Can you add a function to add friends by username?
That would be convenient, but it has disadvantages. Profile names are not unique (hundreds of people could use the profile name “John”, and their contacts could relabel them “John from work” etc., with effect just in their own clients).
E-mail adresses are unique, and if you are using a non-chatmail address, you can contact friends by e-mail address, but then your messages won’t be end-to-end-encrypted! When you share a QR code or link, you are actually swapping encryption keys behind the scenes.
For way more detail, see
I saw that when I registered for Delta Chat, an email username was automatically generated. This username should be unique, but I cannot contact friends through the email username, so I cannot send messages.
Are your friends using Deltachat? If yes, you need to scan their QR codes, or they need to scan yours. Or you can follow a contact link they give you, or they can follow a contact link you give them.
If your friends are not using Deltachat, they probably aren’t using encrypted mail. The e-mail addresses Deltachat will give you automatically (=Chatmail addresses) only work for encrypted mail. You need to get an e-mail address from somewhere else to use unencrypted mail. Then you log into that mail account through Deltachat.
If you say what your friends are using, I can be more specific.
I want my friends to use Delta.Chat with me, but there are many limitations in sending QR codes or links, which is not convenient. I am looking for another way for me and my friends to get in touch on Delta.Chat.
The email address automatically provided by Deltachat (i.e. chat email address) is only suitable for encrypted emails, but my friend and I all use the chat email address provided by Deltachat, so we can’t send
If you and your friends all use Chatmail address provided by Deltachat, you can talk to each other with encrypted mail. But your devices have to be introduced to each other first (they get to know one anothers public keys, so they can recognise one another and identify impersonators).
Can you physically meet with your friends? Can two (or more) of you, with the devices you have Deltachat installed on, get together in the same room? If so, scanning QR codes is best.
Do you have some other secure channel to your friends, like Signal or Jami? If so, you can use it to send a link.
Could you all follow a link posted on this forum or website? Could you all scan/save a QR code posted on this forum or another website? This could be used to arrange introductions, but you have to trust the person hosting the link. It is not as secure.
Because of restrictions in my country, many links and QR codes are difficult to send online. My country is very large and I am far away from my friends.
Can we generate a code similar to a key to add friends? In other words, is there a third way to add friends without using QR codes and links?
I sympathize! Distance makes things more difficult. Sneakernet is easier in small places.
You can save your introduction QR code as an image file. Then you can send the image file to a friend (you must send it securely). The friend can copy the image and paste or scan it into Deltachat. Would that work?
Everyone who joins a group chat is automatically introduced to everyone else in the group. So if someone has shared a QR code with a friend, they can automatically introduce that friend to anyone else they shared a QR code with. And then those people can introduce more people.
The complicated details
This is why you have to send a introduction code securely.
If someone sees the QR code being sent, they could steal it, secretly replace it with another QR code, and impersonate the friends to each other as they talk (a manipulator-in-the-middle attack).
You can detect this by comparing fingerprints. In a chat with your friend’s account, choose “Encryption” from the menu. It will tell you your fingerprint and your friend’s fingerprint. If your friend’s client says the same, all is probably well (it is slow and expensive for even a government to fake a fingerprint). If they do not match, delete the contact and try again (use new accounts if you want; Deltachat will give you unlimited accounts).
But if you send the fingerprint, someone could steal that and replace it, too! You need a secure communications channel to initially share your QR codes (and optionally share the fingerprints, to double-check).
Deltachat could make a secure channel for you, but someone would probably block it again. That is why you have to make your own. But we can help.
You could also make a VCard for your account and send that instead of a QR code. But if sending VCards is also blocked, we will have to find another way.
If some QR codes are blocked, but others are not, we might make them less distinct.
Many, but not all?
Where can I get technical details on how it’s done?
Are HTTPS and other TLS-encrypted protocols blocked?
I think the OP may not know the technical details, and some sites, like the Tor project, have links to decent data on what is blocked where. The OP has refrained from identifying the country and I don’t want to press them to provide information.
Beware EXIF metadata, but possible ways:
- send a photo of the QR code
- send multiple photos of parts of the QR code, then edit them into one image.
If the QR codes vanish in transit, then there is probably no impersonation attack.
I hope it works now, and there is no necessity of posting again.
you need the encryption keys of your contact to be able to chat securely, just having an email address is not enough, that is what the invitation link gives you, the same way you can share an email address in a text message you can share the invitation link
notice that your contacts don’t need to open the link or even be online to open the link in delta chat if they have the app already installed, they can also send the link in their saved messages and click it there, this will not open the link in the browser, so it matters little if your country is blocking links or the whole World Wide Web for that matter…
1 Like
But such link may be intentionally auto-corrupted or completely removed on (government) server side, thanks to immutable i.delta.chat part… one more reason to make DC apps pay less attention to domain part.
See Single link: account creation + chat invitation (+ more crazy stuff)
Username part of address, if long enough, may be used as public key. Tor onion addresses and some messengers do it.
it doesn’t even need to have i.delta.chat, actually that is just a hack so people can see a nice page if they don’t have DC installed, the invite links are actually this type of link: openpgp4fpr:1EDD34FF7513D09F6DA300A765285E7A1C9DA72A#a=simplebot08%40gmail.com&n=Mia&i=9BnkBMZU3lZ&s=l5CJimJA-tV and you can share that as well go to your invite link in the browser and copy the “open chat” button’s link to clipboard
that can only be done if you use the government’s messenger to send the link, using any medium that is e2e encrypted or not in the hands of the gov will be safe, ex. in Cuba the government is blocking i.delta.chat and any *.delta.chat subdomain for that matter, still people exchange Delta Chat links via Facebook, WhatsaApp, Telegram, etc
1 Like