I see some things I have thoughts on, but most of this is "not an issue for users/maybe not even an issue for admins"
- untrusted homeservers or clients running modified software might not honor deletions. This is a legitimate issue but its inherent to the federated model, and is just as bad or (actually) worse on Lemmy than it is on matrix, for example. They could do a better job of setting expectations for users regarding deletes, but it's not like centralized, or worse proprietary, messaging systems don't have deletion issues too, if somewhat reduced in scope.
- compatibility issues between different homeserver implementations. This is a fuckup for sure, but it will eventually get worked out, and already is getting better as alternative homeservers get more development and usage
- High profile public rooms subject to novel attacks. This seems bad but it seems like something that is getting better over time.
- unauthenticated media downloads. I would be fine losing unauthenticated HTTP downloads of media, though it can be convenient for users ig (the amount of times I've gotten a discord attachment image link/embed is easily thousands, even when none of the conversations were happening on discord. though personally I always copy images themselves rather than just sharing the link).
- The stuff about media "verification" (scanning) is something that applies to basically any self hosted anything that allows any uploads even incidentally, and is not a standard we hold other software to, except I guess commercial services of a certain size. CSAM scanning isn't something you can really do as an individual selfhosting, and virus scanning is pretty heavy, though I'd ofc appreciate better integration of tooling for instances that need it. And liability for proxied content is a tradeoff, because if you don't proxy content, you reduce privacy for users significantly by allowing any participating server to track them, not just their own homeserver. In practice I'm sure it could be a hazard, but if you aren't actually storing the material just proxying, and respond to takedown requests if they are made, IMO you're doing all that can be expected.
The question is, are these bad enough issues to abandon Matrix, and what alternatives exist that solve these issues and don't have other unacceptable tradeoffs?
laggy? how would you even know? my most used account is on matrix.org and I've never noticed lag. I guess most of my communication is relatively asynchronous, not lightning speed back and forths with people, so I'd have no way of knowing if there was a second or two of lag. But typing notifications seem to be prompt.
And self-hosting idk, besides not being able to host it on a super resource constrained machine, and the disk usage ballooning if you have users that join a bunch of massive public rooms or whatever, it's been fine for me.
I guess its probably highly dependent on your use case