Element

Element is the reference client for the Matrix protocol — a federated, end-to-end encrypted chat application that's the de-facto home of the privacy ecosystem's public discussion (Monero, Tails, GrapheneOS, Tor Project, Whonix, KeePassXC — all run their primary community rooms on Matrix). Listed at Grade A because the Matrix protocol's federation model is the structural answer to "centralised chat ownership" — your identity is portable across homeservers, you can self-host the whole stack, and the protocol's openness means Element is one of many clients you can swap in or out.

Background. Matrix was started as a protocol in 2014 by Matthew Hodgson and Amandine Le Pape with Element (originally "Vector," then "Riot," renamed Element in 2020) as the reference client. The protocol is governed by the Matrix.org Foundation (a UK-based non-profit), with Element Ltd. (the commercial company) building the Element client + hosted homeserver services. The protocol itself is open and has multiple reference and third-party implementations: Synapse (the canonical Python homeserver), Dendrite (a Go reimplementation), Conduit (a Rust reimplementation), and clients including Element, Cinny, FluffyChat, NeoChat, gomuks (terminal), and many more. Funding mix: Element Ltd. raises commercial funding from clients including governments (the French government's "Tchap" runs on Matrix; the German Bundeswehr uses Matrix); the Matrix.org Foundation is donor-funded. The funding-mix concerns are documented (see Caveats). Element is open source under AGPLv3; Synapse and other servers are similarly open source. Codebase at github.com/element-hq/.

What you trust. Federation — homeservers federate with each other to deliver messages; no central authority owns the protocol. Your identity is `@you:yourhomeserver.org` and works across the network. End-to-end encryption — Matrix's E2EE uses the Olm (Double Ratchet) and Megolm (group ratchet) cryptographic protocols, adapted from Signal's design. Independent cryptographic audits by NCC Group have inspected the implementation; findings are public. Self-host option — Synapse / Dendrite / Conduit are well-documented, with Docker images and configuration guides. Open client ecosystem — Element is the reference client but you can use any Matrix-compatible client (Cinny, FluffyChat, NeoChat are all popular alternatives); your conversation history is portable. Account migration — Matrix has a documented account-portability flow (alpha at this writing); the goal is for you to move your account between homeservers without losing your history. What you don't trust: homeserver operator — whichever homeserver you sign up on sees your account metadata (who you talk to, message timestamps), even though E2EE protects content. For sensitive communications, self-host your homeserver or pick a homeserver run by an organisation you trust. Government client base — Element Ltd. counts the French government (Tchap), the German Bundeswehr, and similar institutional clients as customers; this is a legitimate market for federated open-source chat, but it means Element Ltd.'s priorities include institutional-customer needs that may not align with privacy-maximalist users. Read the Caveats for the long form of this discussion.

Operational specs. Platforms: Element clients on macOS, Windows, Linux desktop; iOS, Android; web at app.element.io. Protocols: Matrix client-server API + federation API. Encryption: Olm (1:1) and Megolm (group) protocols based on Double Ratchet; key verification via emoji-based or QR-code-based out-of-band verification. Account hosting: free signup on matrix.org (the original public homeserver), free signup on community-operated homeservers (privacytools.io, monero.social, kde.org, fedora.im, etc.), paid Element Hosted plans, or self-hosted Synapse/Dendrite/Conduit. Bridges: Matrix has well-developed bridges to IRC, Discord, Slack, Telegram, WhatsApp, XMPP — you can participate in non-Matrix communities via your Matrix client. Spaces: hierarchical grouping of rooms; useful for organising large communities (the Monero Matrix Space groups all Monero-related rooms together). Search: full-text search across rooms (E2EE makes this client-side; rooms are searchable in your client but not by the homeserver). Tor support: Matrix protocol works over Tor; Element client can be configured to use a SOCKS proxy. 2FA: TOTP and email-link verification supported. Identity verification: cross-signing model where you verify your contacts' device-signed identity keys via emoji-comparison or QR-scan.

Philosophy. Element/Matrix's editorial differentiator is the federation-with-self-host-bailout model. SimpleX is decentralised at the queue-server level but doesn't have a federation protocol you can join. Cwtch is fully P2P (no operator) but lacks the scale features of federated chat. Element/Matrix says: federation gets you scale (many people on many homeservers, all talking to each other) while preserving the bailout option (don't trust matrix.org's homeserver? Run your own Synapse). The trade-off: homeservers see your metadata even though E2EE protects content; the bailout option requires technical setup; the protocol has its own complexity that occasional security issues have exploited.

Grade rationale. Grade A reflects: open-source codebase (AGPLv3 client, AGPL Synapse/Dendrite/Conduit servers); federated protocol with documented client-server + federation APIs; E2EE via Olm/Megolm with NCC Group audits; cross-platform (desktop, mobile, web) with multiple client implementations; self-host fallback via Synapse / Dendrite / Conduit; the de-facto home of the privacy ecosystem's community rooms (Monero, Tails, GrapheneOS, Tor, etc.); active development by both Element Ltd. and the Matrix.org Foundation; bridges to most other major chat platforms; over 11 years of operational continuity (Matrix since 2014, Element/Vector since shortly after). Last verified 2026-05-13.

Useful when. You want to join the privacy ecosystem's community rooms — Monero, Tails, GrapheneOS, Tor, Mullvad, Privacy Guides all have Matrix rooms; Element is the standard client. You want a federated chat protocol where you can self-host your identity and migrate between homeservers. You're a technical user comfortable with the homeserver-selection decision (matrix.org for convenience, community-run homeserver for trust diversification, self-host for maximum control). You want bridges to other chat networks (IRC, Discord, Slack, etc.) all in one client. You want end-to-end encrypted group chat with key verification and cross-signing. You're an organisation that wants a privacy-respecting chat platform with self-host control and on-premise deployment options. You're a developer building on the Matrix protocol — the protocol is well-documented and open.

Caveats. Homeserver operator sees metadata — Matrix's E2EE protects message content but the homeserver sees who-talks-to-whom, room memberships, message timestamps. For sensitive use, self-host your homeserver. matrix.org is a single point of mass-metadata-collection — the default homeserver hosts millions of users, making it a high-value target for state-actor surveillance. Use community-run homeservers (monero.social for Monero context, kde.org for KDE, etc.) for trust diversification, or self-host. Element Ltd. has institutional clients — French government's Tchap, German Bundeswehr, and similar are paying customers; this is a legitimate business but means Element's product priorities include institutional needs (compliance, audit logs, on-premise deployment) that may sometimes friction against privacy-maximalist defaults. Pick your homeserver and client thoughtfully. Account creation requires homeserver selection — newcomers can be confused by "which homeserver?" — matrix.org for convenience, but a community-run homeserver is more aligned with privacy values. Large public rooms are unencrypted in practice — E2EE at the scale of hundreds-of-members rooms is operationally heavy; many large public rooms run unencrypted. The privacy ecosystem's Monero, Tor, etc. rooms typically run unencrypted because of this. For sensitive 1:1 or small group conversations, E2EE is the default. Federation security has had incidents — Matrix has had security incidents (notably the 2019 Matrix.org server breach) requiring trust-on-first-use device verification to handle. The lesson: verify cross-signed identity keys via emoji comparison or QR scan for sensitive contacts. Bridges leak content — when you bridge to IRC or Discord, the bridge sees plaintext (the bridge server is the "user" on the other network and has the keys). Don't rely on E2EE for bridged conversations. Self-host has operational overhead — running Synapse takes server-admin skills and resources (Synapse is Python and resource-hungry; Dendrite/Conduit are lighter alternatives). Account migration is alpha — the cross-homeserver account-migration flow is documented but not yet production-stable. Tor + Element works but UX is finicky — running Element over a SOCKS proxy is supported but requires configuration. For pure Tor-based chat, consider Cwtch or Briar instead. Element's mobile clients can be heavy on battery — Matrix's federation + E2EE adds operational overhead; expect noticeable battery use on phones running Element with multiple active rooms.