There are others who have made a similar point. In fact there is a discussion about this here:
Delta Chat developers often take design cues from other popular messaging apps like Signal and implement features from other apps at their discretion, so it’s reasonable to point to what other apps are doing while discussing the pros and cons of that approach.
It’s clear that there are situations where an “easily remembered username” could be very useful, and since we know there are some security drawbacks to that approach, perhaps that discussion can take place in the wider context of trust design.
This is good to know. I think there is an opportunity here to improve and update the onboarding sections of the FAQ so people in Sandra’s situation are aware of all their options. I just took a look at the help section here and it doesn’t mention at all that you can use other clients to open the invite links. And there is another section of the FAQ which still says “If you create a chat profile with a classic e-mail address you may manually create a contact if you know their e-mail address”, but that’s no longer true if your contact uses chatmail.
There will always be ignorant people. We shouldn’t let their opinions affect us.
This makes sense due to the ease of instant onboarding and the added convenience like support for Apple/FCM push notifications.
Thanks for replying. I understand that Delta Chat’s current approach using SecureJoin with guaranteed E2EE prevetns MITM.
I understand that the old approach with Autocrypt has a MITM problem, but I assumed that was due to TOFU not TOEU like Sandra said and I am trying to understand why in that case it would be trust on every use instead of trust on first use. I’m just trying to understand this to have better knowledge about Autocrypt, even if Delta Chat doesn’t use it any more.