Delta ChatFeb 4

A lot of messaging systems try to reinvent the email system but many (signal, matrix, xmpp) took over one key traditional design which we actually dropped while retaining SMTP/IMAP compatibility: server-controlled identities.

With #chatmail user identities are cryptographic and reside on end user devices only. Servers are only message relays and have no control over identities or chats, only perform fast message routing. See this fosdem talk by one of our lead developers https://mirror.cyberbits.eu/fosdem/2026/ud2218a/3F9VTU-deltachat-chatmail-relays-multi-transport.av1.webm

Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@delta Reminds me of SimpleX, if you can add quantum-resistant encryption and easy multi profile management and throwaway (incognito) profiles like simplex then the privacy and anonymity features would probably be on par and I'd consider switching to get away from the far right dev team.

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #DeltaChat #QuantumResistantEncryption #FarRight

Show threadrakooFeb 5
@ambiguous_yelp @delta I'm biased (although not a dev) but multi-profile and throwaway accounts are already the case, it's so easy to create and delete accounts I juggle with a dozen of them while I only really need one or two 😅
Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@rakoo @delta

I'm glad to hear that I will have to take a closer look. Classical encryption is still a deal breaker though because of Store Now Decrypt Later attacks, SimpleX uses the double ratchet algorithm developed by signal, maybe DeltaChat could too idk if that's helpful.

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #Signal #DeltaChat #QuantumResistantEncryption

Show threadpeteFeb 5

@ambiguous_yelp @rakoo @delta PQC is obviously desirable for a privacy-centric messaging service but running one of shor's algorithms for breaking RSA and ECC is still a way away. for an n-bit RSA key, you'd need 3n qubits. RSA keys are 2048-4096 bits (hopefully the latter). the current largest circuit-based quantum computer is ~1200 qubits AFAIK. that is 10x less than you'd need to break a recommended size RSA key.

even then, as far as i can tell, current PQC is mostly a guess as to what quantum computers will not have algorithms in class BQP to break them.

if your threat model truly is nation states who are actively recording your communications with near-future access to that amount of error-corrected quantum compute then sure. but for someone more concerned with big companies invading their privacy, platforms without PQC do their job perfectly well (as long as their cryptosystem provides perfect forward secrecy, IND-CPA, IND-CCA1/2, though i'm not a cryptographer so don't quote me on that).

Show threadrakooFeb 5
@novet @ambiguous_yelp @delta (and if your threat model is nation states pqc is definitely not your number one concern anyway)
Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 AmbiyelpFeb 5

@rakoo @novet

Yes but it is among them and it is a conceptually easy switch that in theory should have no disadvantage to UX, and there is safety in numbers, the more people who take privacy seriously the safer those who really need it are amongst the crowd.

#PSA #Privacy #QuantumResistantEncryption

Show threadpeteFeb 5
@ambiguous_yelp @rakoo the main problem here is social, not technological. signal is relatively mainstream. people know what signal is, and they are happy to use it. SimpleX for example, not many people know (outside of privacy circles). most people won't be as happy to use it as they would with signal.
Show thread🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp

@novet

In that case it can be solved by incremental shifts to using it whereever possible until it becomes more popular on privacy and anonymity merit.

Otherwise you're employing a fallacy of the tragedy of the commons

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX

Feb 5 at 11:40amWeb