this post was submitted on 08 Mar 2025
43 points (93.9% liked)

Buy European

3859 readers
2706 users here now

Overview:

The community to discuss buying European goods and services.

Matrix Chat

Rules:

  • Be kind to each other, and argue in good faith. No direct insults nor disrespectful and condescending comments.

  • Do not use this community to promote Nationalism/Euronationalism. This community is for discussing European products/services and news related to that. For other topics the following might be of interest:

  • Include a disclaimer at the bottom of the post if you're affiliated with the recommendation.

Feddit.uk's instance rules apply:

  • No racism, sexism, homophobia, transphobia or xenophobia
  • No incitement of violence or promotion of violent ideologies
  • No harassment, dogpiling or doxxing of other users
  • Do not share intentionally false or misleading information
  • Do not spam or abuse network features.
  • Alt accounts are permitted, but all accounts must list each other in their bios.

Benefits of Buying Local:

local investment, job creation, innovation, increased competition, more redundancy.

Related Communities:

Buy Local:

!buycanadian@lemmy.ca

!buyafrican@baraza.africa

!buyFromEU@lemm.ee

!buyfromeu@feddit.org

Buying and Selling:!flohmarkt@lemmy.ca

Boycott:!boycottus@lemmy.ca

Stop Publisher Kill Switch in Games Practice:!stopkillinggames@lemm.ee

Banner credits: BYTEAlliance

founded 1 month ago
MODERATORS
maam@feddit.uk
alex@jlai.lu
Lazycog@sopuli.xyz
circledot@feddit.org
Argyle13@lemmy.world
Sunshine@feddit.is
Sunshine@lemmy.ca
buyeuropean@lemmy.ca
buyeuropean@feddit.org
lazycog@feddit.uk
43
ArcaneChat: Private messenger based in Europe (arcanechat.me)
submitted 1 week ago by adbenitez@lemmy.ml to c/buyeuropean@feddit.uk
13 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.ml/post/26007254

ArcaneChat: Private chats for the family

ArcaneChat is a FLOSS private and secure messenger focused on privacy and friendly user experience.

💬 Reliable instant messaging with multi-profile and multi-device support.

⚡️ Sign-up easily and anonymously, no phone number or any private data required.

🎮 Interactive mini-apps in chats for gaming, shopping lists, productivity and collaboration.

🔒 End-to-end encrypted chats safe against network and server attacks.

ArcaneChat is a Delta Chat client and it is compatible with other Delta Chat clients.

Source code: https://github.com/ArcaneChat/

you are viewing a single comment's thread
view the rest of the comments
[–] adbenitez@lemmy.ml 1 points 1 week ago* (last edited 1 week ago) (1 children)

Maybe I'm confused, do the DeltaChat and ArcaneChat clients only work with DeltaChat/ArcaneChat servers?

The "ArcaneChat/DeltaChat servers" are just normal email servers with some default configurations and tweaks for privacy/security and speed

Edit: forgot to mention I can see the sender & recipient addresses (Signal uses sealed sender to minimize this metadata leak)

Signal needs to "seal sender" to be able to send messages anonymously since their service is not anonymous and you login with your phone number, in ArcaneChat it is like you are "sealed sender" from the very beginning, you don't register with phone number or any private data, you log in anonymously always, currently you have an static anonymous identity, and have to manually change it over time if you are the most paranoid person in town, but in the future the app might implement anonymous identity rotation

I can also see what time the message was sent this is the kind of metadata Meta collects through Whatsapp even though they also encrypt message content.

Nothing that the server doesn't know, the server knows the time at which you try to send a message because well you are asking it to do so at that time. But I agree this is a problem with stored messages if the server gets audited at a later point, by default with a single device messages are deleted immediately and otherwise after 20 days so still it is limited what they could get, but this can be improved, the header doesn't need to have a real date could be whatever fixed date while the real date is protected in the encrypted part, this needs to be done 👍

It doesn't seem - although maybe it now does - that DeltaChat nor ArcaneChat support key ratcheting, so if someone's intercepting messages they can decrypt all future + past messages.

This is a pretty theoretical situation, first the attacker needs to get control of your chatmail provider/server and start collecting your messages, secondly you need to happen to be using disappearing messages since otherwise when they get access to your phone to get the key they can as well just get all your messages that are available already decrypted in the app, since you need the messages to be ephemeral, in that case you can as well create a temporary profile, ex. For some protest or activism and delete it after the operation is finished, and you get the same results of "forward secrecy" without sacrificing the usability of the app, ex. In ArcaneChat it is possible to have your account in as many devices as you want all well synchronized and every device is totally independent, if your phone dies you can keep using it in other devices or add it back to a new phone without losing a single message

[–] Supernova1051@sh.itjust.works 1 points 1 week ago

The “ArcaneChat/DeltaChat servers” are just normal email servers with some default configurations and tweaks for privacy/security and speed

I know what the servers do. My question is direct, because it would answer an important detail that has been left unanswered. Can the chat clients work with any email provider or only Delta/Arcane configured email servers? Because if they work with any email provider, people are going to shoot themselves in the foot by allowing insecure servers. If its the latter, then at least the clients enforce some safeguards.

this needs to be done 👍

And until its done, its leaking metadata.

This is a pretty theoretical situation [...]

A lot of security is based on theoretical attack vectors. This is why security is hard, you have to invest time and effort to secure areas that could be exploited at some point in the future, not just what we know today. It's why Signal and Apple have developed and enabled quantum-resistant encryption in their messaging platforms (Source).

first the attacker needs to get control of your chatmail provider/server and start collecting your messages,

Considering people get hacked left and right all the time and the constant barrage of breaches, not the highest bar set.