Zum Inhalt der Seite gehen
Did you know that #deltachat literally shares cryptographic implementation code with #signal ? Both delta and signal use the ed25519-dalek crate ... Most messengers by now moved their cryptography to #rustlang . We did that in 2019. But in delta also all networking and message formats is implemented in Rust where other messengers (including signal) have a lot of platform specific code still.
#signal #rustlang #deltachat
Tobias Bernard
Next step: native GTK Rust client? 🙃
Dieser Beitrag wurde bearbeitet. (1 Woche her)
🤸‍♀️ Ada ⅗ 🤼‍♀️
Could you tell us about how delta.chat plans to react in case the former Chat Control project or any such regulation project passes?

I guess you've heard about Meredith Whittaker's/Signal foundation's position about the Swedish law project or the french one on "narcotrafficking"?

What about client-side/homomorphic encryption scanning features? Any word on those?

Asking because seeing more and more ppl here panicking about figuring out which alternative to jump on. But AFAIK the danger is broader than the sole apps in themselves. No?
Dieser Beitrag wurde bearbeitet. (1 Woche her)
mountain
Delta Chat is FOSS and not centralized (unlike Signal), so users should be able to build the source for themselves even if governments lean on them to provide compromised binaries.

Signal is great but the threat model is different due to the centralized service. Would still be good to hear a plan from the Delta Chat team. I think the bigger risk for them is a government attempting to compel an individual dev into adding a bugdoor.
Dieser Beitrag wurde bearbeitet. (1 Woche her)
Delta Chat
developer infiltration is a concern and we have social practises around it. Likely dependency poisoning is a more immediate risk (a threat to all messengers and stacks!). Typically we know the maintainers, or are comaintainers ourselves, of our key rust dependencies. All critical paths have been security audited, including networking and TLS, @rpgp ... And we get scrutiny from many experts and researchers. There can still be bugdoors but therr are a lot of cats around :)
@rPGP
🤸‍♀️ Ada ⅗ 🤼‍♀️
Nice to read that! No answer about the client-side scanning tho?
@mntn @rpgp
@rPGP @mountain
mountain
It’s open source… any such change to the code would be immediately obvious
Delta Chat
We are of course opposed to client-side-scanning. Without a clear legal proposal on how they want to force developers to implement it, it's impossible to tell how to resist it. Let's see if it ever comes.
🤸‍♀️ Ada ⅗ 🤼‍♀️
Maybe you've heard about this shady Android System SafetyCore thing. It has full access to network and isn't part of the actual OS since it's only installed via the Play Store. So I guess it shouldn't be able to access encrypted communications.

But if Android ever comes up with an actual built-in, system-wide scanning feature, it would be another story. And maybe forked versions could get rid of it but that'd obviously compromise the privacy for most users and therefore affect trust in whatever encryption.
@mntn @rpgp
@rPGP @mountain
Delta Chat
there indeed is a valid concern that android itself gets compromised. We try to support degoogled phones and also non-android developments like @deltatouch and one can also just run delta on a desktop without any mobile, and move your client side profile data in the form of a tar file between all these devices. An ncurses terminal client also exists btw.
@deltatouch
Michel Sardon 🎸
simplex chat seems to use kotlin mp for having most code in common

/ping @simplex
@simplex