XMPP is not metadata resistant (SimpleX and Signal both offer better protection of metadata).
Another problem with XMPP is usability. Signal is the easiest for non-tech users to adopt. “Hey download the app called Signal, sign up with your phone number and add me”
Instructing them sign up for XMPP requires them to:
- Find a suitable client for each device. There are different clients for various operating systems, some with varying features.
- Find which server they want to sign up with, create an account.
- Make sure the servers and clients both parties are using have the same features (ie if both clients and servers don’t offer encryption that is a problem).
Signal or SimpleX have a much clearer path to widespread usage than XMPP - which is already 20 years old.
There are other problems with XMPP too:
- Server admin can see a lot of data plaintext
- Message attachments might not be encrypted at all
- Doesn’t use encryption by default (I believe this is a requirement for privacyguides secure messengers).