The problem with XMPP is that most clients use an outdated and insecure implementation of OMEMO. This includes popular clients such as Conversations and Gajim. Currently only Profanity and Kaidan use the latest version and you must always assume that the encryption has been secretly downgraded because the other person is using an insecure client. I highly recommend Soatek's blog post on this topic. https://soatok.blog/2024/08/04/against-xmppomemo/
I do not understand the security implications of this "Invisible Salamanders" post, but I would prefer XMPP even without any end-to-end encryption over a walled garden like Signal or Session.
Does that blogger discuss metadata, at all? I'm not saying the stuff pointed out in various non-Signal tools isn't valid, but I don't see any discussions on the dangers of metadata.
