Back

@chiraag @tortie @sbb @waeiski @Mer__edith This is not "the elephant in the room" and neither is deltachat a reasonable alternative. The metadata that delta leaves is *significant* and can be tied to an individual. That's why it is crucial to use a "trusted" mail provider, because delta doesn't use any of the advancements in cryptography of the last decade.

The data traces Signal leaves on AWS is not personal data, the metadata is minimal and they make efforts to reduce it further. AWS is still a problem, but one of Availability (what if Bezos cancels his contract with them?).

Please do not compare them based on where they store the data, if the amount and kind of data stored is very different.

@ljrk @chiraag @tortie @waeiski @Mer__edith I wish that the #EU would clarify its stance regarding #Signal: *is the AWS hosting problematic for them or not*? Let's assume *not OK* for a minute.

As to a Signal alternative, I *wish* I could recommend #XMPP over #Deltachat today. *AFAIK*, in XMPP, #OMEMO does perfect forward secrecy/double-ratcheting - but alas, the #iOS and #MacOS clients aren't the greatest at present. That lack of all common OS' having feature parity (very reliable notifications, Reactions, etc.) makes me hesitate in recommending XMPP for *everyone* today (but it's great for geeks).

Whereas Deltachat at least has usability parity for features across each OS it supports (which I feel users would highly expect *first*, before demanding a more modern encryption). Yes, autocrypt has no perfect forward secrecy, etc. and other metadata-related criticisms. But Deltachat is simple enough to learn, *allows servers to realistically be used in the desired country*, and works on all the common platforms. It's a decent choice for *today*, as a well-rounded choice (where tradeoffs must be made somewhere). And once the XMPP clients get better (in MacOS/iOS), I'll recommend XMPP as a goto *then*.

@sbb @ljrk @chiraag @tortie @waeiski @Mer__edith Can somebody please explain, which "other metadata-related criticisms" is related to delta chat?

@ulfi @sbb @ljrk @chiraag @tortie @waeiski @Mer__edith

The core difficulty for most federated messaging systems is that there's a lot of information available without breaking encryption. XMPP and email (DeltaChat is built on the same core as email) have this problem. There are basically two cases:

• You're using the same mail server as a bunch of other people.
• You're using a self-hosted or otherwise small mail server.

In the second case, simply seeing a connection to that mail server gives a good indication of who someone is talking to. A passive adversary can monitor connections to that server and, even without breaking TLS, let alone the end-to-end encryption, can see who is talking to you.

In the first case, whoever operates the server (e.g. Google for gmail) can see the sender of every incoming message and the receiver of every outgoing message. Even if there's end-to-end encryption for the messages, they can build a connection graph.

If you want to use it for, say, organising a union, it doesn't actually matter what the message content is, the metadata is enough for retaliation.

For XMPP/email, a lot of the privacy guarantees are as strong as the least trustworthy server in a communication. If one person is using gmail in a group thread, Google will still be able to learn the identities of everyone in that chat. Again, this doesn't depend on breaking encryption and even if there is 100% secure end-to-end encryption, they can still learn a lot from the metadata. And, because of the federation, I have to trust my server and your server if we want to talk.

Signal has other problems, but avoids these. They've built the system so that they don't know this metadata. When you send a message with the sealed sender feature (on by default), you connect as an unauthenticated users and deliver a message to a mailbox. The receiver connects later and grabs the message and decrypts it. The server doesn't have an automatic way of determining the sender's identity (though they probably can if they correlate IPs - using Signal over TOR can mitigate this) and so can't build this graph of the people who are communicating.

For most attacks, the metadata is at least as interesting as the message content.

Signal isn't above criticism. I've written other complaints about them in the past. The reason I recommend Signal is that all of the problems I have with Signal can be fixed with incremental changes, whereas the problems with XMPP and COI can be fixed only by completely redesigning the protocol from the ground up in a way that would break all existing clients and servers.