@VeroniqueB99 Delta Chat is based on email which leaks metadata like a sieve.

I would not use it for any kind of activivism. You're one warrant away from having your entire social graph mapped out.

The contents might be end to end encrypted but who you're talking to isn't and all those people are susceptible to rubber hose decryption.

@k3fnb just because #DeltaChat uses the email protocol you are making some wrong assumptions that only apply to classic email, sure if you go doing activism using #gmail that is not safe, but to use Delta Chat, you don't need to provide ANY personal data / metadata and hence can't leak metadata, you can create an anonymous account for a protest and throw it away afterwards, if cops get your phone they get random contacts not phone numbers unlike in #Signal etc.

@SrRochardBunson @VeroniqueB99

to make the point clearer, here's an example of a real E2EE message that federated between two Chatmail servers

Which metadata here is sensitive? Not the subject, it's faked as "[ ... ]". The real subject for the chat/group is included in the encrypted body along with all the other chat functionality.

There are no names. There are no client IP addresses. Every header except the ones needed for verifying the signature/authenticity or for the email to actually be processed properly (MIME-Version, Content-Type, etc) have been scrubbed.

DeltaChat turns email servers into dumb routers of encrypted data packets.

Consider how HTTPS / port 443 have been repurposed to do many many things other than transmit HTML. This is what DeltaChat is doing to email.

"but the email addresses are still exposed"

I can change my email address to another random one in the client -- even to a different chatmail server -- and all my chats will keep working. As soon as you send a message to your peers they will update to your new identity. This is a feature called AEAP -- Automatic Email Address Porting and hopefully soon we'll see a mechanism implemented that automatically enables forwarding of your old address to your new address (to not lose messages from people who don't know about your new identity yet), and then #DeltaChat can enable functionality to automatically rotate you through new anonynmous identities transparently.

delta.chat/en/2022-09-14-aeap

Delta Chat: Introducing Automatic E-mail Address Porting (AEAP)

The Delta Chat 1.32 releases introduced e-mail porting mechanisms (AEAP). They enable for e-mail what number porting does for mobile phone communications, i.e. to more easily change between communi...

^delta.chat

@feld another point people miss: unlike on #Signal, #WhatsApp, #Telegram, etc where there is a central server watching all the social graphs of the whole network, in #DeltaChat and other decentralized platforms like #XMPP what a server can see is pretty limited and fragmented, We started talking about activists btw, and having the freedom to choose a server instead a central server potentially collaborating with your enemy is a killer feature

@k3fnb @VeroniqueB99 @SrRochardBunson

@feld @Avitus @VeroniqueB99 @adbenitez
Looking at the server side code, Signal stores the phone number with the account id.

So if the cops were able to decrypt my phone app's database, enumerate all the account ids in my Signal's contacts/messages, they could submit a warrent to Signal a gain access to all the phone numbers associated with those account ids.

The phone number has been my biggest complaint about Signal.

github.com/signalapp/Signal-Se…

Signal-Server/service/src/main/java/org/whispersystems/textsecuregcm/storage/Accounts.java at 09b50383d77b8b8ec56ab1b74b022db8019cfec6 · signalapp/Signal-Server

Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS - signalapp/Signal-Server

^GitHub