If you could effortlessly onboard your radical peers to any e2ee communication platform, which would you choose?
Conversation
Notices
-
Embed this notice
desirable_dialogue (desirable_dialogue@ni.hil.ist)'s status on Thursday, 15-May-2025 08:47:33 JST 
desirable_dialogue
-
Embed this notice
feld (feld@friedcheese.us)'s status on Thursday, 15-May-2025 08:47:19 JST 
feld
@treefit @desirable_dialogue @uhuru @dino @kaidan
> #DeltaChat has no forward secrecy.
True, but forward secrecy is only useful if you use disappearing messages. Because if your messages don't disappear, they'll just read the chat history right off your confiscated device.
There is a PFS implementation that has been sketched out and seems solid, but hasn't been tested yet.
> And depended on SHA-1 and using MD5.
DeltaChat uses the same ed25519-dalek Rust crate as Signal and relies on AES-128 for the session keys. When the PQC standard is finalized this summer it will roll out PQC crypto and bump to AES-256. The hash is SHA256.
You could just read the source code instead of making things up or regurgitating PGP information from the late 1990s.
https://github.com/chatmail/core/blob/47b9bfc8bf807ad099d2211a59d6ba80290b0c95/src/pgp.rs#L28-L31 -
Embed this notice
treefit (treefit@fosstodon.org)'s status on Thursday, 15-May-2025 08:47:20 JST 
treefit
@desirable_dialogue @uhuru @dino @kaidan @briar
> And depended on SHA-1 and using MD5.
what's your source on that?
-
Embed this notice
desirable_dialogue (desirable_dialogue@ni.hil.ist)'s status on Thursday, 15-May-2025 08:47:21 JST
desirable_dialogue
@uhuru
#DeltaChat has no forward secrecy.
And depended on SHA-1 and using MD5.
Both are considered weak cryptography if I'm not mistaken.
While I believe deltachat to be a great app with good use case, it's not what I'm looking for.#xmpp ecosystem is?/was! pretty bad in serving proper e2ee cross platform implementation.
Till recently there was only conversations as a usable app. Since some weeks ago it seems that @dino now also offers e2ee by default. But also both conversations and Dino using an outdated omemo specification, and are by that not compatible with @kaidan.
I will reconsider xmpp when they adapt the newer specification.@briar not mentioned, but also no, cause it's not working on #TailsOS or on android with Orbot.
So very much unusable, since it's not running on the platforms we use.#simplex, no, I don't like nor trust the dev.
#cwtch, yes, maybe
-
Embed this notice
uhuru (uhuru@snac.el-hoyo.net)'s status on Thursday, 15-May-2025 08:47:32 JST 
uhuru
#DeltaChat
decentralized, e2ee + can be used with any radical email provider.
#XMPP as 2nd option.
a more difficult (not effortlessly) 3rd option , #CWTCH -
Embed this notice
adb (adbenitez@mastodon.social)'s status on Thursday, 15-May-2025 08:49:46 JST 
adb
@desirable_dialogue #DeltaChat
see for example: https://autonomous.zone/@jowek/114499890311377970
feld likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Thursday, 15-May-2025 12:25:47 JST
feld
@desirable_dialogue how are they introducing themselves as a new client without getting access to my private key? -
Embed this notice
desirable_dialogue (desirable_dialogue@ni.hil.ist)'s status on Thursday, 15-May-2025 12:25:49 JST
desirable_dialogue
@feld
> True, but forward secrecy is only useful if you use disappearing messages.There's more to it. For example it also protects against an adversary that gained access remotely by introducing themselves as a new client of yours or your peers.
-
Embed this notice
All GNU social JP content and data are available under the