nip-17 doesn't provide forward secrecy or group chats. i think that is a really big problem for real users, and real security. marmot MLS with auth on the relay is at least as good as using matrix. idk if you have been following it but signal's cryptography hygiene on devices is a complete joke. i even discovered this last week dumping signal chat logs that the initialization vector is not a proper random value, just a series of space characters. literally.