GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    feld (feld@friedcheese.us)'s status on Saturday, 05-Apr-2025 03:47:25 JST feld feld
    • adb
    • Delta Chat
    @daco @delta @adbenitez I've wondered about this as well but I don't know how this can fit into the design.

    First, there's no way to deny it access to login to the SMTP/IMAP to send or fetch messages. A password change mechanism could be implemented but they'd still have your key which is more concerning.

    You can't really invalidate the key. You also can't change your key.

    The only thing I can think of is if the original device is the master and you provide a PGP subkey for other devices which is allowed to encrypt and sign messages. This would potentially allow you to revoke a key, but now you need to ensure that everyone is notified that the key for that devices was revoked. That never works well.

    Another thought is if the subkeys given to other devices has a short expiration and if they are never online at the same time as your primary device before the expiration they cannot get a new subkey and you have to re-link them to the primary. That could work and is probably the most viable solution, but it introduces a new problem with the subkey on that device not having the same fingerprint as your primary and user identities are moving to be based on the public key and not the email address

    When you don't have a centralized server being used as the arbiter of devices access to the network and ultimately all control of identities/devices it makes this problem much harder to deal with.

    I hope someone is clever enough to come up with a solution but ultimately you should be very conscious about which devices you put your DeltaChat accounts on and what your risk profile is.

    If you're worried about someone reading your messages, change the account settings on the device to delete all messages off the device in a short period of time.

    If you're worried about someone stealing your identity and forging messages, have a backup identity that you share with important contacts and if you lose the device immediately remove the old identity from all chats and inform your contacts that the old identity cannot be trusted.

    That would be my advice anyway
    In conversation about 5 days ago from friedcheese.us permalink

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.