Invite link to automatically create groupchats, for example for reporting security bugs

Currently, Delta Chat supports creating individual invite links, which allow a user to set up an end-to-end encrypted chat with another user, and creating groupchat invite links, which allow a user to join an existing groupchat. However, there are many situations in which a user might want to securely contact a group of people without contacting everyone who’s contacted that group before. For example, you might want to report a security bug to a group of people, and use Delta Chat to ensure that the security bug details are kept encrypted and not leaked to bad actors who may have MitM capabilities and could immediately exploit the security bug you are reporting. In this case, you’d want to create a groupchat containing you and all of the members of the security team for your product, but you don’t want to include anyone that has contacted the security team in the past. Delta Chat could offer an invite link similar to the groupchat invite link except that it creates a new groupchat rather than joining the existing groupchat. This could be publicly shared on the project website under its security or bug reporting section, so that people could securely report security bugs in the project.

I’m not sure where the UI for this could be exposed. I’m thinking a new invite management screen would be useful, where the user could see all of their past invites, revoke invites, see who has joined the user’s groupchats or direct messages via the past invites, and create both regular invites and special invites such as this new-groupchat invite.

this is not necessary since it is already possible to archive it this way:

Option #1: what most teams do currently is to use email aliases, you send a message to an address like but actually it arrives internally to the address of all the support team

Option #2: just use a shared account, all the teams member use the same delta chat account to give support then they can share the invite link to chat with that account and all the members of the team will receive the messages

It’s good to know these options exist, but I’m not convinced that they are ideal solutions for the use case described by @ethanc8

Maybe many teams already do this, but how do the team members reply so that everyone in the chat can see their replies and without breaking encryption?

This also requires having a dedicated IT department/admin to set this up, so teams with less resources might not be able to implement this.

I think that password sharing (or account sharing) is considered bad security practice and is discouraged in modern professional settings, but this is still a practical workaround option for those who need it.

Maybe a bot could be useful for this use case? Email the bot and have the bot automatically create the group chat? But I am not aware of any bots which currently do this, and this solution assumes that the team at least has their own server where they can set up the bot.

encryption doesn’t work for the first message then you can reply encrypted in private but if you want all other team members to receive the message you would need to send the reply unencrypted (you receive the message as a group of two members with the teams address and the person that contacted) that is why I recommend the shared account approach as the best solution

if the team already have setup an email server, the least of the concerns is adding some alias address, it can often be done via some admin graphical interface, for example I have done this in the past with Mail-in-a-Box software, adding aliases is something you need to do anyway to forward messages from etc. to the real admin addresses, so it is something common and made easy by email server tools

but with the shared account approach the team doesn’t even have to setup their own server, they could use some chatmail instance, hence that option is the best in terms of features and infrastructure required

the password can be changed at any time and it is not a personal account so sharing password is the same as sharing access to it, this has encryption support etc. and is better than a bot

and what solution do you think will be ideal?? because in fact to me the shared account is the only ideal solution that already works today, any other solution would need support (or changes) from the email server, since you can NOT solve this(hiding several email address under an alias) with mere changes in the Delta Chat client

I agree that the shared account is the best solution that already works today, and it’s probably also the simplest solution overall, which is an advantage. But there are also disadvantages to account sharing, which is why I don’t consider it ideal. However a good solution which avoids account sharing would require more work to implement, and I don’t know if it would be worth the developer resources or not. Maybe there is no ideal solution.

In my view, a QR code or invite link which establishes end-to-end encryption with a bot account, which then automatically creates the new group chat, would have some advantages and disadvantages compared to using a shared account.

I can see that the density of information in the QR code or invite link would be a practical limitation if the group size is large, but otherwise I don’t see any inherent reason why this couldn’t be achieved just with changes to the Delta Chat client, however I’m probably overlooking something.