I am taking a look at Delta Chat. I haven’t used it extensively yet. Before I dip my toe further and try it out extensively, I would like to know a few things around the possibility of using Delta for group chats:
Are public group chats possible with Delta chat? If so, what are the group chat capabilities available:
a. can I set up a public group chat name that’s uniform for every member in the group chat?
b. can I set up a group chat profile picture?
c. do we have basic moderation tools for the such chats, like, removing a new spam message, or kicking trolls/spammers out of the group chat
How performant is the autocrypt pgp implementation for public group chats? Currently, Matrix protocol sucks much for end-to-end-encrypted public group chats, because it takes around 10-30 seconds of wait for the element client to encrypt the message to a 300-odd people in the group chat. How’s this for Delta?
I’m not aware of them being possible at this time, though I’d also be interested in them for use as a backup / alternative to Slack or MS teams if an outage takes out the primary collaboration setup. Since the work context is on email servers, we would intentionally choose to let people come and go and see history and not encrypt the messages with autocrypt in some cases, that way we could bulk backup public chat rooms via standard email files, etc.
DeltaChat is not made for for the multiple 100 people groups, but you can make mailing lists, at the moment only unencrypted mailing lists are possible to my knowledge, but schleuder recently added some auto crypt support (Key auto import from email (!426) · Merge requests · schleuder / schleuder · GitLab), so will probably be possible in the future. mailing lists also have the advantage of making anonymous groups possible by hiding the email addresses.
That being said delta chat stores all messages locally, IMAP is more used like a transport protocol, delta chat itself is offline-first, if you have huge busy groups you either:
need storage space for all the messages on your device,
or disable automatic downloading of large messages such as images
or enable disappearing messages in the chat for everyone or autodeletion from your device after X time
Though normally messages are small, like you can get tons of text messages before it becomes an issue, but depends on your available storage space.
cleaning chat: no once people received the messages you can not remove them from their device
kicking people is possible with removing members, but there are ways to get work around that and come back to the group, so you only really can get real moderation with mailing lists (those are proxies and you decide who can send or join them.)
authoritative groups with admins are really hard in decentralised settings also see New feature: Group Types
performance:
for delta chat the biggest group I’m currently in is 76 members. This group still works nicely, limits depend on header size limits and recipient / rate limits of the involved email providers.
in group chats the messages are encrypted symmetrically and then the symmetric key is encrypted for every person ans sent in an email header.
In the future this might change, I myself are not really knowledgeable in OpenPGP, but there are interesting developments and innovation happening from what I heard.
That’s a shame. I think that usecase (if supported) would increase delta chat’s adoption. It’s current vision is focused but narrow.
What does that mean? I have never used mailing lists (born too late for them). Are they something like “Channels” one subscribes to on Telegram-like chat apps?
Having e2ee “Channels” (I guess mailing lists, in your lingo?) sounds cool.
An unpleasant limitation.
I think that’s not a huge turn-off, since we have something similar “ban evasion” tactics on tg/discord/et al. The biggest turn-off for me seems like in large group chats, in their current form, any newcomer to the chat can kick any other member. That is one of the biggest roadblocks towards adopting Delta Chat for xmpp/matrix/tg alternative, imo.
mailing lists can be used kinda like telegram channels or telegram super chats/groups, basically you have a server that forwards the emails to subscribers and you can have admins for that server that can kick/ban/approve people. Basically it is a centralised authority which makes having admins way easier than with a decentralised/federated system like delta chat.
you can not really get rid of that limitation unless you add a server.
I agree it would be nice to have sth like that, but unless you use some mailing list such a group could only have one admin, given that each group member would check if the action was permitted by the admins, adding and removing admins could be unstable if emails get lost or delayed between providers, like you would have inconsistent state between different group members. maybe there are algorithms to solve it, but I think the mailing list route is much easier.
A suggestion I saw commonly brought up was to have an “owner” of a group chat, with the owner device being authoritative on any moderation team changes, similar to how discord server’s can have an owner. If the owner is ever meant to change or becoming unavailable, a new group needs to be made. (I would argue this isn’t the biggest deal, you can just invite everyone over and it’s not like Delta Chat groups have some sort of unique domain name that is lost if you move over.) While having it tied up to one email is still limiting, it would be way more practical than no moderation at all for many use cases.
Hi, since some weeks, I’ve been using DC more and more. I have recommended it to some friends. Recently I just noticed that in different groups I could simply kick out everyone. That’s a bit of a problem for me to not recommend DC any longer and wait for this to be fixed. Because the fact that this feature is there, it will get used sooner or later.
But really I’ve been impressed by the work done and all the progress by DC and AC so far, I love the community and I hope to run a chatmail server.
Tonight almost all members where deleted from ‘DC Community’ group by some (not very nice) person.
For now, the order is more or less restored (thanks to @ell1e ).
There was discussion in the chat on temporary and permanent solutions for group chat administration.
I’m still new to DC chat inner workings, so I’ll be glad to get any feedback on this concept. This is just an idea for brainstorming process.
Note 1: I’m still not completely understand how DC groups are working under the hood
Note 2: This requires changes to core.
Note 3: This is not replacement of current DC group chat, which is good enough for small groups.
[a]: Group admin(s) are holder(s) of secret ‘group’ key.
[b]: Group membership list contains users’ public keys, and is signed by private group key. This list is sent to the group users on every change.
[c]: When DC core gets a message which was sent to the group, it checks sender’s public key against current version of the group membership list, and if key is not there, silently drops the message.
Hm, the idea is not bad it is quite simple indeed.
To avoid replay attacks (people re-using an old signed version of the member list to re-add themselves to the list), you also need to check the date of the signature - if a newer signed member list has seen for that group, you drop the message silently as well.
My goal was to make the post as short as possible.
There are many questions not answered, e.g. ‘group’ key rotation ( = change the list of admins).
Actually, this problem with group chats management is maybe biggest DC mass adoption blocker, as I see it.
Look at YouTube, for example. On most ‘professional’ YT channels there are links to Telegram channels, which usually have linked group chats. People want to follow more content, and to discuss it, so they join. And it’s like (free) advertisement for Telegram.
But no one in his right mind will create such channels and chats in DC.
Because you can’t create link to DC broadcast channel yet (not for long, I hope).
And you can’t really manage the group chat.
It’s already possible to clone groups. So, if an admin needs to change, the group could simply be cloned, and the cloner would then become the new admin.
If a group needs to have multiple admins, a bot could be used. The admins would be in an admin group together with the bot, which in turn would also be in the group being administered. The admin bot would be the owner of the group.
Quotes from discussion in ‘DC Community’ (yesterday):
Cloned groups:
The “clone” feature is very good to kick people in this special case. Just clone a group without the unwanted ones and there you are. They don’t even know it exists.
Clever ‘uwanted one’ will have multiple acounts in the group they want to troll.
The question is how they get into this group. Additionally you can see who introduced whom.
But this situation is even more seldom, I guess.
Bot-based groups:
You could have groups only connected by a bot. Relayed msg starting with “Name:” of the sender
Sure. First, implement a solution for convenient E2EE messaging, than implement group bot which will see all the cleartext content…
this is not really a solution, influencer/community-manager wants to share invite link to group ex. in social media or youtube video like the example described above, to invite people to their group/community, if they would need to clone the group every time a troll mess the group, they will need to update group link everywhere and every member gets a new duplicated group losing the group history and settings like group mute status or sound preferences in the previous group
the group works with a symmetric key that is a subkey or in a way cryptographically verifiable/tied to the public key of the “owner” (with channels we are introducing this type of chat, it is also useful for super-groups with lots of members because currently the more members the bigger the message because key needs to be encrypted to every member)
new members then can immediately know if the person that is trying to adding them to such group is the one with the public key corresponding to the “owner” and ignore it if it doesn’t match
only “owner” can add new members, other members can only send messages and leave the chat
a bot can be used if more than one admin is needed
as a nice side effect, it is easier to share chat history with new members because the messages aren’t encrypted to the current member-list only but with a symmetric key so new members can also decrypt them
as a way to test things out, initially the option to create such “owned groups” could be added to the chatmail core and used by bots to create such groups so we can test it and enjoy the features already without complicating UI
If cloned groups could also clone mute settings, history, etc., and the group link redirected, that would not help. The troll could still just rejoin.
It is necessary for one or more trusted admins to be able to prevent posting by distrusted users. But if the trolls are really pigheaded, they can flood the admins with malicious join requests and prevent honest new members from joining.
Maybe the posts of new members could be visible only to the poster and the admins. The admins could preapprove the initial messages. That would discourage new members, but impose unfun costs on trolls.
But this would be a burden on the admins. Maybe let any group member nominate members to kick out, and the admins just implement the group consensus? Keeping a human in the loop hinders gaming the algo, but the human work should be as distributed as possible.
Letting any active group member kick out any newer group member, with older members able to override the kick-out, for example, would be more susceptible to algo-gaming.
If we wanted to be really ruthless, we could silently exile the worst trolls to an LLM-only echo chamber, a botbox where a bot pretending to be the members would be really outraged by the troll and keep them occupied for as long as possible.
Mailing lists are a federating protocol still in widespread use, mostly in the tech community (they are also more common in Germany). They just have zero PR budget.
Mailing lists were initially just an enormous BCC list that let you send a e-mail to lots of people, but then an automated tool was added to make that easier.
A public mailing list is one which anyone can read, but posts have to be approved (they may only be permitted from list subscribers, or fron whitelisted posters, or they may need manual pre-approval, etc.). The e-mail addresses of posters (but not subscribers) are typically exposed, which sometimes causes spam (surprisingly little, actually); Deltachat’s disposible addresses could mitigate this.
The exposure of poster e-mail addresses means that members can PM posters, or respond publicly on the list. Lurkers can only be contacted by the admin.
there is no need to overthink it and come with complex community and voting approaches, the described use-case is simple, person wants to own a group and only be the one that can change stuff and invite people to the group that are guests/fans, troll can’t never troll because they can’t edit the group state at all
the problem about someone sending spam in the group is another topic, it is almost impossible in Delta Chat to ban people from a group because they can always join again and send more spam, another tooling could be added around the “owner” approach like owner saying “no messages with links should be allowed”, “no media allowed”, “no more than 1 message per minute allowed”, “ignore messages containing THIS word”, etc. so this way they can limit spammers
and ofc one simple measure that can be added even before the more advanced features mentioned above is that “owner” can delete messages for everyone, so even if troll/spammer sends stuff the owner can delete everything from that person and with low effort undo for everyone the damage of the spammer that then gets less motivated, this mixed with the bot approach gets you already a bot that can auto-delete messages containing links, media or banned words, it can even auto-kick/ban members based on post etc
so to summarize:
adding group creator/“owner” feature + “owner” can delete messages from everyone + bot, would get Delta Chat already pretty usable for public groups
Pretty much the same happened in a group were I was hanging out.
We can’t just limit DeltaChat groups to private ones; public groups need to exist as well and provide moderation.
it is quite simple indeed.