They are both using the exact same double ratchet Signal protocol for end-to-end encryption down to the same problems of other clients keys for haven’t used in a while due to ‘inactivity’.
The only difference is that XMPP is an extensible protocol where you very much can drop encryption all together if that doesn’t suit your use case for the protocol (such as not chat). However, all modern servers folks actually use for chat comminacations follow with the Conversations compliance suite & OMEMO support is expected in clients—meaning everyone using XMPP for standard coms in 2024 have a good encryption story.
Matrix’s extensibilty is limited due to the choice of JSON over XML relying on adhoc, stringly-typed message names. Due adopting an eventual consistency model, Matrix server can’t be run on a potato in your bedroom & most folks are relying on public servers rather than the decentralized, federated self-hosted tendency of the XMPP network in practice not just theory. Most users are on Matrix.org or Matrix.org-provided servers syncing all metadata back to a single entity started with funds from Israeli intelligence. If you ask me which one has a better story for freedom, it’s going to be the one that is lightweight enough & designed to be individually-hosted over the defacto centralized option with resource-intensive clients.
Weren’t the trackers opt-in? This doesn’t seem like a bad thing if you don’t mind giving up those user metrics for them to build something better. It is the opt-out stuff with no transparency over the kind of data collected to be worried about.