privacy, it could be amazing. There’s no reason not to try, the beta version of the app is there exactly for this.
While I do wish my country (France) and other EU countries would do more
in terms ofregarding our concerning digital dependency on the US, I don’t see how the PRC is any better. They don’t have FB and other platforms which in some way is a good thing, however they have massive state surveillance in all of their internet platforms, and secure communication methods are banned.If you live in France, why would you want a US company to own and control your communications? That was the main thrust of the article, which you never addressed.
With Signal I don’t really have to trust anyone regarding the confidentiality of the messages. The App is FLOSS, has been audited and is under a high level of scrutiny. The protocol itself is recognised as the golden standard regarding E2EE for asynchronous messaging by the cryptography community. I’m a student in cybersecurity/embedded systems. I understand the underlying double ratchet protocol, which I have studied and I am working on right now.
I don’t really need to trust anyone regarding confidentiality when I use Signal. If there were a service comparable to Signal in terms of ease of use, features and security but french, I’d use it. There’s olvid but it’s not FLOSS and has much worse UX, and Matrix/XMPP are less secure while being much harder to use (I do use matrix on a self-hosted server by some people I know).
I’m much more concerned about the Google and Huawei crap that I can’t remove from my phone and that I know is siphoning data for advertisement currently than some grand conspiracy that would be fooling the entire cyber-security community, with no concrete motive.
Non of your points are really any concrete proof of Signal being backdoored.
As I noted in my article, remember when signal went a whole year without publishing their server source code updates?
I also addressed this, in the NSL section. It is illegal for signal to tell you that, otherwise they all face heavy prison time. Your default position then is to “trust” US services… not a good idea from a privacy standpoint given the history of surveillance disclosures.
I appreciate and admire your motivation @dessalines@lemmy.ml
However, Signal is like the one application that’s user friendly and is NOT compromised, and you seem to be completely attacking it.
I have reason to believe that Signal is NOT compromised. and the code is indeed Open Source and can be trusted.
I don’t trust the US, but I do trust Moxie Marlinspike to be a privacy advocate, he has spent his entire career being an advocate for privacy.
although Signal went a whole year without publishing server source code because they were being subtle about introducing mobilecoin crypto-asset support, and they didn’t want people to jump hog wild into mobilecoin. However, they now have released the server source code, therefore I do not think this is a valid argument.
How do you feel about marlinspikes ruthlessly banning all third party clients and server implementations? Or his choice of phone # identifiers?
I appreciate your critique and well written essay, as well as your motivation. Thank you again for writing this, and I will heed your advice and be more skeptical of signal foundation. However, but I have followed Marlinspike for years, and was an early signal adopter, so I do have some trust that the project is not compromised.
comment from lobster also makes some good points here, and I tend to agree with this guy
How do you feel about the guy who donated 50 million to Signal? He probably has the most influence on the project second only to Marlinspike.
Yes I do not see why we should trust any system which forbids self-hosting, especially when alternatives exist.
False.
There are a few 3rd party clients. They all identify themselves to the server that they’re 3rd party clients and they haven’t been banned.
See my first comment: https://lemmy.ml/post/81033/comment/78905
I do agree that it is somewhat of an issue, but there was only one instance of this happening, where a fork of Signal was about to be added to fdroid. It’s not like they haven’t justified themselves. Anyway the features of LibreSignal (no hard requirement on Google Play services), was implemented in the official app. There are still two third party clients that exist: Axolotl and signal-cli. They don’t want to deal with third party client that they can’t update and thus need to keep support for outdated versions of the protocols that would introduce a lot of complexity and risks introducing downgrade attacks.
It also allows them to roll out “quality of life” features faster such as stickers, video calls, groups v2, and more recently groups where only admins can post, which would be harder to keep backward compatible.
The openness of Signal has already been fruitful. The protocol has been implemented in many other platforms, such as Matrix, WhatsApp and even Messenger.
That’s what annoys me the most here. We have one FLOSS project that is very high quality, secure and gained significant popularity, and we start shooting it down ourselves…
This would be a truly problematic sentiment in some other cases. But the point here, is that unlike Matrix, Signal is not really ours.
It was only the server side, which anyway we can’t attest is what is actually running on their servers, and there were some other repositories that contained up to date code. This was still concerning.
This is not my default position. It is an informed choice based on the scrutiny and recognition that signal has worldwide.
So if we don’t know what runs on the server side, how do we know then that this is not used to map user networks, i.e. who communicates with who? From an activist POV wouldn’t that be a significant risk?
Also, even if you trust the company today, given that it is US based, it is subject to the gag orders the US government agencies hand out. So that makes it still a problem, no?
I don’t know what runs on matrix.org either unless I self-host, which I don’t do, because it’s way too time consuming and is much less reliable.
And Signal has mechanisms to prevent mapping user networks such as Sealed sender, which matrix and XMPP don’t have.
deleted by creator
How do they know when a specific client sends a message?
deleted by creator
And how do they identify this client specifically instead of any other client?
deleted by creator
If that were the case, the sealed sender stuff would a complete lie, which would seem out of character for Signal.
Why ? The authentication can be done on the receiving side through cryptography. Why would it be required for the server to also authenticate the sender?
It seems like your loyalty to signal isn’t based on any facts or history whatsoever. I go over the untrustworthy history of signal’s founders, but you’ve ignored all those points in your replies so far.
The OTF also funds the following: Briar, Tor, Wireguard, Delta Chat, Bind9, CGIProxy, CertBot, K-9 Mail, Tails, NoScript, QubesOS, The Guardian Project
You going to say that Briar is a good alternative despite receiving funding from the CIA just like Signal? How about QubesOS or NoScript. Are they also no longer trustworthy because they’re funded by the OTF?
See this comment
Regarding your radio free asia funding story, Whisper Systems was founded in 2010 according to Wikipedia, while the funding from the open tech fund started in 2013. There’s a lot of differences between Funding and FOunding. At that point it was already open sourced. It’s really far fetched to think that somehow, the US took control of it at that point.
You even ignore the point that Whisper System temporarily belonged to twitter, also a US company, which would have been a much simpler way for the US to seize control of the project than to go through some fund bla bla bla
deleted by creator
If the only thing they have is an IP address it is much less info than the actual phone number of who sent the message. It can also be very easily prevented by using a VPN or the built-in anti censorship proxy.
Reading over this again. The primary identifier in signal, is phone numbers. You think signal doesn’t store those, or use them to route messages?
It doesn’t necessarily mean that the phone number is sent with every API call. The real authentication of who sent the message happens on the receiver’s device when they decrypt it.
How would the signal server know who to route the message to?
They know who the receiver is. They don’t need to know who sent the message. They only have to route it to the receiver.
In a centralized database without, this seems like it’d be trivial to get around. You’d only have to look at the client sent messages and correlate them to the receiving ones.
It’s more complex than that. The client doesn’t authenticate itself to the server. It only shows a certificate that says “I have a right to send messages to this person”. This certificate is anonymous and was initially generated by the receiver, and then sent via the encrypted session.
More details here.
The server could still correlate the IP, which is much less valuable and can be hidden through VPNs or even the built-in censorship circumvention proxy.
Federation increases censorship resistance. I do not think it necessarily decreases privacy, although having metadata strewn across multiple servers may be a risk. Still, I think the comparison with email is a bit of a strawn man argument, since it is not only the federated nature of email which makes it easy to surveil but also the fact it is unencrypted by default.
Moreover, email these days is concentrating in the hands of a small number of providers (gmail, etc).
XMPP seems a lot more distributed at this point in time.
Federation makes it much harder to keep metadata private, though you could technically achieve the level of privacy found in Signal, it’s not easy.
In practice, Signal is a lot better at protecting your metadata than Matrix and XMPP.
Now that matrix has a lot of different clients and implementation, of would be super hard for them to implement something like Sealed Sender, which Signal was able to deploy very easily. I find it very unlikely that matrix will end up fixing its privacy issues. While Signal will be able to evolve and fix them. They are currently working on usernames for example.