Transparency report: #deltachat gave out data for the following number of users in the last years: 0, nada, zilch.
granted, it helps to not have data to begin with π
#Telegram is the exact opposite: they have _all_ the data about users, message histories, contacts, group and channel memberships, phone numbers, media files, bot interactions etc .... all in the clear on their central server, ready to be grabbed.
404media.co/telegram-gave-authβ¦
Telegram Gave Authorities Data on More than 20,000 Users
According to its newest transparency report, Telegram complied with more than 5,000 requests from authorities in the first three months of 2025.Matthew Gault (404 Media)
This entry was edited (9 months ago)
Nicole Parsons reshared this.
X_Cli β
in reply to Delta Chat • • •Metadata Protection in Instant Messaging Applications: a Review PTS2025
cfp.pass-the-salt.orgDelta Chat
in reply to X_Cli β • • •@x_cli two questions:
What does PFS have to do with minimizing metadata?
Can you link a real-world case where PFS played a role and protected someone from repressive persecution?
X_Cli β
in reply to Delta Chat • • •> What does PFS have to do with minimizing metadata?
Absolutely nothing. You are correct.
The thing is the research behind this talk is an unpaid independent research, done on my free time. So I had to set some arbitrary criteria to filter the dozens of applications to study. If people want me to study a specific application, my rate is 500β¬/day (which is lower than my standard rate; a sacrifice I am willing to make because I think there is a social value to this work).
My belief is that E2EE, PFS and ephemeral messages are the minimum requirements for a secure messaging application to be taken seriously.
These are beliefs. Some people might have different beliefs and that's obviously OK.
So when people ask me "Have you considered Delta Chat?", my answer is "lol, no, they don't even have PFS; let's talk about serious applications".
The truth is I did fund Delta Chat, studied it and even contributed to its translation. There is value in Delta Chat, and I am not denying it. But if I have to use an application to secure my communications, Delta Chat is not a valid option for me. Sorry.
---
> Can you link a real-world case where PFS played a role and protected someone from repressive persecution?
PFS protects against the recovery of past communications that were recorded and ultimately decrypted after the attacker gets access to the key material. People able to setup dragnet surveillance are generally working for intelligence services and law enforcement. They don't tend to brag about their methods in the press.
Still, the NSA (Prism) showed to the world that there are nations recording large amount of Internet traffic. Pegasus showed that mobile phone surveillance and key extraction are a thing.
The (almost) general adoption of ephemeral messages shows that the public is aware that when law enforcement forcefully unlocks your phone, you don't want to have your personal conversation lying around. But what about your key material?
Well, if you don't have PFS, law enforcement will get their dirty hands on it... and with that, they will get access to all past conversations that you thought were confidential because you used ephemeral messages.
My point is ephemeral messages are pretty much useless if your adversary recorded your encrypted conversations and you don't have PFS.
So do I have a real-world case where PFS played a role? No.
Do I know real-world cases where ephemeral messages prevented law enforcement from accessing someone's data? Yes.
Do I know real-world cases where traffic was recorded and decrypted on the side thanks to the lack of PFS? Yes. I even worked for a company building surveillance appliances that do that... (not being too proud about that but hey... not having PFS is a serious flaw in my book).
desirable_dialogue
in reply to Delta Chat • • •I'm either misunderstanding or your post is misleading.
When using the client deltachat, data is stored and passed trough the corresponding email servers. Request for data can only go to the server admins. And there was non request that resulted in handing data over? How do you know/assume that?
uhuru
in reply to desirable_dialogue • • •no, stupid authorities think @delta is some kind of chat messenger similar to telegram, whatsup, so they request data from them too.
@delta has been publishing such requests from time to time..
CC: @delta@chaos.social
desirable_dialogue
in reply to uhuru • • •πΉhaha.
Hope they keep doing this then. Keep them busy with nonsense.
uhuru
in reply to desirable_dialogue • • •in the meantime use #DeltaChat or #OpenGPG to have your email stored encrypted on servers.. don't rely on server admins.. especially corporate ones.
2c.
CC: @delta@chaos.social
desirable_dialogue
in reply to uhuru • • •I've been thinking about the meta data.
uhuru
in reply to desirable_dialogue • • •use "nolog policy" providers .
and store everything locally on pc. (if you use encrypted disks).
CC: @delta@chaos.social
Jonathan Lamothe
in reply to Delta Chat • •like this
bjoern likes this.
Djembro, RO, supports πΊπ¦π¬πͺ
in reply to Delta Chat • • •Delta Chat
in reply to Djembro, RO, supports πΊπ¦π¬πͺ • • •