WEBVTT

00:00.000 --> 00:11.840
Hello everyone, I'm Kenya and this is Holger, we will be doing this talk together and I will

00:11.840 --> 00:17.960
start with a introductory part, well you will learn a little bit what we did and how we

00:17.960 --> 00:26.280
traveled across many complicated times and situations, evolving this project that started

00:26.280 --> 00:32.280
with a desire to actually use the biggest decentralized infrastructure that exists

00:32.280 --> 00:42.240
email, wow, to actually chat fast and in the beginning it was I would say rather complicated,

00:42.240 --> 00:48.800
not just technically but also to explain people why we do it, what is the challenge

00:48.800 --> 00:55.840
that we face, what are the use cases, but very soon we found that interoperability,

00:55.840 --> 01:01.080
it was the word that was all around, a lot of people needed it, so they were very happy

01:01.080 --> 01:08.920
to have something that would talk outside with any kind of email, but be also a nice messenger

01:08.920 --> 01:15.320
that feels like whatever other messenger you use or not, I hope you don't use, what's up,

01:15.320 --> 01:22.280
but it's an example that we were looking at, unfortunately this mainstream apps put some UI

01:22.360 --> 01:27.840
standards on other developers, telegram, what's up, they kind of force us to go to some

01:27.840 --> 01:34.600
directions to follow them, in usability, in offerings that we can make for users, so we kind

01:34.600 --> 01:40.080
of look at them, learn from them, but also not too much, staying with a decentralization

01:40.080 --> 01:46.200
with federation and with the idea that actually you can rely on this very large ecosystem

01:46.280 --> 01:51.720
that is email, and you can simplify something that is very nice and we love it, it's

01:51.720 --> 01:57.720
PGP, we can actually make it easier, and I was the sociologist behind this whole thing,

01:57.720 --> 02:07.400
I arrived very young, very afraid to the auto-clipped meeting in 2017 in Tor, Tor onion

02:07.400 --> 02:13.400
space in Berlin, and there were people from matrix, from wire, from many beautiful projects,

02:13.480 --> 02:18.920
and we discussed how we can actually make the exchange of keys easier for users, how they

02:18.920 --> 02:23.960
can not make any mistakes, it's not possible, and it's good that they make them, we learn from

02:23.960 --> 02:32.200
this mistakes, but that's how we looked in the beginning, and here we are now, in 2025, where

02:32.200 --> 02:38.840
you can actually scan the QR code that I just reviewed, and you can start chatting immediately

02:38.840 --> 02:45.640
and not just chatting, but you are already verified, we thought about this word, it's a little

02:45.640 --> 02:52.680
bit complicated, verification users, I'm at the UX researcher, I talk to them, what is verification,

02:52.680 --> 02:57.960
why do I need to verify these people, is it like in Twitter, do I have this, you know, poster

02:57.960 --> 03:03.560
of a tag of being the authority, so we decided to rather call it guaranteed ant and encryption,

03:03.800 --> 03:09.800
when you scan the code that I propose to you, to scan, you will end up in a group chat that

03:09.800 --> 03:14.840
is guaranteed and encrypted, so it means that we hope that with a secure joint protocol that

03:14.840 --> 03:20.120
will be explained in a second talk, it will be protected from the many the middle tag, so here we

03:20.120 --> 03:28.120
are all very happy, email is not there, we are smiling, and we are moving forward, but how did we get

03:28.360 --> 03:35.400
here, actually, it was hard to make the paradigm shift for users, they were thinking that

03:35.400 --> 03:41.080
emails very slow, how can we actually chat with the emailing, so we did this workshop in Ukraine,

03:41.080 --> 03:47.720
in 2018 was sunny, we gathered a lot of different activities, journalists, writers, artists,

03:47.720 --> 03:54.120
and they were drawing, how they see email, key exchange, KGB, decentralization, encryption,

03:54.200 --> 04:00.040
we were collecting all of these and trying to base our design also on this social model,

04:00.040 --> 04:06.280
on this mental model of, on imaginaries of users, about encryption, so people think that

04:07.080 --> 04:14.840
email chatting through the existing centralized servers, you are kind of, you know,

04:16.760 --> 04:22.040
co-opting the users inside, you know, one, two, but what they want is to

04:22.120 --> 04:26.200
decentralize to open, to be interconnected, and actually decentralization was kind of

04:27.240 --> 04:31.000
shared even by non-technical users as a value or something that they would like to achieve,

04:31.880 --> 04:39.160
and we did a lot of testing, the right, what we have now, and here, just three moments of time,

04:39.160 --> 04:45.400
a timeline, we started with this lab testing, it's important, you see in the room, sit in the room,

04:45.400 --> 04:51.320
with people in a very stride space, nothing happens, the connection is stable, you follow the

04:51.400 --> 04:56.760
protocol, you click every link, you get some bugs, you write them down, very important work,

04:56.760 --> 05:04.840
but then suddenly we moved to the quarantine, COVID, COVID epidemic in Russia, and we go in the forest,

05:04.840 --> 05:11.240
and organize a festival with no network, so we had to build it, climbing the pine tree, putting

05:11.240 --> 05:17.400
the routers somewhere, catching some about at least a little bit, putting a raspberry pie with

05:17.720 --> 05:23.720
delta-chat server, on a local network, and testing it inside a big tent with fire, it worked,

05:23.720 --> 05:30.120
was nice, we could chat in the forest where nothing worked, and finally, the sum of this

05:30.840 --> 05:37.400
road somehow where we are now is that people started to re-leuse delta-chat, and this is scary,

05:37.400 --> 05:43.400
it's a big responsibility, and not just use it, but they go to the protest with it, and we learned

05:43.480 --> 05:49.720
about it the last, like they do it, and then we learned about it from them, they sent photos from

05:49.720 --> 05:56.600
protest and actually it works, regarding the throttling of a balcony activity, so this is another

05:56.600 --> 06:04.280
challenge that we face now, censorship resilience, how do we do about blocking about surveillance

06:04.280 --> 06:11.560
in countries where it is tough, so we have this ongoing interesting quest with Russian federal

06:11.560 --> 06:18.360
security bureau, this is the best onboarding screen I've ever seen for delta-chat, it's actually

06:18.360 --> 06:25.400
a copy made by FSB, so installed delta-chat, the FSB is actually made an advertisement for us,

06:27.640 --> 06:35.080
get an account, please, okay, so here is the Moscow time, they use it for very fine screenshots,

06:35.080 --> 06:40.360
like in order for a screenshot to become a proof in court, they need to take a photo like this,

06:40.360 --> 06:49.000
and put the time, because time it was what makes things real, people believe when time stamp is

06:49.000 --> 06:57.240
only, so we are now still in court with them discussing about why we cannot provide any data,

06:58.120 --> 07:03.880
and that is where federation becomes a thing, because actually they are used to a messenger

07:03.880 --> 07:10.600
that collects everything and has a lot of stuff on the server, and on the second talk we will

07:10.600 --> 07:15.400
hear a little bit about how chat mail servers are configured, and why we could not suggest

07:15.400 --> 07:22.120
further request, of course first we don't want, but second we cannot, and this is something else,

07:22.120 --> 07:29.080
so people thanks to this case, they understood a little bit better what federation decentralization

07:29.080 --> 07:37.480
actually does, the security challenges, and how it helps, yeah and finally another funny picture,

07:37.480 --> 07:44.040
and then we go to something more concrete and more technical, the design of delta-chat and the fact

07:44.040 --> 07:51.480
that it's using SMGP, I'm up, made a super popular in some places where the email traffic is cheaper,

07:51.480 --> 07:58.520
much cheaper than the normal, so this is a photo from Cuba where there were country-wide

07:58.520 --> 08:03.800
blackouts, so people could not use electricity, so much it was not a lot of internet,

08:03.800 --> 08:08.040
but this photo was sent with delta-chat, somehow we don't know how, whatever it worked,

08:08.040 --> 08:15.800
so people were bringing their telephones, plugging them to charge them, and somehow we could

08:15.800 --> 08:20.600
help them a little bit to stay connected, and this is a screenshot that I love, I translated it from

08:20.600 --> 08:23.960
Russian, but of course we lose a little bit of patience when we translate things,

08:25.160 --> 08:30.520
it's from Georgia, from recent protests, a Russian exiled group was relying on delta-chat again,

08:31.400 --> 08:37.480
I'll check how it works today, testing delta-chat under water cannons, yes, I will live there,

08:39.320 --> 08:45.000
yes, so all this is great, we are looking at the states, we are talking to users,

08:45.000 --> 08:49.880
we try to understand the needs, their coordination needs, their organization needs, but there is another problem,

08:51.560 --> 08:57.720
and another interesting, I mean there is another problem than just authoritarian regimes,

08:59.400 --> 09:04.360
which is, what is it, actually what's the other problem of like we have, I mean authoritarian

09:04.360 --> 09:10.360
regimes, I think many of you will probably agree this, maybe a problem currently, what's the other one?

09:10.360 --> 09:25.000
No, no, I mean more like, say it again, most SMTPs are out, most SMTPs are hosted by Gmail, yes,

09:25.000 --> 09:29.400
okay, that's a very particular kind of monopolization problem in the email system, yes,

09:30.760 --> 09:39.000
Gmail, I cloud and outlook for sure, yes, soon to be authoritarian, soon to be alright, yes,

09:39.000 --> 09:44.440
soon to be authoritarian on the transition phase, yes, but also billionaires,

09:49.400 --> 09:56.520
so there is this thing that we started like two years ago and that grew into some kind of

09:57.640 --> 10:04.920
community development also with XMPP people, and I want to talk a little bit about this,

10:05.080 --> 10:12.520
we kind of arrived at the motto some weeks ago to say, okay, let's just say we want to replace

10:12.520 --> 10:21.000
venture capital platforms like billionaire platforms with as a pile, some of you may know that

10:22.520 --> 10:27.800
there is in the US, like a 30, 40 million funded or this is recorded, right?

10:28.760 --> 10:39.640
Okay, there are apps out there that are funded, heavily and are working for many years,

10:39.640 --> 10:47.400
and they are trying to do things like, we will mediate all of the builds you want to split

10:47.400 --> 10:54.840
or the travel costs you want to share in a group between France, and we will be your trusted mediator,

10:55.560 --> 11:01.240
and we will become very big, and then we earn money with mediating splitting a bill

11:01.240 --> 11:07.320
between France, you know, it's kind of a typical like getting into the social relations of

11:07.320 --> 11:15.800
as many people as possible, and then kind of finding a way to monetize this data. So it's a long-running

11:15.800 --> 11:24.360
thing that's what brought us into some kind of situation that we currently have,

11:24.360 --> 11:32.760
that a lot of big tech platforms are merging with the other problem, and so we thought,

11:34.040 --> 11:38.520
there's a longer Genesis, I'm not going to turn now, that is kind of like the precursor for this,

11:38.520 --> 11:46.120
but we arrived at saying, why not, I mean, you know HTML emails, they're typically considered

11:46.120 --> 11:54.600
email, evil, and but there's a way to, I mean, they're still used, and they have some use,

11:55.320 --> 12:03.480
and we actually thought, well, we are a messenger, we anyway show attachments in special ways,

12:03.480 --> 12:07.960
like if you send a video, there's a play button directly in your chat, and if you send an audio

12:08.040 --> 12:17.720
message there's a play button and so on and so on. So why don't we send a zip file that contains

12:17.720 --> 12:28.520
a complete HTML 5 app, and run it in a sandbox, and when it wants to do any IO, when it wants to

12:28.520 --> 12:33.880
interact with the world, it gets completely blocked, it cannot contact anything, it's really

12:33.960 --> 12:43.000
like completely in this sandbox, this app, but it gets in IO API, that is not HTTP,

12:43.880 --> 12:51.320
that goes to a central server, and so on, but is appear to appear send receive input output

12:51.320 --> 12:59.480
system. So basically as an app, if you add an expense to a group slip spit bill, like a table view,

12:59.560 --> 13:07.800
also, you just say send this data, the messenger takes it, sends it as a kind of an application

13:07.800 --> 13:16.360
update message to the other chat participants, and then there you see, okay, somebody entered this,

13:19.160 --> 13:26.600
somebody just entered this expense. So basically we are using on the one hand, this completely

13:26.680 --> 13:35.880
sent boxed web application and provided with very few input output methods and specifically block

13:35.880 --> 13:41.960
it from the rest of the internet. So that means when you receive a zip file, you can actually

13:41.960 --> 13:48.360
run it in a chat, and I don't know who has unbotted already, the papers are there, we can actually

13:48.360 --> 13:57.960
just do this together, but you also showing this, you can start editors, this is now an editor in

13:57.960 --> 14:05.640
the chat, okay, so whoever actually manages already to join the group and start the app will

14:07.720 --> 14:13.400
be able, this is a real time editor, it kind of like shows another IO method that we just added

14:13.480 --> 14:20.760
a few months ago, that actually shows you cursor positions in real time, and this is actually

14:20.760 --> 14:27.880
through the integration of a peer-to-peer Rust Iro library, but there still is the email system

14:27.880 --> 14:33.400
that establishes the peer-to-peer network in this chat, so it's a private peer-to-peer system

14:33.400 --> 14:39.240
without any kind of global infrastructure needed, and the messaging is used to actually establish

14:39.320 --> 14:47.240
the real time channels between the peers, and all of that is completely into and encrypted,

14:48.040 --> 14:57.640
the real time channels even have delivered or not perfect forward secrecy, I know, many people hope

14:57.640 --> 15:07.960
this very dear, and so these zip files, they are really complete HTML apps, and they're small,

15:09.080 --> 15:19.960
the editor is like 100 kilobit, and it has been developed, it works, then somebody added the real time

15:19.960 --> 15:26.360
channel that we introduced, and now this app actually sits there as a zip file, you can forward it

15:26.360 --> 15:30.760
to a chat, and then this chat can use it, so it's not like you need to go to some app store and store

15:30.760 --> 15:37.320
something, authenticate somewhere, you have no log in, you have no GDPR, you have no content screens,

15:37.320 --> 15:44.280
you have no as a developer, you have no DNS hosting, you have no VPS that you need to run to host

15:44.280 --> 15:51.800
something and so on, this app just runs in the chat, and the messages that implemented, this is

15:51.800 --> 16:00.600
currently the XMPP, jailgram, and monocards, and then the whole data chat family, which also contains

16:00.600 --> 16:07.240
frankly forks, all of them implemented it, and recently what we did is that all of the apps

16:07.240 --> 16:11.960
and across the whole web, you see implementation space, like these seven messengers, they actually

16:11.960 --> 16:18.040
offer it directly in the primary chat interface, so when you have any of these messengers, you can

16:18.040 --> 16:27.960
say attach app and it's in your chat, and there's things like shopping list, very popular, you know,

16:27.960 --> 16:36.040
you just have people in the chat who add some items to what you need to buy with your family,

16:36.040 --> 16:43.000
or household, that's all, and whoever buys it just crosses it out, this is a very small app, and

16:43.880 --> 16:48.600
we are also hoping if you read the latest blog post, that this kind of re-establishes something

16:48.600 --> 16:56.760
that the older among us may still remember, you can actually finish software, and now it's

16:56.760 --> 17:01.960
very far in concept, but there used to be a time that you actually do something, and then it's

17:01.960 --> 17:06.440
doing what it should do, and there's nothing more to do, and if somebody wants to change it,

17:06.440 --> 17:13.400
they can fork it, all of these apps have a good uplink, change it, and make their own version,

17:14.040 --> 17:21.000
but the split bill, the current calendar, the current editor, the current things that you have,

17:21.560 --> 17:28.040
they work, and you can basically, the idea, use them forever, like, they're very small, and they

17:28.040 --> 17:34.120
don't come, and that's very different from other peer-to-peer projects, they don't carry with them

17:34.280 --> 17:41.160
and network implementation stack, they really are the zip file, and instead of HTTP, they use

17:41.160 --> 17:47.400
peer-to-peer APIs, and the peer-to-peer system is arranged by the messenger, which is the chat group,

17:47.400 --> 17:51.880
which is the reason why nobody needs a lock-in, nobody needs a account, and everything is

17:51.880 --> 17:59.240
end-to-end encrypted between the peers, you know, so it's kind of like a really re-architecting

17:59.240 --> 18:08.440
of the IO with the hope, there are no mediators anymore, this is really end-to-end, so even the

18:08.440 --> 18:15.560
developer, you give you the zip file, will not see any data ever, because the zip file is out of

18:15.560 --> 18:21.960
their hand coming into your hand, you are handing it only to the people in your chat, and this

18:21.960 --> 18:28.680
communication is completely private, and the developer has no back channel, like they can simply

18:28.680 --> 18:34.040
not get any data from your usage of this app, which also means as a developer, you don't have

18:34.040 --> 18:40.600
the responsibility, you don't have the liability, and all of that, so it makes things easier on all

18:40.600 --> 18:48.600
sides, if you consider something like I sit two or three days, I do this little web app, and then

18:48.600 --> 18:54.040
it can be used forever, and you don't need to worry, you're finished, it's done, you're not

18:54.120 --> 19:01.720
subscribing to maintaining it for four years or so, yes, I can recommend this feeling, there's

19:01.720 --> 19:07.560
some of us who actually had this, and right now it's really hard to get there, okay, I think

19:07.720 --> 19:21.080
some questions, yes, yeah, I mean, I didn't really, I didn't have one of the kinds of

19:21.160 --> 19:31.160
that's also on the phone, okay, yes, so the one feature that I think is expected, but it's

19:31.240 --> 19:40.360
really hard to make my team with this and for lies, the approach is met, sharing the location,

19:41.640 --> 19:53.480
with another, with another person, and without the so, either there's a possibility of downloading

19:53.480 --> 20:02.040
a map, an offline map, for example, from Open3Map, I would feel you say you feel

20:03.240 --> 20:08.760
trying to find a solution, for example, for live location, sharing your application, or something

20:08.760 --> 20:18.920
like that, and how does it work? Yeah, go to advanced settings, enable

20:18.920 --> 20:25.000
on the mind location streaming, and then you have the current kind of experimental

20:26.120 --> 20:32.120
50 kilobyte JavaScript implementation that uses Open3Map data and has like

20:34.360 --> 20:39.320
we have one guy in picking, actually, who took this, like there's a trick, actually, how you can

20:39.320 --> 20:47.240
make your own location streaming by saving this map's application, modifying it in your

20:47.560 --> 20:53.720
safe messages, and then the location streaming will actually use this and so on, but that's,

20:53.720 --> 20:57.720
yeah, it's like an advanced thing, we don't enable it by default, because the things that I

20:57.720 --> 21:04.040
enabled by default in that chat, I thought to be pretty well user tested and really just working,

21:04.760 --> 21:09.640
so this is actually the on-demand location streaming is there, you can look into it,

21:10.360 --> 21:15.080
also ask questions about it in the forum, I think that's the best path here, or we talk after

21:15.080 --> 21:37.880
words, but it's like a whole topic of its own, right? Yeah, I mean, yes, the question is yes,

21:37.880 --> 21:43.000
yes, the question is shouldn't there be like a lighthouse server, or some kind of central authority

21:43.080 --> 21:48.600
that can tell where everybody is, so you can reconnect to the correct IP addresses and so on,

21:50.600 --> 21:57.000
and that's basically precisely what we're trying to avoid, like there is neither a conceptual

21:57.560 --> 22:04.680
or a real central server, like even a DHT is conceptually kind of like a single entity, you depend on,

22:04.680 --> 22:08.520
if you can't read it from Iran, if you can't read it from somewhere, it's kind of not really

22:08.600 --> 22:16.840
working anymore for them, whereas with this scheme, it's really the messenger, that transmits

22:16.840 --> 22:21.640
the messages and the resiliency of establishing the peer-to-peer network depends on that,

22:21.640 --> 22:31.560
each of like how data trade is doing it is by having a viral release server running a long

22:31.560 --> 22:39.560
chat mail service, you know, so every chat mail server that you instantiate has this, so the users

22:39.560 --> 22:44.760
that use this chat mail server for rocking their messages, they will automatically know about their

22:44.760 --> 22:50.200
own release server and you're talking to your chat mail server anyway, so it's really quite federated

22:51.400 --> 22:58.280
and they are used to actually do the whole punching and the other things, right?

23:01.640 --> 23:23.560
So the question is couldn't we use an overlay network or some sort of

23:24.520 --> 23:39.560
header information in the mail to set up WebRTC and what to say, I mean we're not using the

23:39.640 --> 23:49.080
party C for very good reasons and we want to avoid any kind of central point of overview

23:51.160 --> 23:59.000
and the current system is basically a lot of people collaborating to try to figure out this kind of

23:59.000 --> 24:06.280
resiliency thing that it really just works, so the feature was partially ready like almost a

24:06.280 --> 24:11.560
year ago or like nine months ago but it took us like eight months to get it to the point that it

24:11.560 --> 24:19.640
just works all the time on all platforms, this is like a lot of detail work and within such a

24:21.240 --> 24:27.640
constrained you're really thinking very economic like what is the simplest thing we can actually do here

24:27.640 --> 24:33.160
and not go too crazy because other than like there's a lot of peer-to-peer prototyping you know

24:33.160 --> 24:40.280
but we are really trying to make this work like for real, every time you know so that's a different

24:40.280 --> 25:01.160
kind of mindset to approach this, yes, then how routing agnostic could especially this

25:01.160 --> 25:14.200
new time networking be right totally like there's no you know there's no yes I mean there's

25:14.200 --> 25:19.240
many different networks I mean senior already mentioned this forest and so on and they will also

25:19.240 --> 25:27.240
have a peer-to-peer network and you know so it's routing agnostic also the specification of

25:27.240 --> 25:36.280
WebXDC is at a level that excludes two things knowing anything about the routing anything

25:37.080 --> 25:42.120
and that's more important because it complicates any system if you have to consider it identity

25:43.720 --> 25:50.680
so the API that WebXDC offers does not talk very much about identity most systems you might

25:50.680 --> 25:56.280
remember this blockchain age they always start with a wallet and this kind of like oh you have to

25:56.360 --> 26:01.480
have this identity and it's to be very secure and so on and that's how you appear on the public network

26:02.360 --> 26:10.280
this these apps they don't do this and that also means or they do this in a very very careful way

26:12.040 --> 26:19.960
so that we avoid all of the complexity and the kind of prescription of how you need to do

26:19.960 --> 26:26.120
routing because identity and sending things and so on is strongly tied to having addresses and

26:26.120 --> 26:32.120
what to do so it's actually we try to avoid the complexity generating things also to

26:32.120 --> 26:38.760
leave it to the implementation like be it peer-to-panda or be it like matrix people are talking about it

26:38.760 --> 26:44.040
some other messengers some messengers have implemented it and it's it is routing agnostic

26:44.040 --> 26:50.840
this protocol and we want to keep it this way and at best also identity agnostic

26:50.840 --> 26:58.840
yes maybe we can take that later on I mean it's the last thing so