Okay. Bring back the ability to import your key when creating a profile. And then the trust issue will be resolved again.
Firstly, I am not a crypto expert, but I doubt that you can âeasilyâ detect a backdoored key. âBackdoored keyâ wouldnât be a thing then.
Secondly, if key generation process is backdoored, then you for example can make it output pre-generated keys that the adversary made themself (and thus whose private keys it already has).
As you mentioned yourself, one can utilize I2P, or Tor or VPNs to minimize traffic sniffing risks.
Even with âindirectâ leaking (where Delta Chat donât connect to any particular server to leak the key), the process of leaking the key still has to be detectable (again, without source code inspection), at least if youâre also in control of the mail server that you use with Delta Chat and are using a VPN to connect to it (which, I know, admittedly is not really a common use case).
So, IMO, the fact that Delta Chat could just leak the key no matter if itâs secure or not would not eliminate backdoored / weak key generation as a good attack vector.
Sorry, that wasnât the arguement I was intending to make. I meant that persuading the devs to deliberately and knowingly weaken or backdoor the key is a terrible attack vector for an intelligence agency, high-effort and very high risk of detection. I mean look how well it worked for Roskamnadzor.
And it looks to me as if youâd need to weaken the random number generator, a DC dependency, and have it generate non-random numbers without anyone noticing. Some preposterously bad random number generators have been used in other software in the past; I hope this one is better-tested.
Socially, if one is going to accuse someone of malicious and dishonest behaviour, one really needs to present solid proof of malice and dishonesty. Escalating âI would like this feature backâ to âAnyone disagreeing with me is a spyâ is rather like escalating âI want this Chatkontrol surveillance lawâ to âAnyone opposing me is supporting child abuseâ. @ajypz7p5y, being less accusatory would probably help the cause you argue. For starters weâd be discussing key import instead of getting diverted into discussing the accusations.
XMPP in my experience needs more maintenance. If you live in an authoritarian country, you may well have worse problems (like all three protocols being blocked, illegal, or both). You also canât talk to anyone not able to set up XMPP over Tor or I2P or Yggdrasil etc.
Better integration of anonymizing networks, such that the average user can and does use them, would be helpful. The Chatmail/relay servers still talk to one another over plain TLS, though, and brute-forcing the private keys of a few servers, or simply controlling a TLS certificate authority, is possible with government resources.
I suspect that collecting IP addresses and tying them to e-mail addresses would be more an intelligence agencyâs thing, and there are known IP leaks in Deltachatâs dependencies. IP addresses are increasingly identifying, and certainly anyone who controls the ISP can tie them to a physical connection.
Anonymous remailers could be done as bots, I guess? But always-on and push notifications, as opposed to manual polling, will still leave anyone not running a mix network node vulnerable to timing-based attacks. Youâd need to run an I2P node or similar.
I am also no crypto expert; if DC made it a goal to hide metadata, Iâm sure some experts would be willing to review success.
I didnât accuse anyone, but I immediately said that these were just my assumptions. Read again what I wrote in my first message. Your words echo the âthe best defense is to blame the opponentâ approach. Youâre resorting to personal attacks instead of discussing the facts. But the fact remains the same. We had the option to import the key, but now we donât have it.
The key you want to import in DC has to come from somewhere. How to trust this alternative source? If you can audit it, then you can audit the DC code as well. If you canât, well, then this alternative source may as well be subverted by some agencies.
Prefacing an accusation with âThese are just my guessesâ doesnât usually counteract the social effects of an accusation: âI guess you are behaving maliciouslyâ and âI say you are behaving maliciouslyâ will be interpreted similarly by most people. âYouâre trying to cover up your possible connection to the intelligence agenciesâ also did not communicate a presumption of innocence to me.
I do not see you as an opponent.
Sticking to the facts is an excellent rule. Letâs do that, and avoid imputing motives to others, so we can stop arguing about the plausibility of the motives.
Key import has been removed, for reasons detailed above. Key import during profile creation would be easiest to implement. Are you volunteering to add and maintain this feature? I donât think many people would use it, because not using it is easier.
Iâd prefer standard mailclientlike integration with common Linux keyrings, GPG, KWallet, Sequoia etc.. This would mostly be useful for contacts, not my own keys, but an additional ability to import and export profiles would be handy to me. It would also make switching to and from Chatmail clients with different backends easier. But this is only useful for those using these tools, not most users, so it will also not be a priority.