Remix.run Logo
Valodim a day ago

I'm not sure that's fair. It would be if it was otherwise just another messenger app, but Delta uses email as a transport, which gives it a special kind of resilience. It's harder to shut down email than signal.

woodruffw a day ago | parent | next [-]

I don’t think this is true in practice. On the whole, I suspect the ordinary user of email is exactly as centralized as the ordinary user of Signal.

(The response here might be that you could run your own mail server, but you’ve now excluded >99% of the world’s population from the essentially reasonable expectation of secure messaging. Plus, you’re then dealing with the ongoing misery of securing your own mail host.)

jjav 9 hours ago | parent | next [-]

> I don’t think this is true in practice. On the whole, I suspect the ordinary user of email is exactly as centralized as the ordinary user of Signal.

Not true, because an open standard will always be superior to a company-owned (and controlled) app.

I run all my own email infrastructure. Many of my friends do. We can communicate without any corporate overlord deciding who can say what.

Signal is a company, one that demands a phone number to use their proprietary service and can shut you out in a nanosecond. No thanks.

flaburgan 6 hours ago | parent [-]

Signal is not a company but a non profit, and their service is not proprietary but fully open source including the server side. That being said, it is centralized and so less resilient, it can be taken down more easily. So you have to pick between more secure (Signal) or more resilient because decentralized (DeltaChat). Theoretically Matrix has both, but at the moment it is not as secure as Signal, and its UX is clearly worst. And to that you have to add the complexity of decentralization for normal people: which server to pick, how can I know if someone I know has an account... Here the comparison with email should help but still it is not as easy as entering a phone number and immediately you have all your contacts available.

Arathorn 6 hours ago | parent [-]

when you say “Matrix’s UX is clearly worst”, what app are you talking about? Element X is similar if not better to Signal in terms of UX for instance.

Valodim a day ago | parent | prev [-]

The difference is the collateral. Are you really going to shut down a country's most popular local email service? Or gmail?

woodruffw a day ago | parent [-]

I think the answer to that is resoundingly yes: the kinds of countries that care about curtailing E2EE messaging are also the ones that institute nationwide internet blackouts.

(But also, this isn’t a good argument! Repressive governments love metadata, and email is an amazing source of unbounded metadata even with these kinds of “secure” layers slapped on top. If I was a government looking to snoop on my citizens, I would absolutely push them towards the protocols I can infer the greatest amount of behavior from.)

Valodim 20 hours ago | parent [-]

Blocking email or gmail is much closer to a nationwide internet blackout than blocking signal or tor. And even repressive regimes are on a budget there.

I'm not sure your second point holds either - for most nations, an active connection to imap.gmail.com leaks little other than how actively the user uses gmail. Correlating senders and receivers from that data sounds technically challenging enough that I wouldn't expect repressive regimes to be capable. But, to be fair, I base that on nothing.

woodruffw 19 hours ago | parent | next [-]

> Blocking email or gmail is much closer to a nationwide internet blackout than blocking signal or tor.

Yes; the point was not that they’re the same, but that regimes that do the former tend to also do the latter. Moreover, we shouldn’t do insecure things because regimes block the secure things; that’s what the regime wants you to do. The answer might not be Signal if Signal is insufficiently decentralized, but it certainly isn’t email.

> for most nations, an active connection to imap.gmail.com leaks little other than how actively the user uses gmail

This alone is a significantly larger amount of metadata than schemes like Signal leak. But it also isn’t true: a country that controls its internet infrastructure can almost certainly pull much more metadata from plaintext IMAP/SMTP than just access times and addresses. And this isn’t hypothetical: STS is not widely adopted in the email ecosystem, so plaintext downgrades are pervasive.

heavyset_go 16 hours ago | parent | prev [-]

> I'm not sure your second point holds either - for most nations, an active connection to imap.gmail.com leaks little other than how actively the user uses gmail. Correlating senders and receivers from that data sounds technically challenging enough that I wouldn't expect repressive regimes to be capable. But, to be fair, I base that on nothing.

Nations don't have to do any of that, they can just subpoena the email host for the data, or just ask nicely for it, as companies are wont to work with law enforcement and the regimes they do business with.

The point of many of anonymizing and "private" chat services is the lack of data sitting on third-party hosts that can later be shared with adversaries.

tcfhgj a day ago | parent | prev | next [-]

you don't have to use email to federate between servers, there are other protocols such as Matrix, XMPP, probably many more

Valodim a day ago | parent [-]

I was not talking about federation, I was talking specifically about email. It's like the domain fronting feature that signal used to have, but using a service as a front that is business critical.

maqp a day ago | parent | prev [-]

"It's harder to shut down email than signal."

It took me two minutes to figure out DeltaChat connects to the server with SNI "nine.testrun.org". Banana dictatorships can trivially write firewall rules to cut those connections. There are other servers, but if those are going to be usable by anyone, they're going to have to be public, and writing block-rules is trivial compared to spinning up new servers.

I'm not saying Signal is much better in this regard, I'm just saying resilience isn't a useful metric to assess messenger security.

em-bee a day ago | parent [-]

DeltaChat connects to the server with SNI "nine.testrun.org"

sounds like a bug that can be fixed. it should not need to make that connection unless you create an account on that server.

maqp a day ago | parent [-]

No that's just the default behavior of connecting to default server, which is what 99.9% of users are going to do. You want to get rid of SNIs, you run a server dedicated for DeltaChat, and then its the IP-address can be blocked.

em-bee 21 hours ago | parent [-]

connecting to default server, which is what 99.9% of users are going to do.

not quite. the default server feature is only a year old. while deltachat itself goes back to at least 2017, so the majority of users will not be on that default server now, and it would be possible to offer a randomized selection to prevent one default server from dominating.

maqp 17 hours ago | parent [-]

Majority of new users will be. It's still a niche product.

Also, I'm unsure if it's smart the client just picks a server for you at random. AFAIK this uses email as back-end so it's not like you can just swap your email address host like you can swap telco while keeping your phone number. One option would be to have the user first whitelist the email providers they'd trust, but most users usually prefer trusting the app vendor as they're trusting it with the client anyway.