Sebastian

16 hours ago

Sebastian
16 hours ago

I find it bold stating that #DeltaChat doesn’t need a hyperscaler like #Signal does when it is based on… email servers. Where there is no audio/video calling. Where every sender and recipient server knows who is communicating with whom. Where you need to trust every decentralized server to not keep that information. Maybe be less smug if you can’t provide metadata protection. 🙄 @delta chaos.social/@delta/1154540411…

Delta Chat

2025-10-28 22:01:00

Signal's president claimed it takes billions to replicate the availability and reliability of "hyperscalers" (AWS/Google/Microsoft/Cloudfare) that Signal uses.
#chatmail and #deltachat are about disproving this claim by
1) making relays super cheap (DONE)
2) enabling chat profiles to use multiple relays redundantly (WIP)
3) distributing relay knowledge among chatters (TBD).
Fat servers, corporate overlords and billionaires: not needed and better to not exist for a convivial e2ee future :)

This entry was edited (16 hours ago)

feld likes this.

in reply to Sebastian

Delta Chat

in reply to Sebastian 16 hours ago

sure, nobody said avoiding hyperscalers is easy. In 8 years of project time we got about a tenth of the money that signal gives to hyperscalers, yearly. We can only tackle the challenges one by one, with the resources and skills we have, and see how far we get. Still some way 🤷🏽

in reply to Delta Chat

Sebastian

in reply to Delta Chat 16 hours ago

So how are you going to disprove the claim that you need hyperscalers when providing a service like #Signal does? Because that is what your post said. But I don’t see you providing a service like Signal does. And I’m sure DeltaChat does good stuff, but I was using PGP for mails 20 years ago. So maybe don’t try do dunk on another service while providing the same metadata protection we had 20 years ago?

#signal

This entry was edited (16 hours ago)

in reply to Sebastian

Delta Chat

in reply to Sebastian 16 hours ago

with all due respect and recognition that pgp has a troubled history, pgp twenty years ago and #openpgp now are different things. See for example chaos.social/@delta/1145902670… or
for a more thorough security talk including discussing metadata passthesalt.ubicast.tv/videos/…

Usable end-to-end security with Delta Chat and Chatmail

Over the years, Delta Chat has matured to be an easy-to-use, secure, and even fast decentralized FOSS messenger app for all platforms.

^{Pass the SALT Archives}

Delta Chat

2025-05-29 08:51:53

our friends over at @rpgp just published a monster milestone, humbly tagged 0.16 😍 with
- streaming decryption and encryption
- post-quantum-cryptography
- API streamlining.
#rPGP is a full Rust implementation of #openpgp which counts among the fastest and most compliant implementations today, and includes security audits. Note: #deltachat uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as #signal) github.com/rpgp/rpgp/

GitHub - rpgp/rpgp: OpenPGP implemented in pure Rust, permissively licensed
OpenPGP implemented in pure Rust, permissively licensed - rpgp/rpgp
^GitHub

#openpgp

in reply to Delta Chat

Sebastian

in reply to Delta Chat 16 hours ago

Not what I was asking. Maybe just try to do good work without smug comments about another service that also provides a much needed way of secure communication.

This entry was edited (16 hours ago)

in reply to Sebastian

rakoo

in reply to Sebastian 16 hours ago (Received 3 hours ago)

Deltachat is not doilg email like you did 20 years ago, maybe don't be so smug about it and learn how it works before dunking on it :)

in reply to rakoo

Sebastian

in reply to rakoo 15 hours ago (Received 3 hours ago)

@rakoo So they hide sender and receiver metadata from the involved servers? Do tell me more!

@rakoo

in reply to Sebastian

feld

in reply to Sebastian 3 hours ago

Signal doesn't have sealed receiver; it only has sealed sender (that only sometimes works). How can it deliver the message to the recipient if it doesn't know who the recipient is?

in reply to feld

rakoo

in reply to feld 3 hours ago (Received 1 hour ago)

It knows who the recipient is. Recipients create a token and give it to future senders; senders only include that. They don't need to authenticate because the only way they could know this token is if the receiver already "trusts" them. All the details are in signal.org/blog/sealed-sender/

Technology preview: Sealed sender for Signal

In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users.

^{Signal Messenger}

in reply to rakoo

feld

in reply to rakoo 1 hour ago

exactly. So if Delta sends all messages with a noreply@ sender on the envelope, the recipient's PGP key ID is scrubbed (already a feature in rpgp), and we have ephemeral addresses then anyone inspecting the email won't know for sure who the sender was or who the recipient is

Tada, we solved it

This entry was edited (1 hour ago)

in reply to feld

feld

in reply to feld 1 hour ago

really the biggest problem Delta has with solving these problems *today* is that there's an established userbase so the code has to be written and tested then slipped into several releases before it can be turned on or things will break for users because they often aren't aware of updates

in reply to Delta Chat

David Chisnall (Now with 50% more sarcasm!)

in reply to Delta Chat 16 hours ago

But you don’t address any of the privacy issues that exist in a post-Snowden threat model. Designing something that works in this context at all is hard, doing it in a decentralised setting is even harder (doing it in a federated model is probably impossible). But you continue to criticise Signal while not even attempting to solve the problems.

You are working with the same threat model that we used when I worked on XMPP 20+ years ago, which is no longer relevant to the modern Internet.

in reply to David Chisnall (*Now with 50% more sarcasm!*)

feld

in reply to David Chisnall (*Now with 50% more sarcasm!*) 7 hours ago

and yet Signal hasn't even fixed the "phone number tied to your government identity required to have an account", "your ISP is tied to your government identity and knows the IP addresses you've used", and the "group members can be identified because they're exposing their IP addresses to the CDN" problems.

Aren't these significant post-Snowden threat model problems too?

edit: especially in a world where every one of these corporations has folded like a wet napkin and happily complies with anything the current US government demands of them

This entry was edited (7 hours ago)

in reply to David Chisnall (*Now with 50% more sarcasm!*)

Delta Chat

in reply to David Chisnall (*Now with 50% more sarcasm!*) 5 hours ago

@david_chisnall you are rightfully coming from a very skeptical position if you look at 20 years of XMPP and traditional PGP happenings. Likely you would find things to complain about but at least skimming our "encryption and security" FAQ might clear some common misconceptions stemming exactly from those 20 years of bad experiences delta.chat/en/help#e2ee

Delta Chat: FAQ

What is Delta Chat? Delta Chat is a reliable, decentralized and secure messaging app, available for mobile and desktop platforms. Delta Chat feels like Whatsapp or Telegram but you can also use and...

^delta.chat

@David Chisnall (*Now with 50% more sarcasm!*)

in reply to Delta Chat

David Chisnall (Now with 50% more sarcasm!)

in reply to Delta Chat 3 hours ago

That FAQ suggests that you are not trying to solve the right problem. End to end encryption is a building block. It is nowhere near sufficient to protect the communication graph shape from a passive adversary.

in reply to Sebastian

Christian Kugler

in reply to Sebastian 16 hours ago (Received 12 hours ago)

Also latency

in reply to Christian Kugler

Delta Chat

in reply to Christian Kugler 12 hours ago

@syphdias
1) end-to-end latency on a 33EUR chatmail relay with ~200K monthly active users is sub-second. see attachment.

2) metadata details are here: delta.chat/en/help#message-met…
including a note on sealed sender (which btw Signal only does opportunistically by default, and easily falls back to non-sealed)

Delta Chat: FAQ

What is Delta Chat? Delta Chat is a reliable, decentralized and secure messaging app, available for mobile and desktop platforms. Delta Chat feels like Whatsapp or Telegram but you can also use and...

^delta.chat

@Christian Kugler

⇧

Sebastian 16 hours ago • •

Sebastian
16 hours ago