@wowaname @nicholas @feld

> at least do your research.

Speak for yourself.

OMEMO (Version 0.3.0 of XEP-0384) used AES-128-GCM, but later versions (0.4.0) moved to AES-256-CBC + HMAC-SHA-256, aligning more closely with Signal's approach. However, a recent change in the OMEMO specification (Version 0.7.0) introduced the truncation of the HMAC-SHA-256 authentication tag to 128 bits, which weakens the security. Also contact lists are stored in plain text, as is the information concerning whom the messages are address to and from. But at least unlike Signal it can be self-hosted and if you're using a server which you own/trust for both sender and receiver, that mitigates the issue somewhat. However again, as I said, the cross-platform client-side support is a dumpster fire which makes it nearly impossible to get regular people to use it.

> metadata leakage is no better or worse than delta chat

Fair enough. But again, it doesn't require a cellphone number, and it can be self-hosted.