Potential new user questions

Hi everyone, I’ve been heavily researching secure chat apps during the past year or so. I almost immediately discarded Delta Chat when I ran across it because I understood the basic model but immediately thought about a lot of potential issues that could come into play. But today Pocketnow-dot-com had an interesting article about Delta Chat that made me start seriously considering it again. But I still have some questions and thoughts:

First of all, I should start by saying that I live and breathe email. I have been a multiple-account Gmail user since it was still an invitation-only beta service. I’m also a heavy desktop computer user, and only use mobile devices when I don’t have access to my desktop. I constantly have Thunderbird running in my system tray, and I use my email accounts to store all sorts of important data that I need to refer back to at some point in time. I’ve always viewed chats and instant messaging as a sort of secondary separate data store. So my first concern about Delta Chat is clutter if I were to use it with one of my primary email accounts. The messages that Delta Chat sends are completely normal messages that would appear in my normal Inbox, correct? And wouldn’t my Thunderbird new message indicator be constantly notifying me about incoming chats?

Also, in your experience with Delta Chat, have any of you run into issues at some point with SMTP outgoing message limits? And specifically with Gmail, I’m concerned that I might have the same authentication issues that eventually made me stop using Pidgin with Google’s XMPP service, as it was constantly making Google’s security monitor freak out and required manual CAPTCHA verification of my Google account and sometimes even interfered with Thunderbird’s IMAP access until an arbitrary timeout period had passed. I’ve never had these issues when using just Thunderbird to access Gmail over IMAP, so maybe it was just a Pidgin/XMPP specific thing, but I wanted to ask about your experiences in this respect.

Would you recommend any particular free email provider for long-term usage with Delta Chat?

How does the Autocrypt encryption standard compare to Signal’s encryption protocol, which is generally considered to be the gold standard?

How does anonymity compare between Signal and Delta Chat in terms of governments being able to discover relationships between users that are messaging each other? I read the FAQ but I didn’t quite understand it:

Each mail server currently knows about who sent and who received a message by inspecting the unencrypted To/Cc headers and thus determine which e-mail addresses are part of a group. Delta Chat itself could avoid unencrypted To/Cc headers quite and always put them only into the encrypted section.

Why the word “could”? And does anything change in the above paragraph in the case of 1:1 non-group chats?

I’m currently a happy Element + Matrix user for communicating with a very small circle of friends that are willing to make the investment of time in learning about its technical intricacies. And I think Matrix is a fantastic solution in terms of data security as well as sustainability, since it’s a federated system with open source server and clients. But the whole concept of Matrix is impossibly confusing for most users that are not technically inclined. I personally don’t use Signal (and much less WhatsApp or Telegram) because I don’t agree with the “walled garden” single-point-of-failure data silo approach, and especially not when the account depends on an ephemeral phone number. So I definitely see a place for Delta Chat as a complement for Matrix. Does anybody here have any experiences with Delta Chat and non-technical users who might be willing to download a new chat app but aren’t willing or able to go through much additional effort to make it work?

Finally, I see voice/video calls as critically important functionality. I gather that it current just sends a link to whatever service is defined by the user? Is Jitsi Meet set by default, or is there any default defined for this? And then the link opens externally just like any other link? Would there be any way to integrate WebRTC functionality into Delta Chat itself? Again, thinking about non-technical users, who unfortunately are usually on a mobile device these days, they wouldn’t be able to just open a Jitsi link without first downloading the mobile app and giving it camera/mic permissions and all that. It would be one less barrier if WebRTC functionality was wrapped into Delta Chat itself, even if it’s still technically an external service like Jitsi, similar to how Element works. This would even allow for desktop sharing, which is an occasional but extremely important feature that I use with my contacts in Element/Matrix to give them technical support.

Sorry for the long first post. Thanks for this sensible and well thought-out alternative messaging solution!

By default all messages are moves all chat messages to DeltaChat folder, so it will not clutter your Inbox. It does not happen immediately because Delta Chat has to detect incoming message first and your Thunderbird has a chance to notify you about incoming message before Delta Chat moves the message. I haven’t tried it, but looks like Thunderbird allows to setup a filter matching all messages with a header Chat-Version: 1.0 (that is a header Delta Chat sets on all messages) and action “Ignore thread”, you may try to do it to avoid notifications.

Problems sometimes happen with large groups, when you send each message to 20+ people. I have several chats with ~15 members and some Gmail users, they don’t seem to have much problems with Delta Chat.

Haven’t ever heard about something like this happening with Delta Chat. Delta Chat uses the same OAuth 2.0 procedure as Thunderbird for Gmail authentication, is detected as Delta Chat app etc.

There is a list at https://providers.delta.chat/ but it is not a recommendation list. Delta Chat does not have any official list of recommended email providers or comparison of them. Riseup seems to work good but requires an invitation. Disroot support is aware of Delta Chat and can raise some limits if needed but may block messages by default. There are some users with Posteo, Mailo accounts. The best provider is usually something hosted by you, your friends, maybe your workplace, where you can ask the provider directly to remove the limits if they get in the way. Try your local community-run providers first.

The most common problem so far is messages getting into the Spam folder. This usually happens with large email servers run by Google/Yandex/Microsoft etc. Nightly versions of Delta Chat for Android already do and upcoming releases for all platforms will periodically fetch the messages from the Spam folder. There are also plans to watch this folder just like your Inbox if it got Delta Chat messages recently, so eventually this problem will be solved.

The most controversial difference is the lack of forward secrecy. This allows easier multi-device setup and simpler key management at the cost of some post-compromise security. It is a tradeoff, and I don’t yet understand what happens if Signal servers or XMPP PubSub servers storing OMEMO keys start to forge new devices that are only shown to other users but not you, and what happens from the point of practical security in this case, it may be worse or better than Autocrypt/OpenPGP model depending on how user acts in the situation of attack. One way to introduce forward secrety without complex key management is the model of “secret chats” (Telegram) or Off-The-Record chats. For further discussion see Off-the-Record chats and all the links there.

From the encryption point of view, messages are encrypted with Ed25519 + AES by default, which is more or less the same algorithms as used by any reasonably secure messenger, there is hardly any practical difference.

How does anonymity compare between Signal and Delta Chat in terms of governments being able to discover relationships between users that are messaging each other?

Currently all the To and From headers are only transport-encrypted. Your provider can monitor who you send the messages to and from which addresses you receive them. Signal server technically can do the same, even with the sealed sender feature, but it likely doesn’t do it, compared to Gmail which almost certainly does. Smaller and self-hosted providers likely don’t store this metadata and you can setup Delta Chat to quickly delete old messages from the server.

Why the word “could”? And does anything change in the above paragraph in the case of 1:1 non-group chats?

The idea is to hide the To addresses in the encrypted part, and actually put all receipients in Bcc, so To contains undisclosed-recipients:; group. This way if you send a message from your example.org to example.net and example.com users, example.com server will not be aware of example.net existence at all. “Could” because it is not currently implemented, it will likely be implemented after the next release as part of “protected groups” effort: protect chats 🛡️ · GitHub With 1:1 chats it’s hard to do anything about metadata without complicated Privacy Enhancing Technologies such as PIR (Private Information Retrieval) or Mix networks such as Katzenpost. I am not aware of non-research messengers capable of this level of metadata protection.

Delta Chat team has contacts of many groups successfully onboarding non-technical users, it’s definitely possible.

Yes, currently the implementation just sends the link. There is also experimental more integrated support for basicWebRTC server in desktop, currently it’s disabled in 1.15 series, but there is a working prototype of accepting the calls from within desktop app. As for truly integrated 1:1 WebRTC calls, it should be technically possible. I did some experiments at ~link2xt/webrtc-clipboard-call - WebRTC call-via-clipboard application using React and TypeScript - sourcehut git, establishing a WebRTC call requires exchanging only two emails, but you need a separate external TURN server to bypass NATs, which email providers do not provide. Overall, current WebRTC implementation is not yet as good as it can be. The best thing we can do short-term is providing an integrated Docker setup (here is a setup I use for local testing on Raspberry Pi: GitHub - deltachat/docker-mailadm: Local testing environment for Delta Chat based on mailadm (https://github.com/deltachat/mailadm)) for self-hosted small email providers, with a TURN server and basicWebRTC installed and preconfigured for new accounts. NAT bypass is the main problem of decentralized setups and one of the reasons Matrix integrates Jitsi Meet with a whole web server behind it as a widget.

Thank you for the extremely comprehensive response!

Regarding the WebRTC functionality, yes, I understand that’s a pretty complicated stack of functionality. To me it seems like the Element solution of simply wrapping Jitsi Meet would be the best short-term minimal-effort solution. It makes sense to borrow voice/video from a different project that focuses specifically on that. Or possibly Jami could be used, but I’m not as familiar with it. In Element the Jitsi functionality is so well integrated that it feels like a native part of the app.

I have not tried it yet and not sure I will soon, but I heard that Conversations has a decent WebRTC/Jingle support now. On Android, our UI code is GPLv3+ and core is MPLv2, so we can import their GPLv3-only code if it is useful and still distribute the .apk under GPLv3. Desktop is based on Electron so it should be relatively easy to write something from scratch. The main problem is that we have different priorities now: mailing lists and newsletters support with HTML view for the next release, protected chats for release after that, and then there are many other feature requests like SOCKS/Tor support, Stickers etc. If we decide that calls are actually the highest priority, it needs to be a coordinated effort of the core, Desktop, Android and iOS developers for a release cycle and can easily last 2-3 months.

If you are interested in non-walled garden federated service for calls, it probably makes sense to try Conversations or Snikket. If you self-host and want free software, actually simple working solution is Mumble.

Delta Chat also has voice messages on mobile, that’s 80% of voice calls functionality for 20% effort