This presentation explores the ecosystem of federated end-to-end encrypted messaging applications, and the challenges that decentralized architectures raise in terms of security and usability. Based on an in-depth ethnographic study of the communities involved in developing, testing and using federated messengers (namely Element and Delta Chat), this research explores the unprecedented success of decentralized platforms and protocols in Europe and across the world. Indeed, in the recent years, the trust of users in centralized and proprietary platforms and messengers have been eroding, especially among marginalized communities, activists, journalists and tech enthusiasts. Following the acquisition of X by Elon Musk and the recent inauguration of Trump in January 2025, the question of digital sovereignty and the urgency of migrating from US-owned messengers have become central. We have analyzed how various communities, including governments in France and Germany, have adopted Matrix protocol for their communications. In this presentation we will address the technological and sociopolitical issues related to the adoption of federated apps by the civil society and public institutions.

Signal Messenger is one of the most widely used secure messaging application, and with its underlying library also used by WhatsApp and Facebook Messenger, it provides end-to-end encryption to millions of users everyday.  In this talk, we will present the protocols underlying the Signal Messenger application, which mainly consists of three distinct specifications: PQXDH for the initial key exchange, the Double Ratchet for updating encryption keys for each message sent out, and Sesame, for managing  multiple devices and sessions. While introducing each of the components and their articulation, we will present how for several years we have been using a mix of formal methods and real world experiments to study the security guarantees provided by the application. We will present several positive results of security obtained with computer-aided cryptography, as well as describe several attacks we uncovered, some only on the design and the specifications of the protocol, and some others having consequences on the actual forward secrecy or post-compromise security of the implementation. We will finally describe how we interacted with Signal’s developers to propose fixes, most of which were integrated in the specifications or the implementation.