Signal, the service is centralized, but there's no reason that Signal, the protocol can't be. In fact before Moxie went on his silly "only I can do security right" rampage, Signal was federated with a server hosted by CyanogenMod.
The E2EE in matrix is actually based on the double ratchet from the Signal protocol. So you could think of the E2E in matrix as just a federated version of Signal. :)
A point in moxie's favor is that the e2ee ux in matrix is currently extremely painful. I'm willing to use it on a couple rooms that consist entirely of geeks, but don't want to subject non-geeks to the whole verification process.
Not only UX, but there seem to be some subtle timing (in non-crypto/non-security meaning) issues.
I ran Synapse on a resource-limited machine, so it had sort of "lagged behind" (or something like that) a little bit now and then. And I saw a number of "error decrypting image" and similar issues. It had self-resolved somehow after a while (saw the message decrypted the next day) but that's still a problem.
Haven't reported this because I have no idea how to collect any useful information.
I suppose "only I can do security right" is perhaps overly harsh, but my take away was that he considered a walled garden that could be iterated on by his team preferable to allowing even forks of his team's own client to communicate with users on the OWS network.
>Nothing about any of the protocols we’ve developed requires centralization; it’s entirely possible to build a federated Signal Protocol-based messenger, but I no longer believe that it is possible to build a competitive federated messenger at all.
Moxie is probably annoyed by the slow pace in which federated protocols move. Having it centralized he can move it a lot faster.
Fortunately there are solutions that incentivize modern features in federated protocols too, like SSLLabs HTTPS checker or https://conversations.im/compliance/ for XMPP.
