Deltachat's experimental silent background messaging may not only be a security but also a privacy risk


Since the introduction of the current experimental QR code scanning feature, deltachat is communicating silently in the background without the user being able to notice.

There are good security reasons to avoid such background behaviour, but it may also be a privacy issue.

See for example


hum, i wouldn’t say it’s silent – it asks for consent with something like “do you want to setup contact and start chatting with X” before sending any messages.


What you mean is probably when a contact is first set up with scanning, because I don’t remember seeing messages like that when a known contacts (re)scaned a qr and system messages are exchanged, but can’t test right now.

In any case, it’s probably better to be a little wary with code to receive and reply on specially formatted system messages which are not processed like regular messages.