looks like encryption is causing more problems than solutions.

at least when i search this forum for “unencrypt”, and go thru the 21 results (and opened a few of them). and for myself, for all the reasons already listed there (and specially here) and for my own love to backup my own chat history (on this case, using emails).

not all email clients can decrypt my own messages! on device loss, that’s all messages gone.

automated backup when there’s already an email “backup” makes zero sense.

how much do we really need to worry for middle man attacks?

or privacy concerns?

i personally think this privacy thing in the world today is exaggerated (along with other fears) and i only care for encryption (with delta chat) in 2 situations, both of which might have better ways to be handled:

• preventing evil bots and scripts looking to spam/scam me

that’s what all email providers are already worried for. do we really need yet another effort in this direction? for sure they’re already using encryption and whatever other means there. i don’t care, it seem to work.

• ensuring our messages are delivered and intact

again, email providers job. plus, video calls. if something is really that important, i won’t rely on text messages anyway. for big groups, some sort of network reliance would work much better… still, i view to focus on improving the calls instead!

what about marketing?

i get it. we can’t sell the idea of a chat application with privacy concerns without encryption by default, given the craziness that’s all around…

by all means, move on with the efforts there. make it default. whatever.

but, please, also offer us some way to turn it completely off and work so much better without it!

i mean, if i choose to turn off encryption on my side, i want all my emails unencrypted. that’s all.

it’s not so simple, i know! i honestly don’t know how to do this technically, if most people will have their default “all encrypted”, but at very least i could get an email to myself with an unencrypted copy of each email.

“privacy first, but optional”. or something. i’m no expert in marketing, encryption, privacy or anything really… but…

do i make any sense?

AFAIK, you can export your secret key from Delta Chat, and import it in another mail client. (I have not done it so far, but I think it should be possible.) The mails should be readable afterwards.

Oh, certainly it does, because …

So, if you want to use Delta Chat on another device, you could make a backup and import it into the other Delta Chat client. Who says that all your mails will stay forever on the mail server of your provider?

Demanding an app feature (encryption) to be non-default would imply that the app should be used with a different approach, and to make this one standard.

Delta Chat uses Autocrypt, it is designed to check automatically for each recipient whether a message can be encrypted or not. So, if you do not want encryption, just disable it from the beginning. You can do this in the settings box:

thanks for the considerate reply!

i’m not sure i follow your backup idea… the word “backup” is widely used with different mindsets. in my case, a backup only exists if it’s done, and it’s only done if it’s automated. even a real (automated) backup will lose data if it’s scheduled based rather than triggered by data change. it’s, however, conceptually impossible to backup a lost device. i mean something like a fire or complete breaking, lost and unrecoverable.

also, i even tried to imply my emails won’t stay forever on the same mail server… so i’m not sure what you meant in that while paragraph at all!

on a spin-off thought, i think that backup shouldn’t be needed. all the data needed by delta could fit within each email, atomically. so the ideal automated backup would be done seamlessly and flawlessly!

moving on…

true, and if the other email client can speak that same encryption language (like k9 seem to) exporting doesn’t seem to be even needed. i never imported keys there and it can read the encrypted messages… so, perhaps, my main concern here is not really well funded… but the other concerns still appear to be pretty valid.

plus, i still don’t see a good reason to encrypt, at all! this on itself is reason enough for me: to not add unnecessary layers of complexity into anything.

here i was going to just quote @adbenitez from my link:

and i thought it meant autocrypt would always prefer encryption, probably not just in this situation…

but now i just realized this should only happen if i turn it back on!

lol…

i’m so stupid!!

if this will work for zero encryption on my end, that’s all i needed. thanks again for insisting!

i’ll report again after i test it more.

What you describe is just mirroring data in realtime. However, backups are still very important, as they provide an image of data saved at a respective moment of time. So, if you were a developer who writes software, what would you do when you find out that your source code you regularly overwrite is causing an error? You probably would grab an earlier version that still works. And these versions should be backuped from your computer regularly, too.

You should backup your device and save the data to another (external) memory. And I am not recommending a cloud solution, …

… which - basically - is a mail server, too. The fact that someone cannot read your (encrypted) mails does not make them invincible. They still can be deleted, either by accident or by force.

Just because the mail clients “speak the same language” does not mean that anyone can read anything from each other.

We are talking about Delta Chat. How is the app supposed to know of your secret (private) key (which probably exists in your K-9 setup)? The private key is never uploaded to any keyserver (unless you did, which is comparable to giving the home key to a burglar directly). Only the public key is known to PGP users. Mail clients supporting Autocrypt put the public key into the mail body, so any other Autocrypt client can read and store the key locally, to send an encrypted reply (if end-to-end encryption is enabled).

Right, Autocrypt prefers encryption wherever it is supported. Should you communicate with users whose mail clients are not prepared to encrypt messages, Autocrypt finds out. (In this case, the term “prefer” is meant to try and find out if it might be possible. If it is not, then so be it.)

not really. i never mentioned anything about versioning… and conversations don’t need so much redundancy because they’re not constantly being edited. just a few copies can help in case of data loss, including corruption, as long as they’re not being constantly touched.

but i feel this conversation now is going completely wrong. i don’t want to keep (re)defining words or concepts here.

i definitely have not configured any keys in k9. and i don’t know how this encryption is supposed to work, nor do i have much knowledge around encryption, but if the public key is sent together then why couldn’t k9 just have used it to read the messages?! isn’t the private key needed just to encrypt? i don’t think it needs to have my private key.

Not you in person, but K-9 itself. It supports Autocrypt, too. (Just “google” it up.)

Most likely because Delta Chat generated a different key pair for its own purpose, and you probably did not sync K-9 with Delta Chat by sending an Autocrypt setup message from K-9.

No, you need it to decrypt messages, too, otherwise anyone could read your mail, too, if your Inbox was hacked.

@cregox your thoughts in your blog post sound interesting but as you stated in the end of it, giving up privacy in our current society is not a good idea.

another thing I’d like to add:
If you give up the ego and selfishness in our current society, you will get exploited.
If you give out your bank password to the public you don’t have any money anymore.

yes, thanks for bringing it up! reading it again now, i definitely need to update that manifesto… i’ll do it soon.

the society today sure have a tremendous tendency for exploiting each other, but there are alternatives.

even “giving the bank password” could work if everyone does it, in other words, if there’s no more passwords. but utopian views aside, in practice most of us already live with people we trust and either share our would have no problem to give that password. and i’ve seen places where this level of trust can be expanded to an entire village or town. probably not a big city. to me, that just shows a big failure point in need of much improvement, the big cities.

back to the topic, i never implied to give up encryption on the app, if that’s what you meant @Simon. even less to give up privacy. transparency is better offered in layers, this in itself brings several layers of meanings… the dangers of our society is just one. full transparency can also be too much data to absorb, like looking at the sun is too much light.

i removed this as a solution because i just confirmed it doesn’t work. looks like after 1 message is encrypted in the conversation, every message afterwards stay encrypted.

in my case, the encryption happened by mistake, when i installed delta on a new device and forgot to turn that thing off!

now i think the only way to fix it is removing the chat from all devices, or something.

A workaround is to send unencrypted message from any mail client. You can just “Reply all” from web interface, for example.

I wanted the same, just turn off the thing, so I compiled a custom apk that allow to effectively disable encryption, you could do the same or if you don’t have programming skills use my custom apk from here: https://github.com/adbenitez/deltalab-android/releases/download/v1.13.1/deltalab-1.13.1.apk

encryption is nice and all but encrypting and sending my public key in every message is expensive for me, when a “hello world” becomes around 3KB message in the long run most of my data plan is spent sending keys and metadata instead of the actual messages that I didn’t wanted to encrypt anyway, also in slow networks sending 300Bytes instead of 3KB can make the difference, would be nice if encryption isn’t forced, in the meanwhile I had to modify this behavior for myself

The reason for “sticky” encryption is that now every message is considered a reply, as DC does not support explicit quoting/replying: Reply to Message

this is awesome! it worked for my case, thanks!!

i noticed you also removed the location sharing from the lab… if i could, i would’ve actually being back the map point sharing from the previous version… and enable live location without a time limit, so i could drop google’s (although i would bet this isn’t so easy to do).

also, the updates are in spanish… if you want to choose one language, i suggest esperanto.

sound good enough, i might try this the next time… thanks.

I added map support back in the next release, which I can’t upload right now due to connectivity issues, the app also has some extra features like support for Telegram’s animated stickers, some extra skins/themes, allows to quote messages, much more compressed audio messages, etc.

the change log is in Spanish because the target audience is poor people at Cuba.

When a server doesn’t speak the preferred security level of tls or ssl what happens? Fall back to unencrypted

Without contents encryption you have worse than zero privacy concerns on your hands

i couldn’t disagree more.

there are many layers of privacy, encryption is imho the least useful one for all practical concerns… except computer hacking in general (big exception, but should never be in the user layer).

i still couldn’t link delta chat to my main email, but i’ve tested it on gmail and had zero issues while leaving encryption always off. and i’ve been using it with disroot for a few months, very little usage still, yet again zero privacy, encryption, or hacking issues.

encryption is always off for me.

of course, then again, i never use email for “sensitive” data, such as passwords or financial information.

ps: by all means, do all encryption you want in the technical-abstracted-away-from-user level/layer. for instance, basically all websites use https nowadays and no user action is needed. it just works. it works. that’s very important! then it’s fine. i don’t care.

perhaps pointing here is a better link, for whoever might be interested in turning off the encryption in the future:

i hope you’ll continue to update it! perhaps my soul is of a poor cuban person, but never been there (and still struggle with spanish ).

pps also to @Simon: i’ve been updating the privacy page, in case you might be interested.