DC automatically inserts the subject line “Re: Message From…” with the contact’s profile name into messages and message threads. I think this should only include the contact’s address, not profile name.
There are cases where a user might write their full name when they first create their profile but then reevaluate their threat model or experience a change in their threat model (for example friends plan to attend a protest) and decide to change their profile name so it doesn’t identify them so easily, but unfortunately all past and future messages in the chat continue to use the original profile name in the subject line, betraying the real identity. This is especially dangerous because it is not obvious to users that the original profile name persists in the chat (hidden out of sight), so users might act with less caution.
Most people who use DC to chat never see the subject line anyway, so changing it to remove the profile name will have a positive impact on privacy/opsec without any negative impact on usability.
A related issue is profile names appearing on notices about disappearing message timer changes (which unfortunately stay permanently in the chat by default). My suggestion would be either to use a more generic notice such as “a member of this chat set the disappeariing message timer” or get the app to dynamically insert the current profile name for these notices instead of recording and displaying the profile name which was used when the timer was set.
Expected behavior
After you update your profile name, existing chats will not continue to contain references to your old profile name (in message subject lines or in notices about disappearing message timers)
Actual behavior
After you update your profile name, existing chats still contain references to your old profile name (in past and future message subject lines as well as past notices about disappearing message timers)
I agree that this is something we can improve. But, in order to completely remove old display names, a lot of things have to be done:
Info messages like “Bob added Alice to the group.” contain the current display name, and are available both on the server and on the device.
As you said, they appear in notices about disappearing message timer changes.
If the user actually wants to make sure that the old name doesn’t remain, then they need to scan for the message contents - maybe someone wrote a message that contains their clear name (e.g. “Hi Alice, can you…”)
Since we have limited development resources, I think there are other ways to improve the security of Delta Chat more effectively. Until then, in order to completely forget about old information, you can use the “Delete Messages from Device” and “Delete Messages from Server” settings.
Subject line that stays practically forever attached to the 1:1 chat is a real bug. I also don’t like that it is localized.
But I don’t know what should we put into Subject. One way would be to put the first line of the message there, basically the same text as we put into summary of the chatlist item. And instead of keeping it with Re: attached, renew it every time. For group chats I’d just put the group title there. And for ad-hoc groups (email threads) we can do the Re: thing or whatever to make it look like normal emails.
We had this in the past (prefixed with Chat: ), and people didn’t like it.
Two possible ideas to only fix this particular issue, without changing everything else:
In chats with a green checkmark, always set the subject to “Message sent via Delta Chat” (unlocalized). Green-checkmark-chats are never with classical email users, so the subject doesn’t matter as much.
Or: In encrypted chats (which mostly are with DC users, but sometimes with classical-MUA-users), use “Message sent via Delta Chat” as the initial subject line, instead of “Message from Bob”. Then, reset the subject line if SubjectTimestamp is older than a few weeks, so that the old subject doesn’t stay forever.
When you say info messages are “available both on the server and on the device”, is this different to normal messages? If there is different behavior I would like to understand this better.
My suggestion to fix the info messages is to store only the email address in the info message itself and have the DC app dynamically replace the email address with the profile name client side, but if this is a complicated change then I can understand you want to use development resources for other priorities.
Apparently even deleting all your messages is not enough to forget the orginal subject line, to do that you also need to delete the entire chat.
I noticed the poll only asks what the subject for the first message should be and doesn’t mention that this will become the permanent, unchangeable subject line, but maybe this is implied if all the voters are familiar with how DC works.
If this is low hanging fruit I would welcome this as a big practical improvement to the current behavior. “Message sent via Delta Chat” or even just “(No Subject)” for encrypted chats would be great!
What is the current status of this? DC doesn’t show the subject line any more for messages in the chat. Is it still sending the same subject line as before including the profile name or has this now been changed? What subject line does it now send?
It seems DC has been updated to not show the subject line any more, but its not clear what it actually sends now for the subject line, if its the same as before or not?
I would like to believe that the subject line for encrypted chats does not use the profile name any more with subject lines like “Re: Mesage From Alice”, but I don’t know how to verify this or see what the encrypted subject line is now. Does someone who knows more about this can say what DC uses now for the encrypted subject line?
Messages sent with Deltatouch are still showing that encrypted subject line (I’m looking at them in Neomutt). If you want to know if they change with changes in profile name, I’ll check. I think the long-term plan is to make them user-configurable in the interface:
The profile name used in the subject line is currently immutable: the first name given to the profile will be used in encrypted message subjects forever.
now that we are going to have proper email chats, it could be empty subject or “(no subject)” and let the user set it in a field in the message composer, for chat messages it is always [...]
I thought link2xt meant the “Message from” encrypted subject, not the “…” plaintext one. Confused…
I am also a bit confused about the 2.x release terminology, I think “e-mail” means “unencrypted”, or maybe “not using a Chatmail server and thus not necessarily encrypted”. If the latter, obviously I’d still like standard “…” plaintext subjects for encrypted mail.
I hope Chatmail accounts will not lack the choose-(encrypted)-subject functionality, because I have used a Chatmail account for sending encrypted e-mail to someone using a non-DC client.
sending encrypted subject is niche (and not necessary IMHO) you can always put it in the body of the message, also supporting replacing subject with decrypted subject I expect it to have less support in email clients
and for the case of Delta Chat to Delta Chat you don’t need the “Message from …” at all, the subject is mainly useful for unencrypted email, and being able to set it would be better than current situation of not being able to set it at all, so better go in small steps instead of wishing too much upfront?
Thanks for checking! That’s a bit disappointing. When DC made the subject line unviewable I hoped this reflected a change to a generic non-identifying subject line but I guess this isn’t so. The problem is still there, but now its less obvious to know the problem exists.
Yes I think this thread is about the encrypted “Message from” subject line not the substituted plaintext “…” Easy to get confused!
I agree with the points you made about having empty subject or “(no subject”) and letting the user set it in the composer for email chats, but there is some confusion here between the encrypted subject line and the substituted plaintext subject line. For chat messages the substituted plaintext subject line is “[…]” like you say but @link2xt was talking about the encrypted subject line which is different.
DC and other apps following the email encryption standards automatically puts the encrypted subject in the body of the message.
I agree, you don’t need this at all when you are chatting with other people on DC, it makes no sense and adds no value, but as @Minim confirmed above, this is still the encrypted subject line used even for chats where everyone is using chatmail, and because it is immutable, it can be a privacy concern.
Please, can someone clarify the current situation?
Are DeltaChat clients still leaking (by not encrypting) not even metadata, but actual data?
User ‘nice’ names?
Group discussion titles?
If you are using end-to-end-encryption, everything except the “to” and “from” addresses is E2EE encrypted.
There is transport encryption between server and client, and between server and server. This hides the addresses from everyone except the servers and clients which are communicating. They have to know the addressses so they can deliver the mail.
It is possible to use Deltachat to send and receive unencrypted mails (but not if you are using a Chatmail server).
If a mail is encrypted, it has a legacy unencrypted subject (always “…”, not just in Deltachat) and an encrypted subject (which is actually in the encrypted message body). Deltachat always uses the same encrypted subject, “Message from [initial profile name]”
Most mailclients do not display the subjects of encrypted mails well. You see a screenfull of mails with subject “…”. Stupid UI.
Deltachat clients currently do not display subjects at all.
@adbenitez is talking about making it possible to set the unencrypted subject in unencrypted e-mail. If you are using encryption, this makes no difference.
I am not sure if Adbenitez is saying that typing “Subject: [whatever]” on the first line of your message will repress the automated encrypted subject, or if the e-mail arrives with two encrypted subjects. I could check.
