[HN Gopher] Delta Chat - decentralized chat via email
___________________________________________________________________
Delta Chat - decentralized chat via email
Author : buster
Score : 112 points
Date : 2021-01-24 17:09 UTC (5 hours ago)
(HTM) web link (delta.chat)
(TXT) w3m dump (delta.chat)
| polishdude20 wrote:
| So when chatting with a friend without the app, each message has
| a big ad for the app. Is there a way to turn this off?
| throwaway8822 wrote:
| The fact that Delta Chat is catching on is a sad reflection on
| the state of the IM tools and protocols.
|
| Compare to most IM systems Delta Chat is:
|
| - easier to set up: you already have an email
|
| - equally private: most IM systems leak metadata anyways. A
| global observer can infer your peers.
|
| - compared to Signal, it does not snoop your phone number
|
| - decentralized
|
| - cheaper to run 1: managing mailservers is cheaper than managing
| both mailservers and IM servers
|
| - cheaper to run 2: mailservers evolved for decades and are now
| pretty efficient, especially compared to most IM servers
| codethief wrote:
| > - compared to Signal, it does not snoop your phone number
|
| Great, leaking the user's email address which, more often than
| not, contains their real name is so much better. /s
|
| Seriously, though, I don't think this comparison accurately
| reflects the differences between Delta Chat and Signal:
|
| Signal uses your phone number for account lookup but _not_ for
| addressing participants. Moreover, it uses a feature called
| Sealed Sender[0] to conceal even the cryptographic address of a
| message 's author. In contrast, Delta Chat leaks the email
| addresses of the people participating in a [group]
| conversation[1] (and, thus, their social network) not just to
| _one_ provider (as in the case of Signal) but to all email
| providers involved in hosting the conversation, meaning that,
| as a user, you have to trust not just a single but multiple
| entities. Meanwhile, Signal doesn 't even know how many people
| there are in a group conversation.
|
| [0]: https://signal.org/blog/sealed-sender/
|
| [1]: https://delta.chat/en/help#how-does-delta-chat-protect-my-
| me...
| MrGilbert wrote:
| > Great, leaking the user's email address which, more often
| than not, contains their real name is so much better. /s
|
| So, how good is your spam filter for SMS/calls? /s
|
| Personally, I rather give my mailaddress than my phone
| number. I can set up a new address rather quick. I cannot
| switch my phone number that effortless.
| saurik wrote:
| You seem to care about whether the messaging provider knows
| your phone number / email address... but that simply isn't
| the attacker model most people have: they want the people
| they are talking to to not have their real phone number /
| real email address, and couldn't care less if Telegram or
| Snapchat or Google or even Facebook knows who they are taking
| to; essentially, they want a trusted provider to protect them
| against untrustable contacts, not to speak with their trusted
| contacts using an untrustable provider. Now, can you solve
| for both of these problems at the same time? I think so--and
| maybe Three.ma is exactly that!--but Signal doesn't seem to
| care, as they have a somewhat strange model of how people
| chat. The question, then, is mostly about how well the
| application supports creating unrelated accounts / aliases:
| what you really want is just some kind of separate user
| identifier (such as you get with Three.ma, or with services
| like Wire/Kik); but, barring that (as federation makes that
| weirdly hard), email addresses are way better than phone
| numbers, as it is way way easier to get throwaway email
| addresses--even ones from unrelated hosting companies--than
| throwaway phone numbers.
| dheera wrote:
| I got banned by WeChat last week for a while for using
| "unauthorized plugins". They seem to also be adamant about not
| allowing people to run WeChat on virtual machines.
|
| Seriously, WTF? It's none of your business what device I use
| and whether it's virtual or not.
|
| I got a cease-and-desist from Facebook many years ago for
| trying to write a Perl interface to their messenger.
|
| I own and control my devices, damnit. I hate these walled
| garden messaging apps that seem to actively thwart innovation.
| All I want is a protocol (which I'm even happy to pay for!) and
| _I_ will decide how messages present themselves on my end.
|
| Many years ago I used Pidgin to interface to MSN, ICQ, AIM, QQ,
| Gtalk, Yahoo, Zephyr, and a couple others. It was great -- I
| had E2E encryption (sorry Pichai and Whatsapp I had E2E
| encryption on ALL of my messengers before you all decided to
| wall-garden your apps and then do some stupid PR stunt about
| E2E encryption years later), automatic human language
| translation, automatic LaTeX rendering, and a bunch of other
| features, all of which I don't have now because the messenger
| apps everyone uses now are anti-innovation. We've taken a huge
| step backward.
| da_big_ghey wrote:
| I got a discord account banned recently, and they wouldn't
| tell me why. My guess is that it has to do with my using a
| weechat bridge rather than their garbage client. I have to do
| the same for slack and for signal (which, by the way, is
| terrible even with signald), because they too have garbage
| clients. I have a much better experience when just using
| plain IRC.
| eevilspock wrote:
| I've had an idea like the is for a long time but for a
| distributed social network.
| nosmokewhereiam wrote:
| Before echo chat
| hkt wrote:
| I've been using this with one single solitary friend for about a
| year. It works really well and we both love it.
|
| What has bothered potential adoptees is the idea it needs their
| email account credentials. People who don't think it is super
| cool already don't seem willing to adopt it. It would be nice if
| that changed.
| p4bl0 wrote:
| In the worst case you can still create a specific email account
| for deltachat.
| progre wrote:
| Well, the account credentials would stay in the local client
| wouldn't they? There is no hosted web version of this (yet!)
| and no central server so there is no one to leak credentials
| to. The only receiver of the credentials would be your email
| provider, and you are already sending them that in your normal
| email client.
| vascocosta wrote:
| This highlights the fact that there are too many protocols that
| are essentially reinventing the wheel. The problem isn't
| necessarily too many clients, but too many transport agents.
|
| In a way, they're almost all reincarnations of what email, IRC or
| XMPP could already do, with a few makeup changes, often designed
| to lock-in the user and consequently fragment the user base.
|
| What we need is perhaps more clients, with different interfaces
| but using the proven underlying protocols and implementing new
| features client side. Delta Chat, making use of email, does this,
| with the added bonus of SMTP's natural decentralisation and
| openness.
| smt88 wrote:
| Email is a wheel that needs reinventing. It's fundamentally
| difficult/impossible to secure.
| hkt wrote:
| Metadata being available to the server isn't ideal, but a hub
| and spoke architecture where the hub has no knowledge of
| which spokes are talking is, if not impossible, then at least
| very hard, surely?
|
| On the other hand, TLS by default would be nice
| spicybright wrote:
| I feel like the first step is consistent encryption, then
| figuring out hiding meta data. Proxys that strip meta +
| delay emails to fuzz that might be a solution.
| ognarb wrote:
| Maybe we need email over the matrix protocol. Decentralized
| and using an already existing modern open protocol. The
| problem is that email has too much inertia.
| Jarwain wrote:
| Well there's the Matrix Email Bridge:
| https://matrix.org/docs/projects/bridge/matrix-email-bridge
| gsich wrote:
| See Deltachat.
| Triv888 wrote:
| The data of emails is very easy to secure, but the metadata
| is another story... for example, your email could consist of
| a single gpg file.
| buster wrote:
| Why do you think that? What would yet another protocol nobody
| uses bring to the table, smtp and imap don't? It's reliable,
| stable, decentralized and can be used securely.
| [deleted]
| arendtio wrote:
| While I agree, I think using e-mail as the base is an attempt
| to compensate for the network effect. While XMPP is clearly
| superior as a chat protocol, it lacks a broad user-base.
|
| With e-mail you can even chat with people who don't have the
| chat app. Maybe we need an XMPP e-mail bridge ;-)
| comboy wrote:
| https://github.com/sessionbird/xmpp-smtp-gw
|
| https://github.com/Puppet-Finland/milter-xmpp/
|
| Btw, when I click "open source" link on delta chat website, I
| may be not the only one expecting to be taken to the source
| repository instead of definition of what open source is. I
| found the actual link, just a suggestion.
| gsich wrote:
| Bridges require non-stop maintenance, because if users "feel"
| that their messages don't cross the bridge, they won't use
| it.
| vascocosta wrote:
| Yes, that's probably the reason, especially the fact that the
| person on the other side doesn't even need to be aware of
| Delta Chat.
|
| Or maybe we need something like Delta Chat that uses XMPP by
| default but falls back to email if the recipient doesn't have
| an XMPP account.
| CodeGlitch wrote:
| This is really interesting. I was talking about using email
| instead of WhatsApp/Signal last week when the whole WhatsApp
| privacy situation exploded.
|
| It's a shame this wasn't more visible last week when there was a
| big uptake of signal (or was it?).
| jitans wrote:
| Do you realize WhatsApp privacy hasn't changed?
| tommoor wrote:
| Like a lot of open source projects this is a great idea with a
| lot of potential that's somewhat let down by poor design and UX,
| we really need more professional designers contributing to open
| source!
|
| eg: How do you start a new chat - the primary function of this
| app? It's hidden in the "..." menu that looks like it contains
| the settings for the existing example chat.
| adbenitez wrote:
| in android you can start a chat just pressing in the + button,
| and in desktop, just typing the email address in the search bar
| should show a button to start a chat with that contact
| tommoor wrote:
| Yep, this was just one example of many :)
| ampdepolymerase wrote:
| All they need is to rebrand it as an enterprise SaaS and boom,
| unicorn.
|
| (For those who don't get the joke, see Front:
| https://news.ycombinator.com/item?id=25272533)
| dmje wrote:
| Really incredibly, irritatingly simple and well executed idea...
| jitans wrote:
| So basically what we needed was a different email client?
| brightball wrote:
| Love this concept. I'd really love to see this taken to the next
| level to create an email powered social network. You'd really
| just need a client that could parse the data.
| majortennis wrote:
| im already trying to get people to join signal and only half
| succeeding, can't swap aagain right noww
| jitans wrote:
| Just because this is the new trend (for no reason) ?
| eevilspock wrote:
| what's not clear from the FAQ is whether it turns ALL your email
| into chat messages or only a subset, e.g. all email with a
| special header or tag in the subject.
|
| I'm assuming it piggybacks on your normal email address as
| opposed to making you create a dedicated one for chat.
| buster wrote:
| It's just an email client, acting on the delta chat emails (and
| moving them to a delta.chat IMAP folder). It works
| transparently with a fallback that the receiver can still just
| reply in a normal email client.
|
| It's how the whole messaging drama. Should be resolved and it's
| using decentralized infrastructure that is already there and
| reliable.
| hpk42 wrote:
| The default mode of Delta Chats "email interaction" setting is
| "show only chat messages". This includes replies to messages
| you sent out from Delta Chat, even if the reply came from
| another email app or a webmail interface. So you can chat with
| anyone who you know the email address from.
|
| If you set email interaction to "all" then you see regular
| email appearing as a "contact request" if you haven't already
| accepted the sender. In current development repos there is
| already support for mailing lists, and for html-mail. With this
| and a few other improvements, delta chat can be used as an
| e-mail client in more situations.
| eevilspock wrote:
| So it uses the reply chain as identified in the email header.
|
| It might be useful to actually define a new email header
| field (Or define a new value to put into an existing field),
| thereby making this an open protocol.
| hpk42 wrote:
| All Delta Chat messages have the "Chat-Version" header. For
| more specifications see
| https://github.com/deltachat/deltachat-core-
| rust/blob/master...
| progre wrote:
| End to end encrypted?
|
| https://delta.chat/en/help#does-delta-chat-support-end-to-en...
|
| Yes, if receiver uses IMAP if I understand this correctly.
|
| Edit: End-to-end encryption or not is maybe unrelated to IMAP
| use. E2E Encryption does not work with _some_ email providers
| though.
| flas9sd wrote:
| no, not specific to IMAP. It's always PGP encrypted unless you
| disable it.
|
| > If you want to rather avoid end-to-end-encrypted e-mails by
| default, use the corresponding Autocrypt setting in "Settings"
| or "Advanced settings".
| zigzaggy wrote:
| Does that mean the iOS app isn't encrypted? (Guess I could just
| go check the source code instead of being lazy)
| progre wrote:
| Uh, I don't think IMAP is generally blocked on iOS? Anyway,
| end-to-end encryption seems to depend on the email _provider_
| being able to support IMAP. So Hey.com is out but gmail can
| work if you enable IMAP support for example.
|
| Here is a list of tested providers:
|
| https://providers.delta.chat/
| h_anna_h wrote:
| It does not say anything about IMAP there. It just says that it
| is in fact end to end encrypted.
| progre wrote:
| Yeah, but some email providers don't support IMAP and on
| those it is _not_ end-to-end encrypted.
|
| https://delta.chat/en/help#is-delta-chat-compatible-with-
| pro...
|
| https://providers.delta.chat/
| jlelse wrote:
| It sucks when mail providers don't support standards like
| IMAP. Solution: Choose a better mail provider or make a
| second account with one.
| h_anna_h wrote:
| This is not what I got from the FAQ.
| progre wrote:
| Yeah, I might have misunderstood things.
| adbenitez wrote:
| it depends if the receiver has an autocrypt-capable email
| client like k9mail, etc. it doesn't have anything to do with
| IMAP on the receiving end, but Delta Chat currently only
| supports IMAP so the sender does need a server with IMAP
| support to use Delta Chat, but the receivers don't even need to
| have Delta Chat
| progre wrote:
| Great explanation, sorry for confusing things.
| flas9sd wrote:
| I'm using it for 1-on-1 chats in my family and the application
| makes you forget that it's smtp/imap/pgp underneath. It feels
| like a WA clone. Will it disclose past message contents on
| private key leak? yes.
|
| If you fetch mails via pop3 be aware, you'll move them away
| before DeltaChat can move them into its own folder via IMAP to
| build its message threads. If you're doing IMAP only you'll see
| the messages with your mailclient unless moved. Maybe consider
| using a dedicated email-alias or account. If the receiving SMTP
| on submission doesn't strip your connecting IP Address in the
| Received headers this is quiet a lot on the wire that DC can't do
| anything about and where you would rely on transport encryption.
|
| It made a point what a thoughtful chat-view, pgp-using email
| client can do, so I still recommend to give it a try.
| adbenitez wrote:
| I hear rumors that they might add forward secrecy in the
| future, it is not impossible to implement that over email
| adbenitez wrote:
| I have created some bots (mainly for Spanish speakers, Delta Chat
| ia used a lot in Cuba), bots to bridge with Mastodon so you can
| chat in private with users there or toot etc., bots to play games
| with friends etc. even to get xkcd comics etc
|
| https://writefreely.public.cat/delta-news/bots-publicos
| jlelse wrote:
| I recently blogged about it [1] and think Delta Chat is the
| messenger we should migrate to.
|
| Email is decentralized (at least when not everybody is using
| Gmail) and isn't a silo like WhatsApp, Signal, Telegram and
| Threema. Because what happens when Signal goes bad? Everyone has
| to move again...
|
| [1]: https://jlelse.blog/posts/email-messenger-delta-chat
| beagle3 wrote:
| My only gripe with delta chat is that the metadata most email
| stores keep per email message is measured in kilobytes
| (sometimes tens of them). View-source is very enlightening. For
| email messages which are often 1K-200K themselves with
| attachments, and somtimes > 10MB, I guess it's acceptable.
|
| For one line "How about lunch today?" messages, it just hurts
| my engineer bones to use Delta-Chat on a regular email server.
| jlelse wrote:
| They are working on it
| https://delta.chat/en/2020-03-11-reduced-message-size
| dheera wrote:
| I also don't like that Signal relies on _phone numbers_ or a QR
| code from a _phone_ to log in. Phone numbers are traceable to
| identities. They really should have used usernames or e-mail
| addresses.
|
| Also, Signal's desktop app shouldn't require a stupid phone app
| to enable it. I have a big powerful setup on my desk and you're
| asking me to go around my house looking for a silly 6" device
| to give it permission to log in? That's backwards. It should be
| the other way around if anything.
| jitans wrote:
| And leaking a mail (with real names) is much better?
| dheera wrote:
| E-mail doesn't have to have real names, isn't regulated by
| the government, and the same ID can be used across the
| world.
| ksec wrote:
| Is Fast IMAP fast enough for Chat? I think most IM currently does
| sub 50ms response time excluding Network Latency.
| buster wrote:
| It's not instant, of course it relies on the smtp servers in
| between, but for a Gmail to Gmail test it was nearly instant,
| for my own mail relay to Gmail it was probably 10 seconds delay
| which is fine for me.
| tdrgabi wrote:
| How do they handle spam?
| adbenitez wrote:
| there is no spam, until spammers start using Delta Chat :D then
| you can block contacts and groups
| p4bl0 wrote:
| IIRC they only show emails from your contacts or emails that
| are replies to Delta Chat messages.
| ourcat wrote:
| About six years ago, I built a similar app for an old long-
| distance (many timezones away) girlfriend and I to send voice
| messages to eachother. (called 'duovox' - not released to
| public). It created recordings and other metadata/attachments and
| simply zipped them up with a password and custom file extension
| and sent via email.
|
| The app was naturally registered with the custom file extension,
| so that clicking the email attachment in the Mail app would
| simply open the app and the message it contained.
|
| Very simple. Very effective. And using an existing and secure
| (one would hope!) transport: email.
| eudajmonia wrote:
| I like it. Some of the best ideas are the simple ones.
___________________________________________________________________
(page generated 2021-01-24 23:00 UTC)