Apologies, if that was covered elsewhere. I couldn’t find it in the FAQ either.
There appears to be a new attempt to read our messages?
Will or is Delta Chat safe because it’s not a central system? What about the email servers delta chat uses for messaging?
See also info and ways of taking action at:
For non-German-speakers, the link in the last post says that the EU is planning on passing Chatkontrol-like mass surveillance rules on the twelfth on November, in a closed session of an EU working group.
Delta Chat (@delta@chaos.social) - chaos.social has extensive discussion of reactions to Chatkontrol. Basically regulating a decentralized E2EE app is hard. You’d need to control all the devices in the EU capable of running Deltachat, which these days probably includes as lot of household appliances, and control all copies of the codebase, because anyone with the code can install it. Controlling all the Chatmail servers is flat-out impossible, as many are not in the EU, and it is also possible to use non-Chatmail servers.
The degree of authoritarianism required to actually implement an end-to-end-encryption ban is one good reason against it. Forcing huge tech platforms to have backdoors and scan all messages with LLMs is easy; they want the training data. But then people will switch to distributed systems, especially easy-to-use ones like Deltachat. The big platforms implemented E2EE because consumers voted for it with their feet.
Thank you for your response.
So, what I‘m hearing and interpreting is:
Unlike Signal, Threema, Telegram, WhatsApp
Delta Chat‘s „infrastructure“ is basically the known mail servers, one of them, „testrun“ is run by Delta Chat themselves, the other email servers are recommended only and run by other people, inside and outside the EU.
Plus there are many more email servers and people can choose from them or run their own.
It appears to be impossible to catch all email servers everywhere to „force“ the operators to build in weakening encryption.
What about the Client, can a government force the dev to weaken the client? Of course that would be made known by the community that builds the Delta Chat client?
Please apologise if I ask naive questions. I’m not an expert.
I don’t think the Delta Chat team would even consider implementing surveillance features, just like Signal. So the EU would have to implement app store bans on apps that offer secure messaging. With the way things are going, this seems like a possibility, unfortunately.
I think we can take the adversion of the devs for granted, so let’s see what they can be forced to do.
The EU can regulate the oligopoly platforms; Google, Apple, Microsoft, Meta, etc.. The EU can require them to scan all private messages into a LLM, which is sort of like giving candy to a horde of babies that having been screaming continually for more candy for years. The EU can also force them to remove any apps with E2EE from their appstores. This includes Deltachat.
Apple and Google are already prohibiting installation of apps they don’t authorize: https://f-droid.org/en/2025/10/28/sideloading.html
They also require devs upload their private signing key, allowing them to reprogram the app and sign the dev’s name to the altered version.
And it’s pretty easy and routine to surveil these phones: Everyone knows all the apps on your phone - by peabee
Desktops that are under central control, like Windows and iOS, could also control what software you run, and backdoor it.
You can run free and open-source software, on desktop and mobile. You just need hardware that will let you install software of your choice. Approximately zero mobiles let you choose an open-source operating system. It used to be possible to install FOSS software easily on pretty much any desktop, though the supplier would usually force you to buy a Windows license you did not want (bundling is illegal in many jurisdictions, but that isn’t enforced). This is getting harder. UEFI has a user interface which looks exactly as if it were designed to scare users away from using anything but Windows; while you can install other things, the needed options are hidden in subsub-menus behind scary warnings. And TPM makes it even harder to control your own computer. Microsoft now (very controversially) requires TPM for Windows 11, although sucessful attacks make their assertion that TPM improves security dubious at best.
So if you are buying new hardware and can afford it, buying stuff that has FOSS pre-installed helps make the market healthier. See a list of FOSS mobiles and a list of FOSS laptops, desktops, and tablets. If you need cheap, you could get a used computer that has no TPM and therefore can’t upgrade to Windows 11.
Perhaps more problematic is that politicians increasingly think that these autocratic central-control oligopolies are how tech should or must be. They therefore seek to co-opt the monopoly power instead of breaking it. We need them to mandate open standards and interoperability, and restore competition. If you could leave Facebook for Friendica using data portability tools like those that allowed people to leave Myspace for Facebook, Facebook would be a ghosttown. Such tools are now illegal, but we could re-legalize them, and even require a standard API, like ActivityPub.
On the plus side, there are open, federating standards built very deeply into our infrastructure. TLS is E2EE; e-mail federates; HTML and RSS and Unicode are open standards. And democracies fought monopolies before, about a century ago, and won, creating effective competition laws (now repealed). Public understanding of the problem is the first step.
The EU also has a new interest in data sovereignty. It is becoming aware that EU governments and businesses mostly rely on US cloud companies. US companies are required, under US law, to confiscate or secretly deliver data to the US government on request.
Monopoly power also means inflated prices, increasing the cost of living and hurting the European economy. For instance, Amazon requires all sellers to sell on Amazon at a cheaper price than they sell anywhere else. If the seller wants to be seen in search results, they must pay fees, which on average are about half of the sale price. This obviously pushes up prices everywhere, and forces even people who completely boycott Amazon to subsidize it.
(If instead we had an open RSS-like standard for sellers to advertise their prices on their own websites, and anyone could write an aggregator that let you search for products, Amazon would be a ghost town.)
Concern has been boosted by recent incidents, like the refusal to comply with orders from a Dutch court winding up the Amsterdam Trade Bank, and the Chief Prosecutor of the International Criminal Court having his Microsoft account vanished after he made a ruling to which the US objected.
The EU is trying to escape US dependency by switching to open-source. They are funding software, including Deltachat, to break and replace US tech monopolies and prevent future monopolies by decentralizing control of tech infrastructure; an effective and cost-effective strategy. This is not very compatible with a desire to control and scan all communications, and ban robust encryption!