Zum Inhalt der Seite gehen
If you are using #deltachat with a #chatmail profile with private contacts there is no chance you are going to get spam. Why?

1) Spammers can't contact you based on your phone number like with other messengers.

2) Nobody knows your private address or cryptographic key except your contacts. Without that spammers/phishers can't contact you.

3) if joining a public group with unknown members better use a second chat profile which you can mute/remove as needed.

Privacy and peace of mind.
#chatmail #deltachat
Delta Chat
Isn't it ironic that a messenger that utilizes email protocols under the hood is pretty resistant to spam? For decades most people equated email with "spam" and yet, here we are. It's not the email protocols that cause spam but the fact that email adresses have been used as identity. #deltachat is moving away from this email address-as-identity model towards a cryptography based model where only chat contacts know your identity, and email is "just" the globally federated transport.
#deltachat
tokudan
doesn't point 3 indicate that you haven't solved the underlying problem of leaked addresses and thus can still receive spam?

it would basically require a new identity per contact/group, which is a lot more feasible with your chatmail server than with regular email, i'll admit, but you're not completely there in my understanding.
Delta Chat
yes, if using a chat profile in large channels with lots of unknown contacts then someone there could collect addresses and start to spam. But using a new profile for each group might cause usability problems. In private chat groups one typically wants to understand/identify who is a member.
Dieser Beitrag wurde bearbeitet. (3 Tage her)
tokudan
yeah... looks like a hard to solve issue.
adding a "use new identity" flag for a group complicates the UI as it needs to be explained.
Delta Chat
yip. we will see if anything more needs to be done. The main reason for being shielded from spam is that there is no "cleartext" identifier like phone number of email address that would be known or sufficient to address the device/user behind the number/address.
Adam Lein
If public groups were really email Listservers like we've had for 30 years, the listserver address could be the only thing that knows your personal address as it would be syndicating your messages to the other subscribers under the listserver's email address. That method would also mean only having to encrypt between one address for each response.
tokudan
having a listserver ist not really an option, i believe. too much control there.
Adam Lein
What do you mean? You don't want one group message owner knowing about everyone on the list? Isn't that better than everyone knowing about everyone on the list?
tokudan
you're talking about the newsletter-type list. one or few senders and many receivers.
that's completely different than a peer 2 peer group
Adam Lein
No, I'm talking about list servers. The way those work is you subscribe to group@example.com. Maybe an admin approves you or maybe it's instant. Then any subscriber on the list for that address can email that address and it will resend that message to all other subscribers from group@example.com. It CAN hide the address of each sender if you configure it that way. Then the entire conversation appears peer to peer, but it's going through one forwarder.
tokudan
exactly, that would require breaking the e2e encryption and thus is bad.
you can only have e2e when all senders (everyone) know the public keys of all receivers (everyone).
Adam Lein
Can we encrypt from Adam to group@example.com with one set of keys and then from group@example.com to Tokudan with another set of keys?
tokudan
that's called transport encryption, not e2e encryption as the list server decrypts the mesage and then encrypts it again, thus the message is only encrypted while being transported.
tokudan
you realize the context of this thread is the Instant Messaging app @delta that uses emails as transport?
@Delta Chat
Delta Chat
Adam is following delta for some years and has written good articles about it (thanks again btw :). It's proper to point out that mailing list bots are a traditional method to conceil subscribers and/or scale to tons of subscribers. But for delta, such bots would need to handle encryption between all parties involved. An interesting topic of its own and not implemented yet.
Adam Lein
I'm still learning though, so I apologize for when I don't understand something.
Adam Lein
Yes, list servers use email.
Adam Lein
A proprietary competitor to @delta does group messages with list servers just like this and formats them as instant messages: https://www.spikenow.com/features/team-collaboration/ I don't know how they handle encryption within groups though, if at all.

Team Collaboration Software | Spike

Spike Groups offer a secure and private space for discussions with the right people, inside or outside your organization.
Spike
@Delta Chat
Delta Chat
last time we checked, spikenow has no encryption whatsoever, and was tied/working especially.with Gmail. Delta can be used with mailing lists but they mostly (except Schleuder) don't implement encryption either. Sidenote: Huaweis default email app interestingly uses a contact oriented chat UI but also without encryption.
Adam Lein
Spike did have encryption last time I checked, but I haven't used it in a while, too. It might have only been between Spike users. They're not Gmail-only anymore and also offer email hosting for people who just want to point the domain MX record to them. I know the owner and lead developer if you want me to introduce. They had helped a bit with COI-dev at one point too.
Delta Chat
we had contact in 2019 with spike folks. Thanks for the offer but there is nothing immediate that needs discussion and good to hear they decentered from Gmail.
SPdevALK 🐘️ ☑️
I think DC could learn a lot from simplex.chat. Especially that each contact pair has a unique encryption layer. So you end up with an email address for transport/federation and totally unique cryptographic identities for each connection/contact.

In this case individuals in a public group can not start sending anyone in that group private messages unless a connection request has been approved and a unique ‘identity link’ has been established.

Also moderation of groups is missing atm
Delta Chat
thanks and sure, there are some similarities in our approach and simplex'.

While it's super-interesting for experts and hackers to discuss how to provide the optimum cryptography, it's not necessarily

a) what people affected by repression actually need or

b) what "mass" users need in order to #walkaway from WhatsApp

Rest assured, we are following virtually all developments from other messengers, including signal, simplex, matrix, briar and many others, as well as DCGKA and MLS.
#walkaway
Dieser Beitrag wurde bearbeitet. (2 Tage her)

Delta Chat hat dies geteilt