Post ArrTCSAEMqV0bRcdnc by fabrice@fosstodon.org
(DIR) More posts by fabrice@fosstodon.org
(DIR) Post #ArrG7Rv6Y3iOzhpZKa by feld@friedcheese.us
2025-03-08T22:03:18.901774Z
6 likes, 8 repeats
I wrote a #DeltaChat blog post for technical users who are skeptical about how it worksEverything You Think You Know About DeltaChat Is Wronghttps://blog.feld.me/posts/2025/03/deltachat-is-actually-good-though/@delta
(DIR) Post #ArrGAAAqz48SpCUWCe by bajax@baj.ax
2025-03-08T22:03:49.145512Z
0 likes, 0 repeats
@feld @delta I don't think anything about deltachat
(DIR) Post #ArrGFKJQiX8NiSxszw by i@declin.eu
2025-03-08T22:05:48.229230Z
1 likes, 0 repeats
@feld too bad the zulip blog post never happened, not sure who would talk in it at this point either
(DIR) Post #ArrTCSAEMqV0bRcdnc by fabrice@fosstodon.org
2025-03-09T00:04:54Z
0 likes, 0 repeats
@feld @delta Good write up, thanks! One question: when 2 people are in a conversation, are there any persisted logs of the exchanges between the 2 random email addresses?
(DIR) Post #ArrTCTKu0ed6Epcg4W by delta@chaos.social
2025-03-09T00:28:36Z
0 likes, 1 repeats
@fabrice @feld #chatmail servers do not keep persistent logs, and only the end-devices have the readable messages of a conversation. Servers briefly see an end-to-end encrypted message but it gets removed after the app downloaded it.
(DIR) Post #Ars1Wae7wBEH8wNaoi by lain@lain.com
2025-03-09T06:55:37.144832Z
0 likes, 1 repeats
@feld @delta cc @kaia
(DIR) Post #Art6j1YSPaK70DR596 by lionel@toot.coupou.fr
2025-03-09T18:46:23Z
0 likes, 0 repeats
@feld @deltaHi and thanks for your blog post. I must say I was skeptical at first as I had already tried deltachat and I wasn't convinced. At the time I was under the impression that the main advantage of deltachat over other IM services was that there was no need for creating another account. I just used existing email accounts and then hit (as expected) the issues mentioned in your post among others.It's a shame because I think that was the one thing that could have made DeltaChat worth the try for non technical user.I can see myself use it, as a concerned, motivated "technically educated" user but it seems it's not mature enough for ordinary people, as I read some features are missing regarding user-friendliness and a lot of people in my contacts list would just dismiss it if it doesn't show the same level of features as what they're currently using.In the meantime the best middle ground I found was matrix with a select list of bridges but I'm not losing hope of finding some better alternative so I'll definitely keep an eye on DeltaChat.
(DIR) Post #Art6j34OmJT3hZO6ZU by delta@chaos.social
2025-03-09T19:27:31Z
0 likes, 1 repeats
@lionel @feld chatmail addresses are not like classic email accounts or any other regular platforms's accounts for that matter. A chatmail address by default keeps not data, and there is no registration data other than the password. It's really just about taking control.of an adress. This is why we rarely talk about "accounts" because everyone is used to this being a heavy bag of collected data and state.
(DIR) Post #Arv9naqHqMVPmXZ8D2 by feld@friedcheese.us
2025-03-10T19:08:40.155452Z
1 likes, 0 repeats
@alive> using the contact address for phishingIt would have to be PGP encrypted phishing messages, though. It's unlikely you'd be able to just send through some regular phishing style email like "your password has expired!!!" and get people to interact with it. You have good ideas about threat models though, join the team :)I think if you have a very high security requirement it would be reasonable to deploy a Chatmail server without federation and only accessible over a Wireguard tunnel or something like that.@delta
(DIR) Post #ArvA6J6M1mbsGI0LIm by feld@friedcheese.us
2025-03-10T19:14:39.962859Z
2 likes, 0 repeats
@alive DKIM and SPF could both be thrown away if all you cared about was PGP mails from other Chatmail servers, but being able to interoperate with Gmail, Yandex, etc is incredibly powerful as an alternative method to route the messages if a state is trying to restrict access to DeltaChat. A government isn't going to block these major providers as it would cause too many problems for themselves.@delta
(DIR) Post #ArvBNyNptaGFAlAXku by feld@friedcheese.us
2025-03-10T19:22:33.624733Z
0 likes, 0 repeats
@alive > "if the account is single device" is doing a lot of heavy lifting there. if that's required to get good security guarantees, that makes it significantly less useful than signal already.Signal Desktop stored all the messages unencrypted for 10 years so let's slow down on the default praise for their "multi device" implementation. It still has problems.> does chatmail require PFS on the TLS connection between the client and server? Chatmail requires TLS 1.3, no downgrade possible> personally i would call omitting PFS a very conservative design choice, but to each their own, i guess.Is there a documented account of a single person whose data was captured in transit and decrypted later once the key was acquired? This attack scenario is really more science fiction than reality.But on that note, PFS research for PGP is ongoing. Here's one PoC: https://gitlab.com/sequoia-pgp/openpgp-dr@delta
(DIR) Post #ArvBNzRPxkiiS9quye by feld@friedcheese.us
2025-03-10T19:28:45.751190Z
1 likes, 1 repeats
@alive another point worth making is that today DeltaChat is being successfully used for secure communications in localities where Signal has been completely blocked.@delta
(DIR) Post #Au3dZmJd2hUjCHNtCa by adiz@mtl.jinxian.casa
2025-05-13T17:07:57.982608Z
0 likes, 0 repeats
@feld Read it. Comprehend it. Still don't like DeltaChat and still thinks it's kinda bunk (albeit novel).
(DIR) Post #Au3daZ2dse1QJmoW1o by gvs@rebelbase.site
2025-05-13T09:13:29.871732Z
0 likes, 1 repeats
Quickly read it but regardless of common misconceptions about deltachat, I cannot see a single advantage of it over SimpleX (my current top pick) or XMPP, and probably also KeyChat or Whitenoise on #nostr)
(DIR) Post #Au3dkSxZLanALrA8Mi by feld@friedcheese.us
2025-05-13T17:06:53.352719Z
0 likes, 0 repeats
@gvs @delta Simplex has two options for routing messages: the centralized SMP servers, and a 2-hop onion/Tor-like private message routing using forwarding nodes. Both of these are easily blocked if you want to shutdown access to Simplex for users.XMPP: easy to blockAnything using Nostr: easy to blockShutting down all email services in your jurisdiction: much harder to accomplish
(DIR) Post #Au3dkTluKR3eryiKpM by adiz@mtl.jinxian.casa
2025-05-13T17:09:55.407734Z
0 likes, 0 repeats
@feld This is basically the only argument I keep seeing for DeltaChat. "But it's difficult to block because it's SMTP and that wouldn't be reasonable to block all email!". Which, could be true. But, it's also an unrealistic and exceedingly feeble argument for an otherwise wholly inferior architecture. @gvs
(DIR) Post #Au3driXvnNfMied0sa by feld@friedcheese.us
2025-05-13T17:08:57.019357Z
0 likes, 0 repeats
@adiz have you actually tried it yet, though? It cost you nothing but a minute of your time. No need to provide any identifying information to make an account, and the account will be auto-deleted if it's idle for too long.click the link in my bio to message me. I'll show you some cool stuff that no other messenger has.
(DIR) Post #Au3drjdziK6u7kTMy8 by adiz@mtl.jinxian.casa
2025-05-13T17:11:13.454380Z
0 likes, 0 repeats
@feld>have you actually tried it yet, thoughYes, I have. And, it worked. But, it sucked. And I don't want to go through the lengths to make it not suck (like a dedicated address for it + a Chatmail deployment) when I already run an XMPP service which does everything DeltaChat does but better + more.
(DIR) Post #Au3erZvxuqa5xkMrGy by pwm@darkdork.dev
2025-05-13T17:22:25.572189Z
2 likes, 0 repeats
@adiz @feld this statement is technically inaccurate. Xmpp and Delta chat have the same federated model, so architecturally they are equivalent. However, a key pain point for me for xmpp is that media attachment is out of band with regards to the protocol, occurring over http. It has all the same privacy concerns that media uploaded to the fediverse does. As media sent over Delta chat occurs in band (email attachment) and is end-to-end encrypted, it is strictly better from a privacy perspective.However, from a normalfag perspective, interface remains the chief detriment of using xmpp over other solutions. The xmpp ecosystem has been waiting for "someone else" to make a good, functional, attractive client forever. It is not a good argument to say that all it needs is a client that has not been developed in 20 plus years. One client that is a functional clone of something that normalfags are used to like telegram or Whatsapp, is an enormous selling point for people not concerned with, or unable to understand arguments for privacy.I like xmpp. I like Delta chat. But there will be no one true instant messaging solution until a plurality of users exist that brings it to dominate the market. Currently, those are all proprietary networks tied to services like Facebook or well, mostly Facebook I guess.
(DIR) Post #Au3fAJ0N56x2xcMGpM by feld@friedcheese.us
2025-05-13T17:25:00.991468Z
2 likes, 0 repeats
@pwm @adiz > The xmpp ecosystem has been waiting for "someone else" to make a good, functional, attractive client forever.they did. It's called iMessage and Whatsapp 😂The open source community is never going to fill this gap. I'd like to be proven wrong, but I've been waiting for 20 years now...
(DIR) Post #Au3gjRef0tLVsRWTgm by jae@darkdork.dev
2025-05-13T17:43:22.715212Z
1 likes, 0 repeats
@feld @pwm @adiz The open source community is never going to fill this gap. I'd like to be proven wrong, but I've been waiting for 20 years now...waiting just as long. hasn't happened. the desktop ui for deltachat feels wonky and i'm slowly moving away from handset although arcanechat for 'droid is pretty okay. what i like about deltachat is i already have a mail system which i use for.. mail. i can still keep encrypted mail separate from delta(openpgp) encrypted messages and it just works. i've handed deltachat to people in this thread, elsewhere on fedi, at the local coffee haus, and to the chick i'm dating who's not technical. so far so good.i was always an enthusiast of xmpp, but damned if i can't get anyone to talk on it regularly so i use it for a transport bridge for fun, nothing serious.
(DIR) Post #Au3h9PEQe2zrtJdGKG by feld@friedcheese.us
2025-05-13T17:47:52.327809Z
0 likes, 0 repeats
@jae @pwm @adiz The desktop app is being rewritten from Electron to Tauri, fwiw
(DIR) Post #Au3hDaBXrVaF1NH7I0 by jae@darkdork.dev
2025-05-13T17:48:49.179849Z
0 likes, 0 repeats
@feld @pwm @adiz looking forward to it! i'm spiking out golang tui client at the moment. also experimenting with the bots to kick off infra tasking.
(DIR) Post #Au3hnrWYsDi9DpP9mq by adiz@mtl.jinxian.casa
2025-05-13T17:55:19.401728Z
1 likes, 0 repeats
@pwm Everyone talks about XMPP and bad clients, but I just don't have this experience. There are multiple clients available and they all work well for me. 🤷It's kinda a moot point when Delta Chat has just the one client.I can concede media being facilitated by HTTP in XMPP vs. within the protocol itself. Still more performant and capable than trying to do file transfer over SMTP. @feld
(DIR) Post #Au3ia0NvEVR2bRJuF6 by m0xEE@nosh0b10.m0xee.net
2025-05-13T18:02:59Z
0 likes, 0 repeats
@pwm@darkdork.dev @feld@friedcheese.us @adiz@mtl.jinxian.casamedia attachment is out of band with regards to the protocol, occurring over httpDoes it not send some sort of key over XMPP when you are sending a file to an OMEMO chat, making the data transmitted over HTTP useless without it? I never looked into it myself, but attachments sent without OMEMO look like normal links you can access from a web browser, those sent with OMEMO encryption have aesgcm:// schema.
(DIR) Post #Au3ikArT8VP9zVzOlM by feld@friedcheese.us
2025-05-13T18:02:18.380500Z
0 likes, 0 repeats
@adiz @pwm Just one client?DeltaTouch for Ubuntu TouchArcaneChat for AndroidArcaneChat TUIDeltaChat on KaiOS (feature / flip phone)kdeltachat for the KDE folks (stale at the moment though)
(DIR) Post #Au3ikCB0FMcm4O8Vqi by adiz@mtl.jinxian.casa
2025-05-13T18:05:51.769339Z
0 likes, 0 repeats
@feld Ah, I've only seen the DeltaChat app and I had sought out other alternate clients at the time as well.>Ubuntu Touch🤣🤣🤣@pwm
(DIR) Post #Au3j2XCOpAKKTyXBNg by adiz@mtl.jinxian.casa
2025-05-13T18:09:13.858650Z
0 likes, 0 repeats
@m0xEE Yeah, media/files sent over HTTP with OMEMO are aesgcm://. @pwm @feld
(DIR) Post #Au3jMgTc2XEJ33C47E by jae@darkdork.dev
2025-05-13T18:12:52.732537Z
0 likes, 0 repeats
@feld @adiz @pwm it looks like the latest non-electron is https://github.com/dignifiedquire/dreamer which hasn't had much velocity lately. we'll have to see how it goes.
(DIR) Post #Au3jPfDjAPRm1MBUXY by feld@friedcheese.us
2025-05-13T18:08:29.529002Z
0 likes, 0 repeats
@adiz @pwm it's pretty easy for you to build a client on any platform if you want. You get to skip all the annoying parts of reinventing the SMTP/IMAP/PGP and Iroh functionality. In fact it would be stupid to reinvent it because the core has been audited multiple times.So you just wrap the core DeltaChat JSON-RPC server (written in Rust) and treat it like an API service, and you're done.
(DIR) Post #Au3jPg1MBt96VHP7tg by adiz@mtl.jinxian.casa
2025-05-13T18:13:21.572099Z
0 likes, 0 repeats
@feld Everything we're talking about (XMPP, SMTP, IMAP, etc.) are pre-existing and well established protocols that are neither new nor need reinventing. @pwm
(DIR) Post #Au3jYubdKi2ILQmAr2 by feld@friedcheese.us
2025-05-13T18:05:08.903726Z
0 likes, 0 repeats
@adiz @pwm > Everyone talks about XMPP and bad clients, but I just don't have this experience.If you lock yourself in a box where only Android and Linux desktops exist, sure, there's an *okay* XMPP experience available. Conversations on Android is like the only good client available.But the experience is still terrible on Windows, Mac, and iPhones
(DIR) Post #Au3jYvfvMF3vf1n7BI by adiz@mtl.jinxian.casa
2025-05-13T18:15:02.927664Z
0 likes, 0 repeats
@feld>But the experience is still terrible on Windows, Mac, and iPhonesI cannot speak for iPhone or iOS. But, I use XMPP on Windows fine; very similar experience to on Linux. I know there are parallel clients available on Mac, but I haven't used them personally. I use Conversations on Android (it's great!) and have tried a few clients on Linux, all of which I really had no complaints about. @pwm
(DIR) Post #Au3jhFvhw4HmnP90QC by m0xEE@nosh0b10.m0xee.net
2025-05-13T18:16:14Z
0 likes, 0 repeats
@adiz@mtl.jinxian.casaI'm just not that knowledgeable about XMPP and not sure what that means 🤪Does this mean that the URL is encrypted or that the file has to be downloaded and then decrypted with a key sent over XMPP?@pwm@darkdork.dev @feld@friedcheese.us
(DIR) Post #Au3k1SCK27UadUXx8i by adiz@mtl.jinxian.casa
2025-05-13T18:20:13.374863Z
1 likes, 0 repeats
@m0xEE You decrypt it locally with a key shared with the file. The file on the server is not secure by itself; It can be downloaded by anyone who knows the URL. ---However, the file is encrypted, and only someone with the key (sent via OMEMO-encrypted XMPP message) can decrypt it. @pwm @feld
(DIR) Post #Au3kN6Y1CyExrP1EH2 by m0xEE@nosh0b10.m0xee.net
2025-05-13T18:17:47Z
0 likes, 0 repeats
@adiz@mtl.jinxian.casa @pwm@darkdork.dev @feld@friedcheese.usAh, I think I've found it: https://xmpp.org/extensions/xep-0448.htmlYeah, the key seems to be sent over XMPP separately, making HTTP traffic useless even if intercepted. Good enough!
(DIR) Post #Au3lMTiXg6WTNuCrRY by feld@friedcheese.us
2025-05-13T18:27:32.204812Z
1 likes, 0 repeats
@m0xEE @adiz @pwm that's similar to how Signal does it as well, and I think iMessage(?). Probably Whatsapp for groups too. Makes most sense anyway.Fun part is that if the web hosting is not owned by the chat app team it has a potential for metadata leaks. Signal groups use CloudFlare, so you can just ask CloudFlare for the logs of who downloaded a file from their CDN and you get the IPs of all members of a Signal group. So you better hope that nobody has infiltrated your top secret anonymous anarchist chat group and shared a file because there's a way to unmask the members
(DIR) Post #Au3lMUhs05ZyS6tq2C by adiz@mtl.jinxian.casa
2025-05-13T18:35:13.590015Z
1 likes, 0 repeats
@feld There are ways to unmask IPs, anyway. If the concern is about deanonymization or infiltration or loss of encryption then honestly the most likely threat in any system is a mole, not people pulling server logs from service providers or man-in-the-middle attacks, etc.. And, there is virtually no way to program or digitally defend yourself out of infiltration if you're running a group or organization. 🤷Luckily, we run our own websites and XMPP server, etc.. @pwm @m0xEE
(DIR) Post #Au3lT1llzCLSjUqAqW by feld@friedcheese.us
2025-05-13T18:15:55.128497Z
0 likes, 0 repeats
@jae @pwm @adiz the tauri branch can be found here. I've never tested it, know nothing about it right now really https://github.com/deltachat/deltachat-desktop/tree/simon/tauri-flatpak
(DIR) Post #Au3lk94w436KKAxxWC by adiz@mtl.jinxian.casa
2025-05-13T18:39:30.004665Z
0 likes, 0 repeats
@feld (You could have the best, more secure, most anonymous, most decentralized, zero access, log-less, bla bla bla app or protocol to run your illicit or nefarious agendas over and it means almost nothing if you're communicating with someone who is an agent of the state or an informant.) @pwm @m0xEE
(DIR) Post #Au3lkOLnHeUzgny8NU by jae@darkdork.dev
2025-05-13T18:39:34.354146Z
1 likes, 0 repeats
@feld @pwm @adiz thanks, i overlooked it. for now i'll keep on what is working. i'm starting to migrate fully to bsd for my desktop system, so that should also be a good time.
(DIR) Post #Au3mMoJLDBsbCz8oG8 by feld@friedcheese.us
2025-05-13T18:43:14.610121Z
1 likes, 0 repeats
@jae @pwm @adiz I haven't run a BSD desktop in over 10 years but I'm itching to go back
(DIR) Post #Au3mRr76Df4BLeox8K by jae@darkdork.dev
2025-05-13T18:47:25.819797Z
1 likes, 0 repeats
@feld @pwm @adiz been splitting my time between bsd/alpine servers and alpine desktop. trying to revisit my youth when bsd was originally released. it's definitely not for everyone (i think)
(DIR) Post #Au3mUFZaFbn3mrHn4y by feld@friedcheese.us
2025-05-13T18:44:55.069141Z
0 likes, 0 repeats
@adiz @pwm @m0xEE correct, you need to be able to trust all members for any security to work
(DIR) Post #Au3mUGK1SwwA6t0sSm by m0xEE@nosh0b10.m0xee.net
2025-05-13T18:47:30Z
0 likes, 0 repeats
@feld@friedcheese.us @pwm@darkdork.dev @adiz@mtl.jinxian.casaSo… careful screening? Spreading different pieces of information across different groups and watching what leaks? Taking their families hostages? 😈
(DIR) Post #Au3nYuDVBCsoxDk0xs by phnt@pl.borked.technology
2025-05-13T18:59:53.838850Z
1 likes, 0 repeats
@adiz @pwm @feld @m0xEE Not all clients support that though. Psi+ still has that broken I think.
(DIR) Post #Au3npH3g1V7SQfx04G by adiz@mtl.jinxian.casa
2025-05-13T19:02:50.061657Z
0 likes, 0 repeats
@phnt Psi+ appears to support OMEMO encryption. I've never used it, so I don't know how it's broken. Could be broken! But, I have no clue. @pwm @m0xEE @feld
(DIR) Post #Au3odqs595CVyqe1Ng by phnt@pl.borked.technology
2025-05-13T19:11:59.798398Z
0 likes, 0 repeats
@adiz @pwm @feld @m0xEE OMEMO encryption works, OMEMO attachment encryption does not. XEP-0448 should but I did not test it. I have exactly one contact on XMPP and barely check it anyway.https://github.com/psi-im/psi/issues/624
(DIR) Post #Au3ovhH9YoQBQssf0i by adiz@mtl.jinxian.casa
2025-05-13T19:15:12.849650Z
0 likes, 0 repeats
@phnt Sounds like that client isn't really being developed on anymore, I guess? @pwm @m0xEE @feld
(DIR) Post #Au3pDhSlbQopE4th3I by feld@friedcheese.us
2025-05-13T19:03:21.667703Z
1 likes, 0 repeats
@adiz @pwm @m0xEE @phnt the XMPP ecosystem sounds so healthy :laugh:
(DIR) Post #Au4tL41ihgCcCxyOmm by gvs@rebelbase.site
2025-05-14T07:10:44.515351Z
0 likes, 0 repeats
It's feeble because Simplex now defaults to port 443, which is also difficult to block as a whole. What ends up happening is that known service providers will get blocked and deltachat has 0 advantage again.
(DIR) Post #Au4tL4sXXISAqmga7E by adiz@mtl.jinxian.casa
2025-05-14T07:39:17.188538Z
0 likes, 0 repeats
@gvs>Situation: There are 14 competing instant messenger implementations.>I4?! Ridiculous! We need to develop one universal standard that uses something everyone is familiar with! We can turn email into an instant messenger!>> Situation: There are 15 competing instant messenger implementations.@feld
(DIR) Post #Au5pWUK74Hm0ICjDFI by feld@friedcheese.us
2025-05-14T14:38:50.880998Z
0 likes, 0 repeats
@gvs @adiz "known service providers" -- every email server is a DeltaChat service provider.Do you think Russia is going to shutdown Yandex to stop people from using DeltaChat on it and cripple their own country's ability to use the internet?The most they can do is demand all email servers in their jurisdiction block all encrypted emails, period, which requires custom technical solutions for each provider and will have severe consequences as well. Encrypted emails are not as uncommon as people think.If I work in the government and want to be a whistleblower I could literally use my government email account with DeltaChat. Maybe they'll eventually detect that I'm using it, but they'll never be able to decrypt those messages.
(DIR) Post #Au5pWVRatxLrlhEhXs by gvs@rebelbase.site
2025-05-14T15:32:52.388165Z
0 likes, 0 repeats
They can be, but they keep and leak metadata. In some places, e-mail logs have to be stored for 2 years. So using your government e-mail account to use deltachat still reveals who you are talking too.Neither does that argument negate that SimpleX now defaults to https traffic, which you think would be more likely to be wholesale banned then mail?
(DIR) Post #Au5pWWnxqGq7zMi53I by feld@friedcheese.us
2025-05-14T18:07:07.173244Z
0 likes, 0 repeats
@gvs @adiz What metadata are you concerned about?Are you aware that you can encrypt nearly all the MIME headers? To, From, Date, Subject, etc?
(DIR) Post #Au5pWXsFrnrlIxj1NY by adiz@mtl.jinxian.casa
2025-05-14T18:31:11.136319Z
0 likes, 0 repeats
@feld Nothing is going to convince me that DeltaChat (quirky email, basically) isn't a solution looking for a problem that doesn't perform as well, nor is as capable as, pre-existing, long-matured, well-established, purpose-built alternatives. @gvs
(DIR) Post #Au5qS7yOKA0Rlo3KaG by feld@friedcheese.us
2025-05-14T18:36:13.196692Z
1 likes, 0 repeats
@adiz @gvs the purpose-built alternatives are failing in the field, but DeltaChat is succeeding. What other evidence do you need?
(DIR) Post #Au5qtELAl4SJKxdFKq by feld@friedcheese.us
2025-05-14T18:45:31.042617Z
1 likes, 0 repeats
@gvs @adiz Turns out Simplex using port 443 doesn't make it "difficult to block", because Russia has done it. Not just blocking the known public servers. They have DPI working that detects and blocks Simplexhttps://github.com/simplex-chat/simplex-chat/issues/4933
(DIR) Post #Au5rDHF7g1BY89MSye by adiz@mtl.jinxian.casa
2025-05-14T18:50:13.206026Z
0 likes, 0 repeats
@feld I don't know anyone outside of some niche Fedi circles who uses or knows what DeltaChat is. Meanwhile I am apart of and familiar to many thriving, populous XMPP, Matrix, and even IRC communities. I don't see any failure "in the field". 🤷 @gvs
(DIR) Post #Au5rqA4sFcYrCY6pEW by feld@friedcheese.us
2025-05-14T18:51:11.502892Z
0 likes, 0 repeats
@adiz @gvs are you communicating with people in Russia, Iran, China, Cuba, etc?
(DIR) Post #Au5rqB86L6jkSqcuu0 by adiz@mtl.jinxian.casa
2025-05-14T18:57:14.438159Z
0 likes, 0 repeats
@feld Russia and China, yes. Occasionally an Iranian who pops in every few months to say "hi". We don't know anyone who is Cuban. @gvs
(DIR) Post #Au5sDLkN1yaw3NZkv2 by jae@darkdork.dev
2025-05-14T19:01:27.490826Z
0 likes, 0 repeats
@adiz @feld @gvs > I don't know anyone outside of some niche Fedi circles who uses or knows what DeltaChat ismaybe because you just hang out on fedi all the time? > Meanwhile I am apart of and familiar to many thriving, populous XMPP, Matrix, and even IRC communities.deltachat is just an alternative. if you don't like it or don't want to use it, all good. personally i've found it a plus in my life, and the only use-case for signal now is a couple of clients i've not talked to in a year.
(DIR) Post #Au5t1TLL3vI65lleOu by feld@friedcheese.us
2025-05-14T18:58:54.319303Z
0 likes, 0 repeats
@adiz @gvs Russia or China over IRC is not interesting.What E2EE are they using successfully?Matrix and XMPP? Are they using it directly or are they being forced to use a VPN/Tor to try to connect?
(DIR) Post #Au5t1UODAjBPKy7SW8 by adiz@mtl.jinxian.casa
2025-05-14T19:10:28.501207Z
0 likes, 0 repeats
@feld>Are they using it directly or are they being forced to use a VPN/Tor to try to connect?Directly. Quite straightforward. We've had zero issues. @gvs
(DIR) Post #Au5uhEtpFoFlPcNWmO by feld@friedcheese.us
2025-05-14T19:21:19.825429Z
0 likes, 0 repeats
@adiz which protocol? This wasn't clear. DM me the domains if you wouldn't mind
(DIR) Post #Au5uhFKlddnulAz2m0 by adiz@mtl.jinxian.casa
2025-05-14T19:29:14.698367Z
0 likes, 0 repeats
@feld Matrix and XMPP, specifically. Mostly Matrix, as this has the largest activity between the two in the circles I'm in.
(DIR) Post #Au6A4o16LxjkIdTdfk by gvs@rebelbase.site
2025-05-14T20:18:36.735303Z
0 likes, 0 repeats
@feldMail from and RCPT to cannot be encrypted. So all involved mailservers have a record who sends to who, when and size. In some places, those logs have to be kept years.@adiz
(DIR) Post #Au6A4oMN4skbMbQcpE by feld@friedcheese.us
2025-05-14T20:30:13.019064Z
0 likes, 0 repeats
@gvs @adiz MAIL FROM can always be noreply@RCPT TO is of no consequence as the DeltaChat accounts which are on Chatmail servers are random/anonymous, and they'll even be ephemeral soon.
(DIR) Post #Au6A4ovox56h8Y0w52 by gvs@rebelbase.site
2025-05-14T20:36:43.539435Z
0 likes, 0 repeats
@feldWith a valid domain, with an IP logged unless on VPN/tor which works for SimpleX as well.You stated that any SMTP can be used for deltachat, so non chatmail servers have to be taken into account as well@adiz
(DIR) Post #Au6A4pXOhNAH15aweO by adiz@mtl.jinxian.casa
2025-05-14T22:21:30.820877Z
0 likes, 0 repeats
@gvs>You stated that any SMTP can be used for deltachat, so non chatmail servers have to be taken into account as wellAnd this continues to be the cruc of my argument. Everyone shilling DeltaChat does so with the disingenuous argument that "you can just use your existing email!"---which isn't really honest. There are major providers where it doesn't work. Assuming that does work, the recommended "best practice" is to have a separate email address entirely to use with DeltaChat vs. your primary, normal email address. And then, thereafter, to address all the performance issues associated with [*squints*]……trying to use email as an instant messenger platform……, and to utilize all the marketed features supposedly available immediately out of the box, the recommendations and solutions are to spin up, or have an account on, a specialized email stack.By the time you do all of this one could otherwise be using an instant messaging protocol made for instant messaging.Ultimately, the "sales pitch" is, dare I say, intentionally dishonest. @feld
(DIR) Post #Au6B62aPllBBjK9Bwm by feld@friedcheese.us
2025-05-14T22:26:25.488261Z
0 likes, 0 repeats
@adiz @gvs best practice is to use a separate address, preferably a Chatmail server if possible.But if you can't because you exist in an environment with extreme limitations, use your normal email.That's it. That's the whole sales pitch. You lose some anonymity and only a little extra metadata is exposed, but still nobody can MITM your messages. Your conversations are still secure, plus you gain a TON of functionality.Oh, now you want to do realtime collaborative editing of a document? Add the WebXDC app to your chat, and boom E2EE P2P connection established and realtime group text editing activated between all members. No need to use a third party service that may not even be accessible to some people in the chat.
(DIR) Post #Au6B63RwYjzuPLBwNk by adiz@mtl.jinxian.casa
2025-05-14T22:32:59.678471Z
0 likes, 0 repeats
@feld Are all the features advertised functional out of the box on deployment of a ChatMail server? And, is it easy to manage/maintain a ChatMail server (e.g., Prosody XMPP almost literally "just works" and doesn't break with updates)? Genuine question. I am willing to go through the lengths of setting up a ChatMail server if it's so straightforward. @gvs
(DIR) Post #Au6DsWjNCCX71uaLbs by feld@friedcheese.us
2025-05-14T22:39:47.754698Z
0 likes, 0 repeats
@adiz the default deployment is with a tool called "cmdeploy" that is Ansible-ish python which SSHes to the server and does everything, installs the configs from templates, does Acme HTTP-01, etc.I do not like this because I don't want HTTP-01, I want DNS-01 especially as my original tests were behind NAT and the tooling has some test for connectivity built in and wasn't detecting the public IP properly so that annoyed me.Updating is as simple as a git pull on the repo and running the same deploy command again.HOWEVER, as I said I do not like this method so I maintain a separate implementation using a Chef cookbook that does not rely on a Chef server.I have a video showing the entire deploy process to a fresh Debian VM. It's very fast and simple to do.Video (only 2 mins long):https://video.infosec.exchange/w/o9byiaYKCJ8CTgzDLBRdzUMy cookbook repo:https://github.com/feld/chatmail-cookbookThe official chatmail deploy tool:https://github.com/chatmail/relay
(DIR) Post #Au6DsXQGciqPAwebT6 by adiz@mtl.jinxian.casa
2025-05-14T23:04:10.217880Z
0 likes, 0 repeats
@feld I'll bookmark this. I just read through the GitHub page. A lot more stuff than I figured ahead of time.By comparison, on Debian, to get Prosody (XMPP) working you:sudo apt updatesudo apt install prosody -y>setup DNS records>open the ports>modify the Prosody config>pull certificates>import certificatessudo prosodyctl check configIf everything looks good:sudo systemctl enable prosody.service && sudo systemctl restart prosody.serviceDone! You're online. Start issuing/registering accounts and to chat with people! It's that easy. Extremely straightforward. Prosody has an update? apt takes care of that with sudo apt update && sudo apt upgrade -y, just as it does with every other ordinary binary package. I have some transports and bridges setup that ship as Docker containers. Equally as straightforward and painless to get setup and running.When I upgrade from Debian 12 to Debian 13, guess what? Everything is just going to work. If I have to move my service to a new machine I just copy the Prosody directory contents over and import the PostgreSQL database. So simple. So straightforward. So easy to manage. I like that.
(DIR) Post #Au6HG3blQOTHWHwCqu by feld@friedcheese.us
2025-05-14T23:15:31.872085Z
0 likes, 0 repeats
@adiz someone is working on porting all the Chatmail functionality to Mox so it's just literally a single binary deployment
(DIR) Post #Au6HG4Fp1SVvWWgCI4 by adiz@mtl.jinxian.casa
2025-05-14T23:42:01.346331Z
0 likes, 0 repeats
@feld Well, maybe when that day comes and it's equally as painless to get up and running I'll try it out.
(DIR) Post #Au6HwEJ42SIgrYIhG4 by feld@friedcheese.us
2025-05-14T23:43:48.729498Z
0 likes, 0 repeats
@adiz the good news is that by then it doesn't matter, there won't be much of a purpose of self-hosting because your client will automatically learn of all the available Chatmail servers and self-register ephemeral email accounts and jump between them completely transparent to the user.At that point deploying Chatmail relays is just strengthening the overall network
(DIR) Post #Au6HwFWvUOz0epnHVI by adiz@mtl.jinxian.casa
2025-05-14T23:49:39.574255Z
0 likes, 0 repeats
@feld>At that point deploying Chatmail relays is just strengthening the overall networkIf it becomes that easy (i.e., as easy as setting up an XMPP service, e.g.: Prosody) then I'd deploy and maintain a CharMail server solely to strengthen the network even if I don't utilize the service itself.
(DIR) Post #Au6J0YOvMyGaIUfRHU by feld@friedcheese.us
2025-05-14T23:51:09.812731Z
0 likes, 0 repeats
@adiz tbh I found Prodody to be a pain in the ass to setup, I never even got attachments/HTTP working right after hoursMongooseIM/eJabberd was easier, but it still sucks IMO
(DIR) Post #Au6J0Z9iYzhGdcYoDY by adiz@mtl.jinxian.casa
2025-05-15T00:01:39.797657Z
0 likes, 0 repeats
@feld Had some trouble with eJabberd. Prosody literally "just worked". Super easy to setup and get going. Really easy configuration and component management. And verbose support for many virtual hosts.