Remix.run Logo
data_maan a day ago

How does this (or 0xchat) compare to Signal?

Have their been done any third-party security audits by reputable companies?

If not, it's not safe to use - who knows what's buried in the source code (even if the source code is open).

JimDabell a day ago | parent | next [-]

> Have their been done any third-party security audits by reputable companies?

Their FAQ answers this:

> Yes, multiple times. The Delta Chat project continuously undergoes independent security audits and analysis

https://delta.chat/en/help#security-audits

singpolyma3 a day ago | parent | prev | next [-]

Biggest advantages are the code is open, the infrastructure is open, and you don't have to hand all your metadata to a single centralized provider

em-bee a day ago | parent | prev | next [-]

deltachat does not have central servers. you get to use your own servers. aka it's federated. and it works with plain SMTP so you can just reuse the server/email account you already have.

heavyset_go a day ago | parent [-]

Delta Chat has the option of using chatmail servers that they host themselves.

josephb 19 hours ago | parent [-]

Chatmail relays can be run by anyone, they are designed to be fairly minimal and lightweight, just running what is needed to support the "encrypted chat" part, not regular email.

tcfhgj a day ago | parent | prev | next [-]

first of all, it's not a walled garden

johnisgood a day ago | parent | prev [-]

I mean, should probably just use Ricochet Refresh, Briar, Session, Element, etc.

I also built OTR on top of Discord but it requires Nitro because the messages for OTR end up being way too long. :(

progval a day ago | parent | next [-]

Can't they be split into lines? OTR was designed for IRC that limited protocol lines (ie. payload line + command + extra fluff) to 512 bytes, so that ought to work on Discord too.

johnisgood a day ago | parent [-]

I have not yet tried, that may work since it does work for IRC (which also has a limit per message). It was just more of a proof of concept, tbh, but it works, just not as usable as it could be.

em-bee a day ago | parent | prev [-]

the whole point of deltachat is that it is reusing an already standardized protocol with existing servers.

i am using element/matrix and i have tried briar. the usability of deltachat and the ease of onboarding beats both of those. briar was especially difficult to get started with and only has a very limited usefulness compared to the others. and matrix is simply very complex and easier to misconfigure.

johnisgood a day ago | parent | next [-]

Briar had trade-offs, for example, it is not available for desktop. I do not have use for Briar, personally. I use the rest, but Briar is worth a mention.

maqp a day ago | parent | prev [-]

A standardized protocol without forward secrecy is worse than standardized protocol with forward secrecy. Just use Signal.

em-bee a day ago | parent [-]

forward secrecy is independent of the transport protocol. it's only dependent on the encryption. messages encrypted with forward secrey can still be sent over SMTP. deltachat devs are working on that.

signal does not use a standardized protocol, and it requires a phone. that's not an alternative. my children have deltachat on their laptop. i can talk to them when i am not at home without needing to give them a phone.

maqp a day ago | parent [-]

>messages encrypted with forward secrey can still be sent over SMTP. deltachat devs are working on that.

OTR has had forward secrecy for 21 years. The effin headline stated PGP was a faulty model https://dl.acm.org/doi/10.1145/1029179.1029200

Why implement something PGP-like, without forward secrecy, 13 years later, beats my understanding. I mean, 13 years is also the time difference between OTR and PGP. I guess some devs don't read cornerstone papers of the field they supposedly specialize in :)