For instant messaging, we (as InfoSec Handbook) recommend Signal in the first instance. Regarding your suggestions:
- XMPP: Offers an open protocol, however, the usability depends on the client you use and the server you choose. Then, OMEMO (for modern E2EE) is still not finished and some people assume that it won’t ever become a standard due to the upcoming MLS. Finally, there is the issue that the admin can see and modify nearly everything as written in this article So we recommend to use XMPP only if you run your own trusted server.
- Matrix: This is quite similar to XMPP with the difference that the network is still centralized to a certain degree although it offers decentralization. (See matrix.org breach). Interestingly, people who love Matrix seem to hate XMPP and vice versa.
- Keybase: This is a centralized service that widely adopted E2EE. Due to the centralized nature, there are official clients that ensure the same user experience for everybody. However, some people don’t like that it is hosted on Amazon AWS, and that the server part is obviously proprietary. Then, Keybase offers much more than only instant messaging (Git, proofs, XLM wallet), so it could be overkill if you only need an instant messenger.
If you think of privacy as “comes with most encryption”, then it is obviously Keybase. If you think of it as “doesn’t collect metadata”, then you clearly need to run your own XMPP or Matrix server since nobody can check this without accessing the server.
Yes. A technical description is available here. This page also mentions limitations like no forward secrecy if you don’t use “exploding messages”.
This is a really old myth about Keybase. Years ago, Keybase was an OpenPGP wrapper that tried to make using OpenPGP easier. Back then, people needed to add OpenPGP keys. Nowadays, you can use Keybase without any OpenPGP key. Keybase generates an NaCl key pair on your client and uses these NaCl keys for encryption/decryption. You don’t need any OpenPGP keys.