Hi! My family and friends live in country with goverment repressions and total internet control. We are looking for the new ways to communicate constantly. What appealed to me in Delta Chat is that I can set it up with ‘white listed’ email service. And it already works great.
So my question is - Is it secure in the sense of govermental forces reading my emails? I see them as empty emails with 2 attachments, so nothing to read here without a key.
And 2nd question is where are attachments stored? I don’t see them in my email folder. I read in FAQ that they are encrypted too.
I’ve read this post but it haven’t answered my questions still:
Hi, buddy! I’m in exactly the same situation. I’ve set up my account on mail.ru.
They won’t be able to read the messages — everything is encrypted — but the security services will easily reconstruct the entire “social graph”: they’ll be able to see the size of the message, who sent it, and who it was sent to.
So this tool is fine for personal correspondence — it’s good for staying in touch with friends and not losing contact with them — but that’s about it.
Thanks for the answer! Encryption is enough for me. There is still a question about attachments.
I saw a post about using mail.ru, but their tech support said that IMAP/SMTP will be pay-to-use (for some users it is already behind paywall). So Yandex is kinda safe bet - even if it will be pay-to-use, it will be included in their subscription.
Glad to help! For the record — I’m using mail.ru via IMAP for free (with an app password), no issues at all.
On MAIL.RU, these emails appear as messages with two attachments. Out of curiosity, I extracted the private encryption key from the client’s backup, downloaded the attachment and decrypted it — everything’s correct, it all matches up.
hi, this communication in a country with a repressive government is safe and quite stable and calls work…
in the delta chat settings regarding storing messages on the server, set it to delete immediately after loading and then everything will be stored on the phone
There is no point in deleting emails, it is an illusion of security. this makes no sense, the letter arrived on the server and has already been entered into the intelligence services database, with all the information - who wrote and to whom
There are attacks to steal decrypted data from phones, so deleting the messages promptly from the phone will protect from disclosures in future phone-side attacks.
Android phones allow apps way too much access to other phone data, and many apps grab data they have no need for, largely fingerprinting data, and phone it home to their developers, who exploit it for profit.
Attachments are storing inside of emails, so they also encrypted (content and type/name).
I could recommend to you add 2 profiles - one with chatmail address (you can choose on of a few local servers which works without vpn) for daily messaging and one generic email service which is whitelisted (mail or yandex basically) and use them only in whitelist mode.
It’s a mixed beast in Russia, currently. Some (parts of) networks are on BL, others on WL. The lists themselves are varied. Most of datacenters where you can rent VPS are free of anything, though. For now. But it doesn’t mean that you’ll be able to connect to your VPS if you’re on a WL network.
All that stuff is excellent when your GFW works as “blacklist”. It’s totally useless when your GFW works as “whitelist“ (as in more and more places in Russia sometimes) - your wonderful bypass server with all the neatest bypass stuff just wont be in whitelist, no matter how hard you try to mess with protocols - its totally useless when there are no protocols allowed at all for your personal VPS.
And DeltaChat seems to be the only solution to have a non-government-controlled chat-like app that works with whitelisted GFW, when you have at least one convenient e-mail provider whitelisted.
Webxdc apps with P2P capabilities do not work in Russia and other countries with strict internet restrictions. The iroh servers used to establish connections are blocked. However, calls via DeltaChat work because they use email-based signaling. Is it possible to add alternative connection methods?
Webdxc P2P doesn’t even work on a single local network or with IPv6 addresses—that seems odd.
DeltaChat was designed as a decentralized messenger, capable of operating even within a local network without accessing the internet, yet here we see a clear dependence on external resources that are subject to blocking. This violates a key principle underlying this app.