• Onno (VK6FLAB)
    link
    fedilink
    English
    arrow-up
    109
    arrow-down
    2
    ·
    10 hours ago

    I get that WhatsApp is not a platform to use if you care about your privacy, but WTF is “Delta Chat” and why would I switch to it rather than say Signal?

      • Humanius@lemmy.world
        link
        fedilink
        English
        arrow-up
        56
        ·
        9 hours ago

        Imo it’s already difficult enough to convince friends and family to use Signal. Delta Chat would be even more difficult to pull off.

        • amzd@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          17
          ·
          edit-2
          7 hours ago

          How is it different? In my experience it’s easier as they’ve already heard of email.

            • Serinus@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              2
              ·
              4 hours ago

              The other difference is that promoting more and more obscure, useless shit ruins your credibility for when you’re trying to get them to Lemmy or Signal or Mastodon.

              Signal is an absolutely fine product and doesn’t need to be decentralized right now.

    • Successful_Try543@feddit.org
      link
      fedilink
      English
      arrow-up
      26
      ·
      9 hours ago

      As I’ve understood, Delta chat is based on the IMAP protocol and uses the infrastructure of your email provider. Thus, it uses no own server infrastructure, but has the also the downsides of the protocol and some issues with many email providers.

      Wikipedia.de - Delta Chat (no English version available yet)

      • socsa@piefed.social
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 hours ago

        Right, they don’t support the advanced login protocols some providers like outlook require. That was a deal breaker, because deltachat was pretty much the last encrypted messaging service which worked in China.

      • JubilantJaguar@lemmy.world
        link
        fedilink
        English
        arrow-up
        17
        ·
        7 hours ago

        some issues with many email providers

        This turned out to be the deal-breaker for me. GMX kept locking me out of my account because of the DeltaChat messages. They’re (of course) full of cyphertext and to email providers this must look a look like spam.

        The open-to-abuse nature of email claims yet another victim.

        • anyhow2503@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 hours ago

          On the other hand, GMX (and web.de) is a notoriously bad influence on email communication and will randomly block mailservers if they feel like it while flooding all of their own users with spam. The world would be a better place without 1&1 / united internet.

          • JubilantJaguar@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 hour ago

            But it’s a free Europe-based provider that’s not US big tech. A better suggestion?

            To be clear, I use a paid service (Mailbox.org) for my main email, as everyone should do.

    • amzd@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      11
      ·
      9 hours ago

      Because delta chat is using an open protocol (email) and you can run your own servers meaning it is decentralized unlike Signal. Also it is actually anonymous unlike Signal, so you don’t need to give anyone your phone number and people can’t find where you live just by knowing your username.

      • heavydust@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        2
        ·
        edit-2
        7 hours ago

        If you use your email, it’s anonymous but you have to use your email which is almost never anonymous and has your phone number. Also you sometimes have to “Create an app-specific password” that delta chat will use and gain full access to your email account, which is way worse than signal or any other application. And for some accounts, you have to use your real password, and maybe disable the spam protection.

        Am I wrong somewhere or is that a really stupid idea?

        • amzd@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          6 hours ago

          During onboarding of the app you only choose a name and get a random email address

          • athairmor@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            6 hours ago

            Which applies to 99% of people making Delta Chat not a viable alternative to WhatsApp.

            The Fediverse has the same problem that Linux, and Open Source in general, struggles with. The barriers to entry and network effects work against widespread adoption.

            Until technology is packaged in a way that makes it dead simple and/or unavoidable, people won’t make the effort to move en masse.

            • Autonomous User@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              4
              ·
              edit-2
              5 hours ago

              Our words must be dead simple too.

              ‘Open source’ is a very ambiguous, confusing, phrase that makes it too easy for anti-libre software to scam.

      • sabreW4K3@lazysoci.al
        link
        fedilink
        English
        arrow-up
        31
        ·
        9 hours ago

        Because delta chat is using an open protocol (email)

        So not an instant messaging protocol but rather a technology that the whole world would do differently if they could go back in time?

        • amzd@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          7
          ·
          9 hours ago

          Could you be more concrete? In what relevant way do you think it does not work as an instant messenger? Keep in mind that Delta Chat is not a theoretical thing and it works as well as any other messenger.

          • sabreW4K3@lazysoci.al
            link
            fedilink
            English
            arrow-up
            10
            arrow-down
            7
            ·
            edit-2
            9 hours ago

            Regarding SMTP:

            SMTP (Simple Mail Transfer Protocol) is a foundational technology for email, but it has some limitations. Here are some ways it could be improved:

            • Security: SMTP was designed in a time of less pervasive security threats. It lacks built-in encryption and authentication mechanisms, making it vulnerable to eavesdropping, spoofing, and spam. While extensions like TLS/SSL and authentication methods exist, they are not universally implemented or enforced.
            • Efficiency: SMTP is a “chatty” protocol, meaning it involves multiple back-and-forth exchanges between the client and server. This can lead to latency and increased resource consumption, especially for large emails or bulk sending.
            • Deliverability: SMTP doesn’t have mechanisms to guarantee email delivery. Emails can get lost, delayed, or filtered as spam. While techniques like SPF, DKIM, and DMARC help, they are not foolproof.
            • Features: SMTP is primarily designed for sending emails. It lacks features for managing email content, tracking delivery status, or handling complex email workflows. Possible Improvements:
            • Mandatory Encryption: Enforcing TLS/SSL encryption for all SMTP connections would protect email content from interception.
            • Stronger Authentication: Implementing more robust authentication mechanisms would prevent spoofing and ensure that emails originate from legitimate senders.
            • Enhanced Deliverability: Developing mechanisms to track email delivery, provide feedback on delivery failures, and reduce spam filtering would improve deliverability.
            • More Efficient Communication: Exploring alternative protocols or extensions that reduce the “chattiness” of SMTP could improve efficiency.
            • Integration with other technologies: Integrating SMTP with other technologies like REST APIs or message queues could enable more complex email workflows and features.

            It’s important to note that some of these improvements are already being addressed through extensions and best practices. However, there is still room for improvement in making SMTP a more secure, efficient, and reliable technology.

            That said, it looks like Delta Chat doesn’t actually use SMTP, having scanned through the website. Though I’m honestly unsure either way as it was only a scan.

            Never mind:

            Delta Chat doesn’t use its own proprietary protocol. Instead, it cleverly leverages the existing email infrastructure for message delivery. Here’s how it works:

            • Core Protocol: IMAP/SMTP - Delta Chat primarily uses the standard Internet Message Access Protocol (IMAP) for receiving messages and Simple Mail Transfer Protocol (SMTP) for sending them. These are the same protocols your regular email client uses.
            • Encryption: Autocrypt & OpenPGP - To ensure secure and private communication, Delta Chat implements end-to-end encryption using the Autocrypt standard and the OpenPGP standard. This means your messages are encrypted in such a way that only the intended recipient can decrypt and read them.
            • Secure Key Exchange: SecureJoin - Delta Chat also utilizes the SecureJoin protocol for secure key exchange. This helps to prevent man-in-the-middle attacks and ensures that only authorized parties can establish secure communication. In essence, Delta Chat works by:
            • Sending encrypted messages as emails: When you send a message in Delta Chat, it’s actually sent as an encrypted email to the recipient’s email address.
            • Receiving encrypted messages as emails: Delta Chat constantly checks your email inbox for new encrypted emails that are meant for you.
            • Decrypting and displaying messages: When a new encrypted email arrives, Delta Chat decrypts it and displays it to you in the chat interface. This approach has several advantages:
            • Decentralization: No central server is required to store your messages, making it more resistant to censorship and single points of failure.
            • Openness: It leverages existing email infrastructure, making it interoperable with any email provider.
            • Security: End-to-end encryption ensures that your messages remain private and secure.

            If you’re interested in learning more about the technical details, you can check out the cryptographic analysis of Delta Chat available on the Cryptology ePrint Archive: https://eprint.iacr.org/2024/918

            • xorollo@leminal.space
              link
              fedilink
              English
              arrow-up
              5
              ·
              6 hours ago

              PGP is a very curious choice. A quick Google search says a downside of this is that it does not provide “forward secrecy”. From the Wikipedia page on forward secrecy, it prevents things like the following.

              If an adversary can steal (or obtain through a court order) this static (long term) signing key, the adversary can masquerade as the server to the client and as the client to the server and implement a classic man-in-the-middle attack.

              • sabreW4K3@lazysoci.al
                link
                fedilink
                English
                arrow-up
                3
                ·
                6 hours ago

                Thanks for pointing this out. I’m guessing part of this is why so many messengers either create a new protocol or choose XMPP

                • xorollo@leminal.space
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  4 hours ago

                  Yes, I really have t looked into this before. I just vaguely remembered jokes about PGP from a security class a while back, so looked it up. It does look like the encryption scheme used in XMPP does solve this issue.

                  Wikipedia saves the day again:

                  OMEMO is an extension to the Extensible Messaging and Presence Protocol (XMPP) for multi-client end-to-end encryption developed by Andreas Straub. According to Straub, OMEMO uses the Double Ratchet Algorithm “to provide multi-end to multi-end encryption, allowing messages to be synchronized securely across multiple clients, even if some of them are offline”.[1] The name “OMEMO” is a recursive acronym for “OMEMO Multi-End Message and Object Encryption”. It is an open standard based on the Double Ratchet Algorithm and the Personal Eventing Protocol (PEP, XEP-0163).[2] OMEMO offers future and forward secrecy and deniability with message synchronization and offline delivery.

            • Serinus@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              4 hours ago

              I get that you’re using AI directly related to your point, but it’s still a lot of shitty AI spam.

              Use it for your own research, but don’t foist that on us.

            • amzd@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              11
              ·
              9 hours ago

              I asked specifically for relevant issues and you just link general issues with smtp that have no impact on Delta Chat?

              SMTP is not secure

              Delta Chat sends encrypted messages over it so that’s irrelevant.

              SMTP is not efficiency

              Your phone can run LLMs, it can send a couple packets. Also this “chattyness” can be seen as an advantage as it is extremely robust and works on any network however inconsistent.

              SMTP doesn’t have a way to ensure stuff is delivered

              Yeah duh? It’s decentralized. You can’t ensure that the recipient doesn’t take down their server?…

              Etc. I feel like I’m wasting my time replying to all these because it seems you didn’t even take the time to read them yourself.

              • sabreW4K3@lazysoci.al
                link
                fedilink
                English
                arrow-up
                13
                arrow-down
                1
                ·
                8 hours ago

                I feel like I’m wasting my time replying to all these because it seems you didn’t even take the time to read them yourself.

                I’m here trying to learn about Delta Chat and why you think it’s a good app given the drawbacks of the approach they’ve taken. Over the years there’s been an incredible amount of messengers pop up, 90 million from Google alone and none have opted for SMTP. There’s surely a reason for that. From what I’ve learned, mostly thanks to Gemini, because holy fuck the Delta Chat website feels like something from 20 years ago and is purposely vague, the solution that Delta has gone for is just to add more layers. Again, something that the world has repeatedly opted against. I’m trying to understand why it’s considered a good idea in this case and why so many teams and startups have decided not to use this methodology until now?

                Jesus Christ, being curious shouldn’t feel like a chore.

                • JubilantJaguar@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  5 hours ago

                  It’s considered a good idea because it runs over omnipresent, already-existent, distributed infrastructure. In other words, for this particular chat app, you don’t even need to create an account. That is at very least an interesting and noteworthy feature.

                  • xorollo@leminal.space
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    4 hours ago

                    So if you don’t need to create an account, how do you know you’re talking to who you think you’re talking to?

                    I can see this being valuable as a Lemmy style service where I’m sharing information and reading information but want to be anonymous. But not a good service if I want to talk to my mom about a sensitive subject and protect my privacy.

              • OhNoMoreLemmy@lemmy.ml
                link
                fedilink
                English
                arrow-up
                6
                arrow-down
                10
                ·
                8 hours ago

                As a heads up, the person you’re arguing with seems to be using an LLM to generate text.

                I would down vote and move on. It’s not a real discussion.

                  • OhNoMoreLemmy@lemmy.ml
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    arrow-down
                    5
                    ·
                    7 hours ago

                    Wasting other people’s time.

                    If you want to use an LLM that’s fine, but if you’re cutting and pasting it into a discussion you should warn other people that it’s not human generated.

                    And most of it isn’t wrong, it’s just a giant wall of text that’s largely irrelevant to the conversation.

      • Zloubida@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        5
        ·
        9 hours ago

        you don’t need to give anyone your phone number

        You do not need to give your number anymore to use Signal.

        • amzd@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          2
          ·
          9 hours ago

          You cannot make a Signal account without phone number so that’s not true.

          • gi1242@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            2
            ·
            8 hours ago

            you need a phone number to make an account. but you can chat with others without divulging your phone number

            • amzd@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              6
              ·
              9 hours ago

              Yeah I’d rather not share my identity though. Seems like an odd requirement for a “private” messenger

                  • Zangoose@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    3
                    ·
                    6 hours ago

                    Signal is private in that other people can’t intercept your messages, including signal. The signal app is open-source so you can be relatively certain it’s not tracking your decrypted messages, unlike closed-source apps like WhatsApp or Facebook Messenger or any other private social media.

                    Signal is not anonymous from an account standpoint, because you need a phone number to sign up, even if you can choose not to display it in your account.