Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.


Element, hands on: Secure messaging for tech-savvy organisations

Written by Mary Branscombe, Contributor

Slack and Teams encrypt customer data at rest and in transit. After a good deal of controversy, Zoom introduced end-to-end encryption, but not for on-premises configurations. Element promises end-to-end encrypted but also decentralised messaging with public and private chat rooms, file sharing, and voice and video calls. It's based on the Matrix protocol that you can host yourself, use with a free server or run against a commercially hosted service (which won't have access to your message content, but will store unencrypted metadata about conversations, contact lists and IP addresses).


Not all of the public rooms listed on the free Matrix homeserver are this work-friendly.

Image: Mary Branscombe / ZDNet

We wouldn't recommend using the free public Matrix homeserver for business use, though: alongside the many developer, Linux and crypto communities, there are some adult communities with public rooms in the directory that most organisations would find inappropriate, including some banned from Reddit.

Naming can be confusing with Element. Matrix is the underlying specification and you connect to a Matrix server using a client. Element -- formerly known as Riot IM, and Vector before that -- is one of a number of Matrix apps (the French government made its own IM app, for example), and as long as the Matrix server you connect to is federated with the one they connect to, you can communicate with users on other instances using different clients.


Enabling end-to-end encryption removes some integration features.

Image: Mary Branscombe / ZDNet

Matrix can also 'bridge' to other chat networks including  Slack, Signal, SMS, Skype, Discord text channels, Telegram, IRC, Twitter and Gitter (now owned by Element) with various levels of fidelity and synchronisation. But setting those integrations up is definitely a job for the IT team, requiring a clear understanding of authentication and federation.

For end users, getting started is relatively simple as long as they know which Matrix server to log into and create their account on. You can connect from the browser or download the Element app for iOS, Android, macOS, 64-bit Windows 10 or 64-bit Debian/Ubuntu (for other Linux distros you have to build and package the client yourself). There's no 32-bit version for Windows or Linux -- the latter is a restriction in Electron, while the former has been on the roadmap for nine months.


During installation there are lots of terms and conditions to approve, along with repeated requests to set up secure backup.

Image: Mary Branscombe / ZDNet

The Element interface is clean and simple, but lacks advanced collaboration features.

Image: Mary Branscombe / ZDNet

Element's user interface has improved significantly since the early days of the mobile Riot client, but it can still be somewhat complicated. There's a kind of progressive reveal for terms and conditions that you have to accept to use the server, create public or private chat rooms or send direct messages to other users, and you'll be promoted repeatedly to set up secure backup for the encryption keys if an admin hasn't already done that.

Because of the encryption, signing into Element with a new device requires you to verify the device with a passphrase, or a combination of QR codes and a one-time emoji password if you have a device that's already logged in. The experience for this is fairly straightforward. Chats and meeting rooms with unverified devices connected show a red icon to warn other participants, but once verified you'll see your chat history on all devices, and messages read on one device will be marked as read on others.

Top ZDNET Reviews

Raspberry Pi 4

Top ZDNET Reviews

Raspberry Pi 4

Raspberry Pi 400

Top ZDNET Reviews

Raspberry Pi 400

Samsung Galaxy Xcover Pro

Top ZDNET Reviews

Samsung Galaxy Xcover Pro

reMarkable 2

Top ZDNET Reviews

reMarkable 2


You can invite other users into chat rooms and messaging sessions by their Matrix identity or using their email address, which sends them an invitation to the Matrix service -- business users will certainly prefer that to sharing their phone number. You can set very granular admin roles for chat rooms (the right to change the name of the room doesn't let someone remove messages or ban users, for example) and choose whether new colleagues joining a chat room see the whole chat history or just new messages. Expect invitations and signup confirmations to end up in junk mail or even quarantined though; admins will need to whitelist these or advise users where to look for them. 

IT teams will also need to set policy and explain to users when to enable end-to-end encryption for messaging, because this has extra implications beyond securing message content.


Element's emoji picker.

Image: Mary Branscombe / ZDNet  

Encryption uses Olm/Megolm, an open implementation of the protocol used by Signal, which supports Perfect Forward Secrecy. So if a password or encryption key is compromised in the future, the contents of previous messages won't leak. For security, a conversation that starts as encrypted can't have encryption disabled later. But bridges to other chat networks and most bots won't work in encrypted rooms, and you can only search those conversations in the Element desktop client, not mobile or web. If you want to use Element for ChatOps by integrating with GitHub, Jenkins or JIRA, or have bots for Giphy, Imgur image search or Wikipedia lookups, you can't use end-to-end encryption.

The Giphy bot is also rather primitive compared to picking animated GIFs in Teams, Slack or even Twitter: the bot shows up as if it was a work colleague rather than a chat feature, and you're not picking from previews but typing in a text search with no way of knowing that the clip Giphy sends is in fact appropriate for work use or likely to get you a meeting with HR.

Element pitches itself for collaboration, not just chat, so those bots are important for more than just self expression beyond emojis and stickers. You can upload files (which are also encrypted), but you need the desktop client to see the list of shared files or do screen sharing.

SEE: Top 100+ tips for telecommuters and managers (free PDF) (TechRepublic)

You can make voice and video calls: voice calls use WebRTC, while video calls use Jitsi integration (that's currently free for the Matrix ecosystem or you can provision your own). Again, this lacks many of the niceties of commercial systems like Teams: you can have the video window as a thumbnail inside the chat or full screen, but if it's full-screen you can't put the call on hold. We also had issues where we had to call someone twice for their video to appear.

Users looking for help will find a rather anaemic list of FAQs on the Element site; there's much more detail in the Element blog about features and options, but the information isn't easy to find. Users wanting to know how to use screen sharing, for example, won't want to search through blogs or look on GitHub for app themes to customise the client. 


Element's security and decentralised aspects will be appealing to businesses that prefer to control their own messaging architecture rather than rely on public cloud providers, but it offers a very bare-bones experience for collaboration compared to Teams or Slack. In the long run, Element plans to bring the richer features in Gitter into the Element apps, and a more polished interface will certainly broaden the appeal from the open-source communities that are already comfortable with the tools. For now, Element is best suited to organisations with a high proportion of technology-savvy users and a strong need for encrypted, decentralised messaging. 


Switching from WhatsApp to Signal (or something else)? Here's what you need to know

WhatsApp vs. Signal vs. Telegram vs. Facebook: What data do they have about you?

The complete Zoom guide: From basic help to advanced tricks

Microsoft Teams: The complete starter guide for business decision makers

French government releases in-house IM app to replace WhatsApp and Telegram use

Read more reviews