DC automatically inserts the subject line “Re: Message From…” with the contact’s profile name into messages and message threads. I think this should only include the contact’s address, not profile name.
There are cases where a user might write their full name when they first create their profile but then reevaluate their threat model or experience a change in their threat model (for example friends plan to attend a protest) and decide to change their profile name so it doesn’t identify them so easily, but unfortunately all past and future messages in the chat continue to use the original profile name in the subject line, betraying the real identity. This is especially dangerous because it is not obvious to users that the original profile name persists in the chat (hidden out of sight), so users might act with less caution.
Most people who use DC to chat never see the subject line anyway, so changing it to remove the profile name will have a positive impact on privacy/opsec without any negative impact on usability.
A related issue is profile names appearing on notices about disappearing message timer changes (which unfortunately stay permanently in the chat by default). My suggestion would be either to use a more generic notice such as “a member of this chat set the disappeariing message timer” or get the app to dynamically insert the current profile name for these notices instead of recording and displaying the profile name which was used when the timer was set.
Expected behavior
After you update your profile name, existing chats will not continue to contain references to your old profile name (in message subject lines or in notices about disappearing message timers)
Actual behavior
After you update your profile name, existing chats still contain references to your old profile name (in past and future message subject lines as well as past notices about disappearing message timers)
I agree that this is something we can improve. But, in order to completely remove old display names, a lot of things have to be done:
Info messages like “Bob added Alice to the group.” contain the current display name, and are available both on the server and on the device.
As you said, they appear in notices about disappearing message timer changes.
If the user actually wants to make sure that the old name doesn’t remain, then they need to scan for the message contents - maybe someone wrote a message that contains their clear name (e.g. “Hi Alice, can you…”)
Since we have limited development resources, I think there are other ways to improve the security of Delta Chat more effectively. Until then, in order to completely forget about old information, you can use the “Delete Messages from Device” and “Delete Messages from Server” settings.
Subject line that stays practically forever attached to the 1:1 chat is a real bug. I also don’t like that it is localized.
But I don’t know what should we put into Subject. One way would be to put the first line of the message there, basically the same text as we put into summary of the chatlist item. And instead of keeping it with Re: attached, renew it every time. For group chats I’d just put the group title there. And for ad-hoc groups (email threads) we can do the Re: thing or whatever to make it look like normal emails.
We had this in the past (prefixed with Chat: ), and people didn’t like it.
Two possible ideas to only fix this particular issue, without changing everything else:
In chats with a green checkmark, always set the subject to “Message sent via Delta Chat” (unlocalized). Green-checkmark-chats are never with classical email users, so the subject doesn’t matter as much.
Or: In encrypted chats (which mostly are with DC users, but sometimes with classical-MUA-users), use “Message sent via Delta Chat” as the initial subject line, instead of “Message from Bob”. Then, reset the subject line if SubjectTimestamp is older than a few weeks, so that the old subject doesn’t stay forever.
When you say info messages are “available both on the server and on the device”, is this different to normal messages? If there is different behavior I would like to understand this better.
My suggestion to fix the info messages is to store only the email address in the info message itself and have the DC app dynamically replace the email address with the profile name client side, but if this is a complicated change then I can understand you want to use development resources for other priorities.
Apparently even deleting all your messages is not enough to forget the orginal subject line, to do that you also need to delete the entire chat.
I noticed the poll only asks what the subject for the first message should be and doesn’t mention that this will become the permanent, unchangeable subject line, but maybe this is implied if all the voters are familiar with how DC works.
If this is low hanging fruit I would welcome this as a big practical improvement to the current behavior.If this is low hanging fruit I would welcome this as a big practical improvement to the current behavior. “Message sent via Delta Chat” or even just “(No Subject)” for encrypted chats would be great!