Element
Decentralized encrypted messaging on the Matrix protocol. No single server to compromise.
What should journalists know about Element?
Element is the most credible decentralized alternative to Slack and Teams, built on the Matrix protocol. E2E encryption is on by default for DMs and private rooms. The real advantage is federation: your newsroom runs its own Matrix server and still communicates with anyone on the network. The French government (Tchap), German Bundeswehr, NATO (NI2CE messenger), and 25+ national governments use Matrix-based systems. As of April 2026, only verified devices can send or receive E2E encrypted messages — a major security upgrade that eliminates the risk of unverified device eavesdropping. Element X, the ground-up Rust-based rewrite, is nearing feature parity with Element Classic and will become the primary client. The legacy client will be sunset. The tradeoff remains complexity: self-hosting Synapse requires real sysadmin effort, key verification still trips up non-technical users, and the ecosystem moves slower than Signal. For newsrooms willing to invest in setup, Element offers something no centralized tool can: no single entity controls your communications infrastructure.
Newsroom team communication with full infrastructure control. Cross-organization collaboration where both sides use Matrix. Environments where no single provider should hold message history or metadata.
Quick source communication — Signal is simpler and sources already have it. Newsrooms without IT staff to manage self-hosted infrastructure. Journalists who need zero-friction onboarding for non-technical contacts.
Security & Privacy
Data is scrambled while being sent to their servers
Data is scrambled when stored on their servers
Where servers are located — affects which governments can request your data
Privacy policy summary
Element the company cannot access E2E encrypted message content. On the default matrix.org server, metadata (who talks to whom, when) is stored by the Matrix.org Foundation (UK nonprofit). Self-hosting eliminates third-party metadata exposure. Federation means metadata can traverse multiple servers — each server operator sees the metadata for rooms their users participate in. Authenticated media (Matrix 1.11, June 2024) closed a gap where media files were accessible to anyone who knew the URL.
How to protect yourself:
Self-host a Matrix server (Synapse) for full control over data and metadata. Verify device cross-signing keys with all contacts — as of April 2026, unverified devices are locked out of E2E encrypted rooms. Enable E2E encryption for all rooms, not just DMs. Use Secure Backup for encryption key recovery. Disable federation if your threat model requires it (turns Matrix into a private island). Keep Synapse updated — two high-severity federation vulnerabilities (CVE-2025-49090, CVE-2025-54315) required a coordinated cross-implementation patch in August 2025. Migrate any remaining libolm-based clients to vodozemac immediately — libolm was deprecated August 2024 with known timing side-channel vulnerabilities.
Open-source protocol and clients. E2E encryption via vodozemac (Rust implementation of Olm/Megolm, same Double Ratchet family as Signal). Audited by Least Authority (2022, funded by Germany's gematik), NCC Group (libolm), and Germany's BSI via the CAOS program. Formal cryptographic analysis published (2023). April 2026 mandate requires verified devices for all E2E rooms. Decentralized architecture eliminates single point of compromise. Government adoption by 25+ countries, NATO, and the European Commission validates the security model. The vodozemac cryptographic concerns raised in February 2026 are theoretical under current deployment constraints but highlight that Matrix's crypto layer receives less independent scrutiny than Signal's.
Who Owns This
Known issues
Two high-severity federation vulnerabilities (CVE-2025-49090, CVE-2025-54315) discovered in 2025 allowed state resets that could give attackers unexpected control over room state. Patched in a coordinated release across all Matrix server implementations on August 11, 2025, requiring an off-cycle spec update (Matrix 1.16, Room Version 12). In February 2026, security researcher Soatok reported cryptographic issues in vodozemac (the Rust crypto library): the Olm 3DH handshake fails to reject all-zero Diffie-Hellman outputs, which could theoretically allow a participant to force predictable session keys. Matrix disputed the practical impact, noting that identity keys are signed and verified before session establishment, but agreed to add the check as defense-in-depth. Soatok also flagged truncated 64-bit MACs in Olm v1 as a legacy design weakness. Separately, libolm (the deprecated C crypto library) had AES cache-timing (CVE-2024-45191) and Base64 timing side-channel (CVE-2024-45192) vulnerabilities — all clients maintained by the Matrix core team have migrated to vodozemac, but only 19% of third-party Matrix clients have. Multiple CVEs in matrix-js-sdk and matrix-react-sdk during 2024 affected Element Web, including client-side path traversal (CVE-2024-47080) and thumbnail-based file download tricks. Synapse is resource-heavy (minimum 2GB RAM) and requires ongoing maintenance. Dendrite, the next-gen Go-based server, is in maintenance mode — only security fixes, no new features.
Pricing
Free (personal use on public Matrix servers). Element Business at $5/user/month. Element Enterprise at $10/user/month. On-premise from $3/monthly active user (minimum 250 seats). Custom pricing for government deployments.
This is an editorial assessment based on publicly available information as of 2026-04-02, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.
Something wrong or outdated? Report it.