Hello 
,
emails between DC users are encrypted. However, the name of the DC profile is currently sent in plain text. I’m wondering if it would make sense to move it to the encrypted part of the mail? This would at least prevent a potential attacker from drawing any conclusions about the real people based on carelessly chosen names. 
2 Likes
Totally agree, to me it seems like an oversight that the profile name is left unencrypted. I’m actually surprised this issue wasn’t raised when ETH audited SecureJoin.
And for clarity (question for the developers): if you set the display name for a contact, does that stay local to your own device? Or will it be sent to your email server (e.g. to sync with a second device) and if so is that sent encrypted or unencrypted?
In this case, DC sends an encrypted email to itself to synchronize multiple devices. The names are not synchronized by a server, but by the app itself. The server only sees encrypted emails.
P.S. I am not a developer.
Thanks for the answer. And do you know about profile pictures, if they are sent encrypted or not?
The avatar is sent as a Base64 code in the email header.
Unfortunately, I don’t know whether the avatar will be encrypted beforehand.
the avatar is in the “inner mime header”, that gets encrypted eg. in “guaranteed end-to-end encrypted chats”, similar to text and attachments
2 Likes