Delta ChatFeb 4

A lot of messaging systems try to reinvent the email system but many (signal, matrix, xmpp) took over one key traditional design which we actually dropped while retaining SMTP/IMAP compatibility: server-controlled identities.

With #chatmail user identities are cryptographic and reside on end user devices only. Servers are only message relays and have no control over identities or chats, only perform fast message routing. See this fosdem talk by one of our lead developers https://mirror.cyberbits.eu/fosdem/2026/ud2218a/3F9VTU-deltachat-chatmail-relays-multi-transport.av1.webm

Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@delta Reminds me of SimpleX, if you can add quantum-resistant encryption and easy multi profile management and throwaway (incognito) profiles like simplex then the privacy and anonymity features would probably be on par and I'd consider switching to get away from the far right dev team.

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #DeltaChat #QuantumResistantEncryption #FarRight

Show threadrakooFeb 5
@ambiguous_yelp @delta I'm biased (although not a dev) but multi-profile and throwaway accounts are already the case, it's so easy to create and delete accounts I juggle with a dozen of them while I only really need one or two 😅
Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@rakoo @delta

I'm glad to hear that I will have to take a closer look. Classical encryption is still a deal breaker though because of Store Now Decrypt Later attacks, SimpleX uses the double ratchet algorithm developed by signal, maybe DeltaChat could too idk if that's helpful.

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #Signal #DeltaChat #QuantumResistantEncryption

Show threadpete

@ambiguous_yelp @rakoo @delta PQC is obviously desirable for a privacy-centric messaging service but running one of shor's algorithms for breaking RSA and ECC is still a way away. for an n-bit RSA key, you'd need 3n qubits. RSA keys are 2048-4096 bits (hopefully the latter). the current largest circuit-based quantum computer is ~1200 qubits AFAIK. that is 10x less than you'd need to break a recommended size RSA key.

even then, as far as i can tell, current PQC is mostly a guess as to what quantum computers will not have algorithms in class BQP to break them.

if your threat model truly is nation states who are actively recording your communications with near-future access to that amount of error-corrected quantum compute then sure. but for someone more concerned with big companies invading their privacy, platforms without PQC do their job perfectly well (as long as their cryptosystem provides perfect forward secrecy, IND-CPA, IND-CCA1/2, though i'm not a cryptographer so don't quote me on that).

Feb 5 at 11:14amWeb
Show threadrakooFeb 5
@novet @ambiguous_yelp @delta (and if your threat model is nation states pqc is definitely not your number one concern anyway)
Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@rakoo @novet

Yes but it is among them and it is a conceptually easy switch that in theory should have no disadvantage to UX, and there is safety in numbers, the more people who take privacy seriously the safer those who really need it are amongst the crowd.

#PSA #Privacy #QuantumResistantEncryption

Show threadpeteFeb 5
@ambiguous_yelp @rakoo the main problem here is social, not technological. signal is relatively mainstream. people know what signal is, and they are happy to use it. SimpleX for example, not many people know (outside of privacy circles). most people won't be as happy to use it as they would with signal.
Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@novet

In that case it can be solved by incremental shifts to using it whereever possible until it becomes more popular on privacy and anonymity merit.

Otherwise you're employing a fallacy of the tragedy of the commons

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX

Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@novet

As an anarchist I think that we should all consider the state an adversary because the state is a threat to everyone's liberty and survival: they protect ecosphere destroying businesses and risk global extinction on the only planet known to host life.

When someone acts to rescue non-human creatures being tortured and murdered its that state that will come and lock up the rescuer

https://www.youtube.com/watch?v=HZeQrwKhJRQ

Qubit count seems to be exponential[1] I think its reasonable to expect quantum supremacy possibly within the next 10y

https://www.youtube.com/watch?v=-UrdExQW0cs

#QuantumResistantEncryption #Anarchism #Speciesism #Veganarchism #Veganism #ClimateCollapse #ClimateEmergency #DirectAction

Power

If we are to truly dismantle the oppressive machine which dominates our lives, it will be necessary that we understand the will to power more intimately. The...

YouTube
Show threadpeteFeb 5

@ambiguous_yelp if a quantum-capable nation state is targeting you, PQC is the least of your concerns. it is, imo, a nice-to-have with the current state of things.

as for qubits, it is hard to tell how they're growing at this point. it is purely speculative and i reckon the public perception of growth may be influenced by marketing.

PQC would be ideal, and it isn't all too hard to use an existing implementation. but the fact that a messaging service doesn't have it isn't at the top of the list for required features to protect your privacy against big corps.

Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@novet

Afaict simplex has all the same privacy and anonymity benefits as deltachat, and it might even have more features: simplex has calls, live-text, file transfer, voice messages, out of the box tor integration with client settings and onion address support, tag-sorting for chats, GUI theme customization and export including custom photo backgrounds.

Given that both simplex and deltachat have very similar threat models and architecture its difficult to see why anyone would choose to use deltachat over simplex when simplex has quantum resistance and deltachat does not

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #DeltaChat #QuantumResistantEncryption

Show threadpeteFeb 5

@ambiguous_yelp that is all great and they sound like great platforms with features i'd like. unfortunately, there is still the social issue. i would certainly have trouble getting my friends and loved ones onto something like SimpleX or deltachat, and a majority of my friends are technologists.

on top of that, signals source code is under much more scrutiny than the smaller players. your security and privacy is only as good as the weakest link. why break a lock when another door is open?

it seems like we have very different threat models, which is probably why we have differing opinions here. for most consumers (those who don't use other PETs when browsing the web), subbing whatsapp or anything similar for signal is a huge step-up in privacy.

Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@novet

Security audits are important, simplex has one from Trail of Bits.

If the argument is that it wont get more security research done into it until there are more users then thats an argument to use it for non-critical communications and to promote it until it becomes more popular on merit and then gets more security research.

About signal: I have a second hand story that a direct action team was all arrested because one phone was compromised which listed every phone number in the signal group. Now signal has usernames which adds another step: the police have to subpoeana signal for the phone numbers associated with the username

#FLOSS #E2EE #PSA #Privacy #Anonymity #Signal #SimpleX

Show threadKevin Karhan Feb 5

@novet @ambiguous_yelp I'll never trust any #SingleVendor and/or #SingleProvider solution, but demand real #E2EE with #SelfCustody and #SelfHosting capability as #FLOSS with reproduceable builds

  • Something #Signal can't and won't deliver as a matter of principle!

https://infosec.space/@kkarhan/114935952643402592

Unlike #monoclesChat, #gajim (#XMPP+OMEMO) & #deltachat as well as #Thunderbird!

Kevin Karhan :verified: (@[email protected])

My [reservations](https://infosec.space/@kkarhan/114234551915193036) and [criticism](https://infosec.space/@kkarhan/114862595629371002) re: #Signal are not just valid, but the reality is *even worse than I thought*: - The fact that @[email protected] requires not only their shitty #Android #App, and a #PhoneNumber but literally won't allow people to use their shitty #Desktop-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users *who don't have a fucking #camera in their Android*… Seriously, do they expect folks to deal with that shit? - It's already worse in terms of #UX than #telegram and #discord and that too makes #XMPP+#OMEMO clients like @[email protected] / #monoclesChat & @[email protected] / #gajim easier and faster to onboard #TechIlliterates onto. - Whichever asshole decided that a *replacement for #SMS* should mandate #PII like a #PhoneNumber & not be natively cross-platform should be banned from doing any #tech in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it! FIX THAT SHIT, @[email protected], and if it means you need to kick some devs in their crouch then consider this a necessary *"investment"*… #sarcasm #TechSupport #TalesFromTechSupport #Enshittification #SignalSucks #TelegramSucks #Messengers

Infosec.Space
Show threadOwl EyesFeb 5
@ambiguous_yelp @novet any Youtube vids to recommend on Simplex, demonstrating its convenience, by which to woo us? *Any* lack of convenience compared to Deltachat, and Deltachat still stands, I say.
Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@decentral1se

Rn I'm arguing that its a safer choice because it is resistant against quantum attacks. But techlore has a review of simplex

https://www.youtube.com/watch?v=DVKe8U-n8fU&t=1s

#FLOSS #E2EE #PSA #Privacy #Anonymity #QuantumResistantEncryption #SimpleX

Why We Recommend SimpleX Now (Should You Use It?)

YouTube
Show threadrakooFeb 8
@ambiguous_yelp @novet deltachat builds on existing protocols and software, using the most deployed protocol. It doesn't reinvent the wheel where it is already good, but focuses efforts where it makes a difference

Note that some of the features you list exist in deltachat.
Show threadTorf und SchneeFeb 7

@novet @ambiguous_yelp

> "if a quantum-capable nation state is targeting you, PQC is the least of your concerns"

Exactly. For some reason people are obsessed with PQC, but consistently fail to care about the soldering iron cryptoanalysis and therefore plausible deniability.

Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 7

@torf

Usually the reason I'm more concerned with quantum attacks is because it lends itself to mass-surveillance which has a broader impact - I dont imagine the govt will be coming to every door with a soldering iron any time soon.

Hidden profiles and panic buttons are simple deniability features I hope to see more projects implement them.

#PSA #Privacy #Anonymity #QuantumResistantEncryption #Surveillance

Show threadTorf und SchneeFeb 7

@ambiguous_yelp

> "govt will be coming to every door with a soldering iron"

No, they use checkpoints and random checks, and criminalise a failure to unblock a device for search.

> "Hidden profiles and panic buttons are simple deniability features I hope to see more projects implement them"

Exactly!

Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 8

@torf

I just confirmed the official simplex client has a hidden profile feature, right click a profile from the profile selection to bring up a hide profile option, you can then give it a password (i think each profile can be given a different password) and then to reveal it you type the full password into the profile search box

#FLOSS #E2EE #PSA #Privacy #Deniability #Security #SimpleX