I don’t understand why it took us 50 years to figure out how to do encrypted messaging-over-email. Anyone wanna swap email addresses?
It’s a neat idea, but it gives me more questions and answers:
- Why send messages (encrypted or not) across multiple providers that get to see who you are communicating with, when you are communicating, and how often you are communicating?
(i.e. why not just use a dedicated messaging app that we know doesn’t suck?) - What will this do to your traditional email inbox?
- What about Protonmail or other email services that doesn’t directly connect to conventional email protocols?
Why send messages (encrypted or not) across multiple providers that get to see who you are communicating with, when you are communicating, and how often you are communicating? (i.e. why not just use a dedicated messaging app that we know doesn’t suck?)
who do you KNOW doesn’t suck? myself, i like disroot, but i still prefer to encrypt any comms that go across their services, because i can’t explicitly trust them. i don’t even (really) trust riseup.net. it’s always best to encrypt anything thats sensitive yourself and control the keys.
There’s still a big metadata problem with email in general, and if you are using services tied to activism, situations like the one that happened to Mastodon could just as easily happen to you.
The trouble with email is baked into email itself, versus private messaging apps that use a protocol that was designed for the express purpose of chats that don’t require one or more servers to retain them…
i think it’s worth pointing out that pgp-protected messages would still be secure in the case of the kolektiva breach, not that anyone is e2ee for mastodon messages.
if you (and your friends) control your (and their) keys, then the actual contents of your communications can’t be compromised. i think email is fine if you understand the limitations.
The metadata itself is pretty valuable. In this case, the metadata exposes who, where, when, and how often the conversations take place. And that metadata is valuable.
Generally speaking, it is inadvisable for privacy to keep data (even in an encrypted form) on a server post delivery.
i would never bother with anything that i consider to be highly secure over any clearnet service. but for keeping advertisers out of my messages or just run of the mill dragnets, or spot-censorship (like how facebook or others forbid certain links), i think deltachat is a really reasonable solution.
but to this point:
, it is inadvisable for privacy to keep data (even in an encrypted form) on a server post delivery.
deltachat has an option to delete server-side.
When you send a message on signal, it gets delivered and then purged from all servers. Does Deltachat do this by default, and if not, can one user request the other user’s side delete messages on their servers?
Email also runs into a “server copy” problem that is not necessarily built into instant messaging, especially privacy oriented services: A server/servers will store separate copies of messages for all people in a conversation, making it twice as difficult to delete even if all sides of the conversation wish to delete it from the server.
this is my settings screen. it looks like you would need to actually ask your friends to turn on the server-side purging.
you’re asking more than i really know here. i haven’t even convinced any of my friends to use it. it was hard enough getting their email addresses lol.
What will this do to your traditional email inbox?
if you are a deltachat user, it creates a directory for your deltachat messages. if not… you are strongly encouraged to use deltachat :P
can’t you just make a rule
maybe. depends on your client or provider
What about Protonmail or other email services that doesn’t directly connect to conventional email protocols?
personally, i don’t trust protonmail, so i haven’t tried it, but i think… it just doesn’t work lol.
What’s the issue with proton? Just the UI being a bit shit?
The UI has improved a lot since their re-brand, so I doubt that’s it.
they make a lot of promises about security, but email can truthfully only reach a certain level of security. the comment from @RTRedreovic@feddit.ch shows weaknesses in relying in protonmail to protect various aspects of your communications, but they sell themselves as TOTALLY SECURE.
the lady doth protest too much.
so they’re no more secure than, say, google, when you implement your own e2ee on top of email with PGP or something. but the promises of enhanced security actually set people up to expect more than that. coupled with the fact that they don’t even let you use imap or pop, it’s not exactly a hacker’s dream service.
Proton only uses E2EE for the message body (including attachments). The subject and headers are not end-to-end encrypted.
That’s not entirely unreasonable, since they use that data for the search function on the server side. Nobody’s really cracked the nut of E2EE search, though there’s been some interesting research in the field recently.
Proton should be avoided.
https://www.theregister.com/2021/09/07/protonmail_hands_user_ip_address_police/
I do agree that’s a fair point about mail.
- Why send messages (encrypted or not) across multiple providers that get to see who you are communicating with, when you are communicating, and how often you are communicating?
oooh! they’re on the fediverse!
I really like Delta Chat as a concept. I’m not sure I could convince my friends to use it, as most of them struggle with signing on to email on anything other than a dedicated mail client from their providers.
The UI is just a WhatsApp rip lol
În their defense, almost all messengers look the same. They just didn’t bother to change the color scheme.
Pretty much every messenger I know is different. That one straight up looks like WhatsApp, down to the colour scheme and background.
i don’t use whatsapp so i wouldn’t know, but the guts are what interest me. you can use it to message people even if they don’t use it!