XMPP is a client/server model too, that needs to store messages for some configurable amount of time. What distinction are you trying to make here? There are very few peer-to-peer messengers.
Yeah peer-to-peer would be my idea. Send directly to each participants device, no third party involved, at least for the messaging part. So one less vector for attack. You'd probably want a central service for determining who's online.
Wouldn't work well for more than a few people, but not every conversation has group sizes that large.
- direct connections are really hard (Tailscale built a whole company on solving this one problem)
- even Tailscale can't establish direct connections without a coordination server
- even if you can reliably, and always, establish direct connections, it doesn't matter if someone is offline
- push notifications don't work without a server, on Android or iOS, so even if you're online, you're out of luck (won't ever get a new message because there's no push notification to tell the client to connect, and you can't just leave a TCP connection open forever on a mobile phone)
My take is that it's fine to have a server in the middle with E2EE. That's the whole point of E2EE.
