Why I chose DeltaChat for private communication

Hornbeam

3 min

View Original

• There is no centralized server. Any email server you specify is used

• Secure e2e encryption Autocrypt Level 1 . The implementation has undergone an independent audit

• Open Source , non-commercial, funded by NGOs and users

• Audience ~1M. Cannot be accurately assessed due to lack of telemetry

• Disadvantages: not as fast and there is no (yet) message editing, reactions or threads

But the post office is dead and smells like mothballs

SQL also “died” with the advent of NoSQL, as a result, NoSQL pioneers like Elastic added SQL engines. And SQL is still one of the top skills in the IT labor market.

Same with mail. It is over 30 years old, but many people use it every day, the rest at least when registering in online services. New products and even protocol implementations are appearing .

Mail remains the most successful decentralized federated messaging network. Fediverse and Matrix are still far from email.

What does the popular messenger know about you?

Using Telegram, WhatsApp, Signal as an example:

• Phone number that uniquely identifies you and excludes anonymity;

• IP gives out your geolocation;

• Contacts even for those who do not have a messenger;

• Meta-information - with whom and when do you communicate, what groups are you in;

• The contents of messages are available in Telegram chats without a lock, unlike WhatsApp and Signal;

• As well as reading SMS , calendar , and much more .

Privacy DeltaChat

DeltaChat also has access to private data on the phone, albeit half as much as Signal .

The fundamental difference is that DeltaChat does not use centralized servers . Messages go through the mail server you specify - be it Gmail or your own.

You can verify this by analyzing the traffic using PCAPdroid . You will not find a single connection past your mail server. Thus, DeltaChat is not subject to the risks of data leakage, like the popular instant messengers above. Privacy by Design at its best!

What is DeltaChat exposed to?

Theoretically MITM if uncontrolled mail servers are used. In practice, it’s hard to imagine Gmail interfering with the key exchange process and replacing them to read your correspondence. Just one such confirmed case could kill Google's reputation. Therefore, I would rate the probability as close to zero, although technically possible.

You can counteract MITM by exchanging keys in person or via an independent channel; this is conveniently implemented in delta.

But it is more private to use a personal mail server, because although Gmail will not see the contents of the correspondence, it will know with whom and when you are corresponding.

Which mailer to use

Any with SMTP and IMAP support. Therefore, Tutanota , ProtonMail and Hey will not work. Here you can check your email provider for compatibility.

If you want to be completely private, then welcome to self-hosted. Below are convenient solutions I have tested:

• Mail-in-a-Box , iRedMail - if you know how to use the Linux console;

• mailcow - for Docker lovers;

• SelfPrivacy - if you have no IT skills at all, but want your own mail server (my project);

• Write in the comments how else you can quickly, easily and privately deploy your mail server, please!

Promising features

How to use

Installs on any platform. It 's as difficult to set up as any email client. It can be used as a full-fledged replacement for an email client, then the messages will be unencrypted and the recipient will see a regular letter. The first message sometimes arrives with a delay due to greylisting .

To use one account from different devices, transfer the keys via backup .
If you connect using a regular email client or DeltaChat without keys, you will see encrypted mail. That's how it should be - Privacy by Design! Keys are stored only on the device.

Total

Over two years of use, the project before my eyes has transformed from a successfully tested concept into a full-fledged replacement for popular instant messengers with privacy at maximum speed. About 50% of my chat conversations are on DeltaChat.

For testing, you can write me something nice: kirill.zholnay (doggie) selfprivacy.org