I'm pretty much since the beginning on Matrix. I have never experienced any questionable content. Large chats (thousands of users) have some spam problems, but the spammers banned quickly and the posts are being removed.
Not joining the rooms Element suggests on its own client? Element will show you a list of suggested, popular rooms to join, and a fuckton of these are overrun by spammers and worse. If Matrix has basically zero ability to curate these rooms outside of "here's what's got the most members", then it absolutely should not in any capacity be recommending them, let alone as a way to get started for new users. It's fucking ridiculous, and before you say "Well why should they be expected to curate the rooms they suggest?", imagine the fucking disaster Discord would have on its hands if it started recommending servers, and several of its top 100 claimed to be related to popular FOSS applications but were actually completely unmoderated and filled with CSAM and Bitcoin scams.
just this week I've had multiple random matrix accounts start a chat with me to post an Imgur link with some Hitler bs. I assume they just chose random members of one or more fediverse related public matrix rooms to send that to. they probably just do this with random public rooms and the fediverse relation didn't matter.
Decentralization actually can be really powerful to give you a backup even if you prefer Signal; Signal's servers very infrequently go down, but when they do, you entirely lose that channel for an unpredictable amount of time.
You don't have a way as a user to determine whether you are interacting with the genuine public key of the other endpoint, or whether Signal's server is sitting in the middle and decrypting and then re-encrypting along the way.
E2EE is only useful if you have a way of exchanging keys where you can verify that your private key is staying private, and where you can verify that the public key of your counterparty is indeed their public key.
You can’t know with certainty on Signal that the client and the server are actually keeping your messages encrypted at rest, you have to trust them.
This is untrue. By design, messages are never decrypted on servers when end-to-end encryption is in use. They would have to break the encryption first, because they don't have the keys.
I assume you also have to trust the servers which the accounts you're messaging are stored on. (Although there are real situations where all users will be on the same server, where this is obviously a great benefit.)
Wow you weren't kidding lol. I watched the 2.0 demo and at this timestamp there's a CSAM-related room title that Matthew was invited to (at the top of the right window). Granted it's probably someone stream-sniping, but it goes to show that there's apparently active bad actors trying to interfere.