Discussion: PGP shortcomings and Delta Chat

I have recently read the blog post The PGP Problem which outlines various serious shortcomings of PGP.

I think that Delta Chat and Autocrypt fix some of them, like the bad user experience and complexity. Still, others remain, like leaking metadata, being default-plaintext and the missing forward secrecy.

In general, the post shines a worse light on PGP than I had thought. Now I wonder what the implications on Delta Chat are.

Should we even bother to encrypt messages at all as long as PGP is used?
Can better encryption technology be used with e-mail as the underlying structure? The article mentions e.g.:

It’s theoretically possible to achieve a facsimile of forward secrecy using the tools PGP provides.

well, pgp bashing seems to be kind of modern these days (there seems to be a market for that, as someone else pointed out somewhere :slight_smile:

and it is easy to criticize something without the need to give a better alternative.

only few real alternatives to pgp exist - and i do not think any one is better. please keep in mind that pgp is not just a message encryption format, it’s a federated message encryption format. signal, whatsapp etc are often mentioned in this context - but they are centralized which introduces a lot of different problems (central data collection, network effect, easy to block and so on)

of course, there are many problems with pgp, email and all its messyness (reading tip: Xyiv -- off and online developments, on and off-topic [long]). you can be sure, the delta devs know them best - eg. we never used gpg, avoid keyservers, prefer-encryption by default, remove complexity by supporting only a subset and so on. as a result of these efforts, eg. delta chat was not affected by efail.

3 Likes

Ah well, bashing has always been popular :slight_smile: I try to look at it in a neutral way and I have wondered about some of their points myself.

I still find Delta Chat very useful especially because it uses the e-mail infrastructure. I’m just interested in its perspectives regarding the security and how it can be improved.

I think what I’m most curious about is the forward secrecy. You’re right that the alternatives mentioned in the post, Signal or Whatsapp, are not tolerable when we’re talking about security and privacy.
But there’s still XMPP which is federated, open and offers the same encryption technology as the centralised competition.

So are there ideas or plans to offer forward secrecy in Delta Chat? Based on PGP or even something else?

Thanks for the background information and the link, I’ll read it soon! It’s good to know that there already is so much awareness among the developers :muscle:

I will say a few words of my sight of this “problem”.

FOR ME it’s less important if there is PFS.
I like PGP as it works.

I have a backup of my private key.
If my phone is lost or broken I still can use my (one time in the first backuped) PGP key to read all my messages which is stored encrypted on my mail server.
IIAC for all other messengers with PFS I must not forget to make a periodically backup to not loose messages in the worst case.

The next point is communication in companies.
They have to archive the whole communication.
So they have only to make a Backup of the privat keys and all messages can stored encrypted.

But still I agree. If there would be a easy way to integrate PFS it would not hurt.

For me personally It’s not really important.

Currently there are no concrete plans for PFS. however, there are various considerations to that. One of the problems with PFS is, that it does not always work well together with multi-device and/or all communication is routed through a phone (eg. whatsapp).

Delta Chat plans to offer “Burner Accounts” which, in a sense, goes beyond PFS, see https://delta.chat/en/2018-11-17-deltaxi#new-planned-features-for-at-risk-and-other-users

In addition, Delta Chat already has a feature that protects groups against active network attacks by supporting the creation of “verified chats”, which are always encrypted, and do not allow opportunistic key exchanges (as is the case with autocrypt).

I understand that for most people PFS is not a necessary feature. But there are people for whom it’s really important (activists, journalists etc.). And if there’s technology which makes it possible, I’d prefer to use it rather than worry about what the authorities, hackers etc. could know about me based on a single successful attack.

Not dismissing your usage, just to show how different personal preferences can be:
I don’t keep old mails or messages. If there are important ones, I copy them to a location which I’m backing up (just to find out that 98% of the time I never look into them again anyway). In our times, information gets outdated very quickly, too.

I usually try to directly react to messages and then delete or archive them. I also let them delete automatically after a while in case I didn’t get to do it myself. No worries about searching in a huge piles of messages, about storage space or about exposing too much data to attackers :wink:

True, there are sometimes problems of this kind with XMPP’s OMEMO.

Thanks once again for the useful information :slight_smile: