They can make whatever marketing claims they want, XMPP (for the most part) is absolutely not very private or secure and it’s one of the main reasons it isn’t typically recommended by resources like Privacy Guides.
Easy to us, yes. Speaking from personal experience, the average user of today would find XMPP frustrating to learn and use. Respectfully, I think people who believe federated services are as easy as something like WhatsApp are just out of touch. This should be evident based on the size and nature of their user base. How many of your tech illiterate family and friends do you primarily talk to over XMPP? (If any, is your chat at least partially E2EE with something like OMEMO?)
Usability is made even more complicated when you also want to try to make XMPP as private and secure as possible, which is what your source is advertising it as. Not only do you have to learn about federation and pick an XMPP client and server. Additionally you must also pick from a set of fragmented and weak E2EE protocols which are only compatible on certain clients, all just to achieve only partial E2EE and 0 metadata protection.
Exactly, and it is what the most popular federated services resort to. It’s one of many reasons I think federation is not a great way of trying to achieve decentralization, but attempting it was probably a necessary step towards progress.
I agree there’s niche use cases for XMPP, but a widely adopted secure messenger is not one of them. What it offers today might’ve been compelling 15+ years ago, but we just have better tools today. If you want an anonymous, secure, decentralized messenger, I think SimpleX Chat would be my first recommendation. Matrix and/or Session would perhaps come in second or third. I don’t foresee any situations where I’d use or recommend XMPP.
I’d say it is a security nightmare. I skimmed through the text but don’t see how any of it addresses any of the security problems XMPP has.