Agreed on both points. XMPP is nowadays so much different than decades ago. I've migrated my family to Conversations and they're super happy with it.
Google's constant messanger churn tires regular users that just want to communicate instead of taking part in Google's internal political/promotion experiments.
> Where is symmetric key cryptography used for nowadays in normal applications programming?
Practically every time you use asymmetric keys what they really encrypt with them is a symmetric key that encrypts the underlying data. Thus symmetric key cryptography is everywhere, just not directly exposed.
I don't know why but comparing Matrix.org Foundation with standardization organizations such as IETF seems just not right. Maybe it would be more correct to compare Matrix.org with XMPP Software Foundation?
This is mostly for legal reasons and the "for X" where X is a trademark is a common theme. (just look at Google Play store "for Twitter" or "for Reddit").
Indeed that is likely but I wonder why didn't they at least require a Developer's Cerificate of Origin [0] that kernel.org uses. This is really lightweight (just append one line to git commit message) and supposedly provides a minimum legal base for the change. IANAL.
> they have been receiving legal letters from S440 SA demanding the removal of any negative articles and user comments from their websites about the UseCrypt Messenger app
I guess S440 never heard about the Streisand effect....
> To defend against an attacker sideloading a different OS, I rely on secure boot to only load my kernel and hence my userspace.
You could additionally seal the TPM key to specific PCR values so that only booting your kernel would allow using that TPM key.
> kernel, but potentially not root, could be able to change the tpm keys on an x86 system?
Depends on what do you mean by "change". They can't extract private bits but they can remove and add new ones. But if the data is encrypted using the old key it would become bit recoverable.
You may want to check out Dino.im. For easy XMPP there is also Quicksy.im that's a fork of Conversations (from the author of Conversations) but using contact book for people discovery.
I'd rather advise to use Web Key Directory that is trivial to setup (have https and put a key file in one special location). WKD is also widely supported by OpenPGP software (including ProtonMail, GnuPG, OpenKeychain).
Google's constant messanger churn tires regular users that just want to communicate instead of taking part in Google's internal political/promotion experiments.