A bridge receives messages from one service, extracts the necessary content (text, images, video, etc.) and submits it to your Matrix server. It also works the other way around, of course, sending your Matrix messages to other services. The bridge bots can usually exchange messages through encrypted chat rooms but the exact workings of encryption differ per bridge.

For encrypted messenger services, Matrix bridges do decrypt messages inside the bridge. They can be re-encrypted with Matrix’s encryption, but somewhere along the chain they need to be decrypted, or the bridges literally cannot work.

If you run your own bridges, like many technically minded people do, this isn’t much of a problem; you remain in control of your messages. Your messages are stored on your server, and they can be as secure as you can make them.

If you rely on an external party to run your bridges (a.k.a. “the normal use case”), you need to trust that party with all of your messages. I would probably trust an company like Element.io because they’re based in the UK which is subject to a GDPR-like law and they don’t make money off of message analysis or ads. Beeper probably isn’t that bad either but I haven’t looked into them.

You’ll have to decide how bad you feel about your messages being decrypted. For unencrypted apps (Discord, Slack, Telegram in 99.999% of cases, Skype, Teams, GChat, SMS) I don’t think it matters that much. You are adding an extra party in the middle of your communications, but they’re not leeching off you like Google would be. They could get hacked, of course, but so could the super special alternative app you may find.

SMS is one of the least secure methods of message exchange. It’s sent unencrypted, often inspected and logged at every ISP the message travels through, and can be redirected on a whim by someone on the other side of the planet through SS7 hacks. SMS is attached to a phone number and ISPs usually have some kind of ID check for phone numbers, and it’s guaranteed to work on any phone out there. Those are the only advantages of SMS. Only use them for things like 2FA if you have no other reasonable alternative!

Back in the day, when mobile messaging was in its infancy, we used to have various chat services (AIM/MSN/AOL) and chat clients that spoke all protocols. These fat clients have gone out of fashion because everyone flocked to mobile messengers. These days Pidgin still exists and has support for all kinds of protocols (even more than Matrix!) but it’s lacking encryption support for many of them. If you run Linux (UBTouch/Phosh/Plasma Mobile/etc.) on your phone then there’s no technical reason why you couldn’t just run Pidgin, but it would probably be quite disappointing if you’re used to modern chat apps.

I don’t know of any mobile app that works in the same style, speaking a tonne of different protocols instead of relying on a server that manages it all. The problem is usually that many of these chat systems don’t have any idea about multi device chat, chat groups, or other they have been implemented in their own weird way (Discord “servers” are one example of an extra layer most external apps struggle with, though Matrix has spaces which do the job quite well). That means message history isn’t always available, or read receipts and notifications are wonky, or messages may get decrypted on one device but not any others, and so on, and so forth. Matrix bridges act as a middle man for these services, being the “single device” that does all the talking, while using Matrix to make modern features available to your phone and desktop.

But, there is hope! Next year, the EU Digital Markets Act goes into effect for many large companies, which mandates that they have to offer their messengers (and app stores!) to outsiders if they have more than a certain amount of users inside the EU. That means Apple, Signal, WhatsApp, and a whole bunch of other services will have to interoperate by law. That means that smaller devs should be able to make apps that talk to all platforms without having to reverse engineer the API (and have their apps break with every update). The IETF is even working on a standard to make this possible without sacrificing encryption (MIMI) which will hopefully be taken up quickly, though there’s no guarantee that that specific protocol will be used.

EU’s Digital Markets Act might interest you :p

This is a great point that you bring up. I subscribe to an IRC channel that has bridges to both Telegram and Matrix. My feelings at this point, is that the weakest link is going to be of the most concern. But how all this technology interoperate with each other and how they actually handle privacy/security together is a question I cannot answer.

There are many different types of bridges, but the most seamless one is a type of Man In The Middle (MITM). You give the bridge full access to your other services, which allows them to copy everything to Matrix and vice versa. Naturally, this circumvents E2EE as the bridge needs to access and manipulate the content somehow (E2EE only exists up to the bridge, not the whole way to your client). The bridge can theoretically do anything, as it is a MITM. However, because most bridges are open source and you can host them yourself, the risk that unauthorised parties can gain access to the data is fairly low. If it’s hosted by a third party, you have to trust them that they won’t abuse their power.