The appeal of webxdc apps is that they are guaranteed not to leak data. Now P2P realtime chat has been introduced, and this is a convenient and desirable feature for many people who want certain types of realtime apps, however it can also leak IP address, assuming it behaves the same as other common P2P realtime chat implementations. This can pose a risk for vulnerable people who require high standards of anonymity. Therefore I ask is there any way for a user to disable the ability for webxdc apps to use realtime chat in the settings, or is there any way for a user to check if an app uses the realtime chat feature before they launch it?
3 Likes
Currently it’s off by default, as an “experimental” setting.
I agree that it should be taken seriously.
2 Likes
We want at least some kind of “permission” UI similar to the request to be able to access location, microphone and camera in browsers before this feature is enabled by default. This is currently experimental and disabled by default because we want developers to be able to play with the new API, but as a user who does not want any IP leaks you can just keep it disabled.
2 Likes
Thanks for your answers @WofWca and @link2xt. Good to know its currently off by default and the permisions UI sounds like a good approach. Keep up the great work!
2 Likes
The default of the “Realtime Apps” setting may change from disabled to enabled in the upcoming version of Delta Chat (because it’s not an experimental feature anymore now), so you may have to disable it again after updating (alternatively, switch the setting on and then off again now, then it should stay off forever)
1 Like
There is also a WIP PR for Android to add “permissions”-like dialog: add "realtime is disabled" dialog by adbenitez · Pull Request #3405 · deltachat/deltachat-android · GitHub
But it is not going into the next release as it is not merged and has the problem of nagging the user into enabling realtime by popping up every time, it should have “don’t show this again” checkmark or something like that.
1 Like