Leander Lindahl
ArcaneChat@ariarhythmic I second this, #DeltaChat is the way!
Danish Akhtar@danish_akhtar7 it has received several independent professional security audits
https://delta.chat/en/help#security-audits
https://delta.chat/en/help#e2ee
Glyph@danish_akhtar7 @arcanechat @ariarhythmic no, it’s bad. don’t use it https://eprint.iacr.org/2024/918.pdf
@glyph what are you trying to say with that?? that is a paper from 2024 and it says that all the encountered problems where solved
the fixes where released on version 1.44 and delta chat is on version 2.36.0
saying "it is bad, don't use it" is a really shady reply from you, obviously trying to push for Signal
@arcanechat @danish_akhtar7 @ariarhythmic these were people who thought OpenPGP was a good starting point for a cryptosystem in the 2020s. not a design that inspires confidence, even if all the specific enumerated issues were addressed. it also has the concept of an “unencrypted chat”. they also discuss extensively flaws *outside* delta’s threat model.
disregard my opinion if you like, I am not a cryptographer but based on the opinions of those I know, I don’t like it
@glyph it is ok if you don't like it, but please don't just give such replies to people because it is a bit of FUD if you don't explain yourself
for your info, since version 2 of Delta Chat, encryption can never drop in chats, it is perpetual, because now user ID is not an email address but your cryptographic identity
I know where you are coming from, the classic "OpenPGP is bad" but this is a well constrained subset what is being used
1/2
anyways it is your choice, but that is a matter of preference, if you have some concrete proof bring it up not just push people to dismiss something just because you think now the fashion is to use X or Y more modern thing, OpenPGP is evolving anyways, and as you will see this year even post-quantum encryption and forward secrecy will be available in Delta Chat
(2/2)
case in point: forward secrecy has been available in Signal since 2013. this is a fundamentally unserious effort from people who are catching up with 20-year-old technology. Signal's also already rolling out their PQC ratchet and have been for months. OpenPGP has been widely known to be a disaster of overcomplexity for like 10 years now, c.f. https://www.latacora.com/blog/2019/07/16/the-pgp-problem/
Signal is not perfect but it is easy to tell at a glance that the attention to detail between these two products is not even close, and it is irresponsible to suggest that to users.
I'm not even saying that people should not *use* Delta Chat. I use DMs on this very website which are ridiculously insecure! Maybe Delta Chat is a reasonable alternative to e.g. iMessage, certainly better than SMS. Maybe it has some great features or some discovery stuff that you couldn't do in a security-oriented product like Signal. Maybe the federation aspect has some benefits that I am not aware of. But they're not in the same category with respect to security.