ArcaneChat: Private messenger based in Europe
ArcaneChat: Private messenger based in Europe
cross-posted from: https://lemmy.ml/post/26007254
ArcaneChat: Private chats for the family
ArcaneChat is a FLOSS private and secure messenger focused on privacy and friendly user experience.
๐ฌ Reliable instant messaging with multi-profile and multi-device support.
โก๏ธ Sign-up easily and anonymously, no phone number or any private data required.
๐ฎ Interactive mini-apps in chats for gaming, shopping lists, productivity and collaboration.
๐ End-to-end encrypted chats safe against network and server attacks.
ArcaneChat is a Delta Chat client and it is compatible with other Delta Chat clients.
Source code: https://github.com/ArcaneChat/
You're viewing a single thread.
As this is Deltachat, here is a privacy comparison with other messengers ( posted on [email protected] as well ) : https://eylenburg.github.io/im_comparison.htm
They are not totally the same tho, for example "Delete messages on device of recipients" says "no" for Delta Chat but it is already available in ArcaneChat (will come to DeltaChat "soon")
Also "Minimal metadata" says "no" while there is no personal data at all required to use ArcaneChat, accounts are fully anonymous hence what metadata and from whom?
so the table is getting outdated quickly ๐
Also "Minimal metadata" says "no" while there is no personal data at all required to use ArcaneChat, accounts are fully anonymous hence what metadata and from whom?
Unfortunately email wasn never built for privacy. As DeltaChat and ArcaneChat both run on top of email, they suffer from many of the same privacy issues that have existed since the inception of email, over 50 years ago.
This is simply not correct, the page you link is talking about problems of email as a network of different clients and servers. With ArcaneChat and arcanechat.me server there is no metadata leak, the article talks about leaking subject which is simply not leaked in ArcaneChat since it is moved to the encrypted part as many other headers, the To and From headers are needed by the server to know to whom send the message, this is the same in virtually all other messaging platforms, like XMPP, Matrix, WhatsApp, etc. So why is it listed as a flaw of email?
Here you can see what someone can see in a message sent with chatmail servers, tell me exactly what metadata you got from this message as the server operator:
That kind of "no no you can't use email in a secure way" is a so outdated urban legend
Maybe I'm confused, do the DeltaChat and ArcaneChat clients only work with DeltaChat/ArcaneChat servers?
Edit: forgot to mention I can see the sender & recipient addresses (Signal uses sealed sender to minimize this metadata leak). I can also see what time the message was sent, this is the kind of metadata Meta collects through Whatsapp even though they also encrypt message content. It doesn't seem - although maybe it now does - that DeltaChat nor ArcaneChat support key ratcheting, so if someone's intercepting messages they can decrypt all future + past messages. Lastly it doesn't seem either support any kind of protection against attacks from quantum computers. Currently Signal, SimpleX and iMessage are the only clients that do protect you from these kind of attacks.
Maybe I'm confused, do the DeltaChat and ArcaneChat clients only work with DeltaChat/ArcaneChat servers?
The "ArcaneChat/DeltaChat servers" are just normal email servers with some default configurations and tweaks for privacy/security and speed
Edit: forgot to mention I can see the sender & recipient addresses (Signal uses sealed sender to minimize this metadata leak)
Signal needs to "seal sender" to be able to send messages anonymously since their service is not anonymous and you login with your phone number, in ArcaneChat it is like you are "sealed sender" from the very beginning, you don't register with phone number or any private data, you log in anonymously always, currently you have an static anonymous identity, and have to manually change it over time if you are the most paranoid person in town, but in the future the app might implement anonymous identity rotation
I can also see what time the message was sent this is the kind of metadata Meta collects through Whatsapp even though they also encrypt message content.
Nothing that the server doesn't know, the server knows the time at which you try to send a message because well you are asking it to do so at that time. But I agree this is a problem with stored messages if the server gets audited at a later point, by default with a single device messages are deleted immediately and otherwise after 20 days so still it is limited what they could get, but this can be improved, the header doesn't need to have a real date could be whatever fixed date while the real date is protected in the encrypted part, this needs to be done ๐
It doesn't seem - although maybe it now does - that DeltaChat nor ArcaneChat support key ratcheting, so if someone's intercepting messages they can decrypt all future + past messages.
This is a pretty theoretical situation, first the attacker needs to get control of your chatmail provider/server and start collecting your messages, secondly you need to happen to be using disappearing messages since otherwise when they get access to your phone to get the key they can as well just get all your messages that are available already decrypted in the app, since you need the messages to be ephemeral, in that case you can as well create a temporary profile, ex. For some protest or activism and delete it after the operation is finished, and you get the same results of "forward secrecy" without sacrificing the usability of the app, ex. In ArcaneChat it is possible to have your account in as many devices as you want all well synchronized and every device is totally independent, if your phone dies you can keep using it in other devices or add it back to a new phone without losing a single message
That link somehow takes me to a chat about, how "gay billionaires Peter Thiel and Tim Cook have the whole California Democratic party leadership in their pockets"
Not exactly sure what to make of that...
it seems Pleroma is really bad, you have to scroll down until you find the actual comment in that thread that is marked with a different color, it is showing you the top of the thread, anyway, here is the image:
