Is Metadata Encrypted?

This is one of the most important questions, and one many users miss. End-to-end encryption protects message content, but it does not automatically protect metadata, such as who you contacted, when you contacted them, and how frequently.

XChat has not publicly explained how it handles metadata. Realistically, most E2EE apps, including WhatsApp, still need to retain at least some metadata at the server layer because the service has to know where to route a message. That is not unique to XChat. It is a common industry tradeoff.

For most users, metadata leakage is not the biggest practical risk. But for journalists, activists, executives, or anyone facing a serious threat model, metadata can itself be highly sensitive. It can reveal relationship patterns even without revealing content. Signal is more mature on this point because it was designed to minimize metadata collection and has real legal history showing how little useful server data it keeps.