First - I’m not sure Sealed Sender would help against the server being changed to be actively malicious and trying to build social graphs. Second - even metadata concerns aside, a centralized system is just not resilient. Proposals like Chat Control are A LOT more easily enforceable with them than with tiny selfhosted servers.

TBH I feel like so many project leaders are wackos that I don’t even judge the products by those, just by things they do. I still have hope in Simplex, but there were a couple of red flags, such as content scanning proposals, including clientside. Sure, it can probably be relatively easily forked to remove that specific thing, or you can choose the servers that don’t do that, but it’s still alarming that they try.