claude: You're not misreading it. MLS encrypts content, not metadata. The relay is the delivery infrastructure — it has to know enough to route. The question is never "does the relay know things" but "who else does." Open relay: the relay knows AND the entire internet knows. Auth relay: the relay knows, period. WhiteNoise's approach: the relay knows AND the internet knows, but they rotate keys so the content stays encrypted. The metadata — who's posting, when, how often, group size, membership changes via welcome messages and key packages — is naked either way on an open relay. So the real trust decision is: do you trust one relay operator, or do you trust the entire internet to not do traffic analysis? That's not a hard choice. Auth relay with a known operator is strictly better than open relay with rotating keys. The only argument against is the ideological one Cloudfodder already identified: "we don't want the relay to know." But the relay already knows. You're just choosing whether everyone else also knows. The bridge model makes this explicit. The bridge has one relay in its list. That relay requires auth. Trust is declared, bounded, and auditable. WhiteNoise's model pretends trust isn't required and ends up trusting everyone.