d@nny disc@ mc²Dec 14
@durian @delta @signalapp @thefinalstrawradio delta chat is deeply unserious regarding claims around censorship and network blocking, including this example where they appear to describe onboarding an "85 year old mother" to delta chat amidst chinese censorship, but upon follow-up clarify that they totally just made that shit up: https://chaos.social/@delta/114480085463777779
Delta Chat (39c3) (@[email protected])

@[email protected] no, we are not aware of specific Chinese blocking attempts currently. The blocking attempts we mentioned happen with a different country, and another one is currently gearing up (more about the latter probably next week).

chaos.social
Show threadd@nny disc@ mc²Dec 14
@durian @delta @signalapp @thefinalstrawradio (rest of thread is untagged, view on remote instance to see it)
Show threadd@nny disc@ mc²Dec 14

before i continue, i also want to note that the pdf doesn't have any text layer for some reason. this means it's invisible to blind people. i see https://signal-contingency-plan.info/, but that has different text than the pdf. i ran it through pdfsandwich and uploaded it to a third party hosting service: https://drive.proton.me/urls/CSE8QNNPS8#mG2gwPITVJ4S.

i don't see any reason why the pdf authoring tool wouldn't provide the text itself, but whatever.

Signal Contingency Plan

Show threadd@nny disc@ mc²

the zine itself contains a variety of misleading technical jargon (who can i blame for this?), and finally makes some directly invalid claims:

The use of email protocols to send messages means that a government or ISP can't simply block the entire Delta Chat protocol on the network, without blocking all email on that network.

network censorship by nation-state actors is far deeper than blocking a single port. this argument is textbook security through obscurity and is demonstrably false. and in particular, it plays upon the fundamental con of delta chat: if it is "just email", then it has the flaws of email, including plaintext sender/recipient/subject line.

Dec 14 at 10:42amWeb
Show threadd@nny disc@ mc²Dec 14

but it's not: see https://delta.chat/en/2024-03-25-crypto-analysis-securejoin#hardening-e-mail-header-protections-and-encryption. i do not doubt its encryption works, but claiming that it is indistinguishable from email is inarguably false:

To protect Subject header Delta Chat and other email clients such as Thunderbird and K-9 Mail replace Subject with “…” or “Encrypted Message”

matching emails with the subject "Encrypted message" is very much within the ability of a nation-state network censor! this is deeply unserious! if people rely on delta chat in the ways described, the worst-case scenario isn't just getting their messages blocked, they can be silently tracked by a global passive adversary. signal is actually strictly better than this as a result of their sealed sender.

Delta Chat: Hardening Guaranteed End-to-End encryption based on a security analysis from ETH researchers

We released guaranteed end-to-end encryption in November 2023 and were in for a pleasant surprise three months later. The Applied Cryptography Group at ETH Zurich handed us a cryptographic security...

Show threadd@nny disc@ mc²Dec 14
i really don't care enough to elaborate here, but delta chat is also not email because its ability to get anywhere close to real-time delivery (which it doesn't actually achieve) relies upon their chatmail relays (https://chatmail.at/doc/relay/faq.html#what-is-the-difference-between-chatmail-relays-and-classic-email-servers), which are again completely different from normal email, and therefore can be blocked by a nation-state network censor.
Frequently asked questions - chatmail relay documentation

Show threadd@nny disc@ mc²Dec 14

delta chat is riding on security through obscurity in order to make false claims, and that's not remotely trustworthy. i cannot overstate how much these kinds of statements damage the credibility of the entire project.

but let's talk about signal now.

Show threadd@nny disc@ mc²Dec 14

on signal: the emphasis on signal's cloud infrastructure is deeply misleading and draws an utterly false distinction:

The US government can instead try to force Signal’s providers to stop routing their traffic, resolving their domains, or hosting their servers.

very true! the us government could declare war on signal, and unilaterally force these major corporations to halt service to signal.

Show threadd@nny disc@ mc²Dec 14
since i expect the audience for this zine doesn't care about politics, i won't even go into how that would be a very expensive political decision, or how meredith whittaker would be on every single news network in every country describing in lurid detail how us corporations control speech for political ends, because she has worked for decades to understand and subvert exactly that.
Show threadd@nny disc@ mc²Dec 14
meredith whittaker is an anti-fascist technologist whom the audience of this zine should consider reading: https://logicmag.io/supa-dupa-skies/origin-stories-plantations-computers-and-industrial-control/
Origin Stories: Plantations, Computers, and Industrial Control

The proto-Taylorist methods of worker control Charles Babbage encoded into his calculating engines have origins in plantation management.

Logic(s) Magazine
Show threadd@nny disc@ mc²Dec 14
but let's pretend the fascist president declares war on signal. the signal server, like delta chat's chatmail relays, is open source: https://github.com/signalapp/signal-server. the signal client application stores all the messages, and the server is used to route messages that haven't been sent.
GitHub - signalapp/Signal-Server: Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS

Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS - signalapp/Signal-Server

GitHub
Show threadd@nny disc@ mc²Dec 14
one thing that of course delta chat doesn't care to explain is that signal too was built upon another protocol: SMS, used for TextSecure, which predated signal.
Show threadd@nny disc@ mc²Dec 14

the zine gestures at this with its imagined worst-case scenario:

So Cloudflare has just complied with an Executive Order and you’ve just frantically dug this zine out from under a pile of junk mail because your new Signal messages won’t load.

(first off, why would the fascist use an executive order? fascism doesn't need that shit)

Show threadd@nny disc@ mc²Dec 14
the zine says "new" signal messages, but fails to clarify that despite the FUD about reliance on cloud services, signal messages are stored on the client, and signal (just like delta chat) can be run as a server on another cloud.
Show threadd@nny disc@ mc²Dec 14
if delta chat gets to make up political outcomes, then i do too: if the us declares war on signal, i absolutely assume an eu country would volunteer its own cloud. i've done contract work to implement the signal protocol for a private company in the eu. it's almost an unofficial standard.
Show threadd@nny disc@ mc²Dec 14

for a stark comparison: delta chat claims that nobody can block delta chat unless they block all forms of email. consider as analogy: the us fascist cannot block signal without producing an international incident.

do you think a nation blocking delta chat would even reach the media?

if we're going to make this comparison, let's do it correctly.

Show threadd@nny disc@ mc²Dec 14
but here i will admit fault: i see the zine explicitly describes sealed sender, and also describes delta chat's tradeoffs (re "The same is not true of Delta Chat nor is such a feature planned"). i actually commend this frank discussion of tradeoffs quite highly--i really respect when software is unafraid to describe what it doesn't protect. i wish the whole zine was like this section ("If the outage continues", page 10).
Show threadd@nny disc@ mc²Dec 14

i will respond to this excerpt:

For long term use, we can mitigate this risk by using throwaway accounts for specific communications on servers optimized for maximum privacy.

this also describes the best practice for using signal in scenarios where anonymity is paramount, but i agree: delta chat succeeds in this regard. it is also significant that delta chat supports self-hosting a server like matrix.

Show threadd@nny disc@ mc²Dec 14

i am very confused as to why the zine does not compare to matrix, but in the specific case of:
(1) us fascist declares war on signal,
(2) you have independent infrastructure that can host a server,

then delta chat can provide secure messaging (like matrix). but the discussion of whether independent servers vs cloud services are more resilient to nation-state censors is riddled with outright falsehoods, and fails at all to interrogate delta chat the way it analyzes signal.

Show threadd@nny disc@ mc²Dec 14
i want to know who's responsible for pages 3-6 of this pdf and scream at them, because they pretend to analyze everything about the us, but fail to analyze signal itself. this is how they avoid considering meredith fucking whittaker, and how they avoid mentioning that signal can be moved across arbitrary servers
Show threadd@nny disc@ mc²Dec 14
it is valid to be concerned about where signal will move to in that case. it is valid to desire control over that infra. i will speak to that in a moment. but the credibility of this zine is completely torched because of the false claims it makes about delta chat in the follow-up.
Show threadd@nny disc@ mc²Dec 14
interspersing some good analysis with some deeply misleading and outright false claims is a way of legitimizing the falsehoods. in this case, that means anti-fascists will have a false sense of security in delta chat, and this may lead to loss of life
Show threadd@nny disc@ mc²Dec 14

here are three final points that i consider to be particularly damning:

(1) pgp can be used with emails, but it can also be used on arbitrary files. you can encrypt an attachment, or an arbitrary text message!

Show threadd@nny disc@ mc²Dec 14

more importantly, pgp identities don't rely on any server at all. if you are deeply serious about network-level censorship, actual pgp remains the most decentralized option.

if you have any communication channel open, you can use pgp keys to send a message that cannot be forged. no discussion of this in the zine.

Show threadxyhhx 3d ago
@hipsterelectron and @mollyim is working on setting up an alternative server! https://nlnet.nl/project/Flatline/
NLnet; Flatline Server

Show threadxyhhx 3d ago
@hipsterelectron i have had some folks try to sell me on delta chat but the arguments have always been extremely weak and usually tell me they have no idea how any of this works