- Què és Delta Chat?
- Com puc trobar gent amb qui xatejar?
- What are the advantages of Delta Chat compared to other messengers?
- Which messages do appear in Delta Chat?
- What if I expect a message from someone I didn’t write to in the past?
- Does Delta Chat support images, videos and other attachments?
- How can I add or switch between multiple accounts?
- Who sees my profile picture?
- Does Delta Chat support HTML e-mails?
- Why do I have to enter my E-Mail password into Delta Chat? Is this secure?
- Which permissions does Delta Chat need?
- What means Pinning, Muting, Archiving?
- What does the green dot mean?
- How can I delete my account?
- Creation of a group
- Add members to a group
- I have deleted myself by accident.
- I do not want to receive the messages of a group any longer.
- What do the ticks shown beside outgoing messages mean?
- What happens if I turn on “Delete old messages from server”?
- What happens if I turn on “Delete old messages from device”?
- Does Delta Chat support end-to-end-encryption?
- What do I have to do to activate the end-to-end-encryption?
- If end-to-end-encryption is not available, is the connection not encrypted at all?
- How can I verify cryptographic status with a sender?
- How can I check the encryption of messages?
- How can I ensure message encryption and deletion?
- Which standards are used for end-to-end-encryption?
- What is the difference between verified groups and 1:1 chats with verified contacts?
- Does Delta Chat support Perfect Forward Secrecy?
- How does Delta Chat protect my Metadata?
- Can I reuse my existing private key?
- I can’t import my existing PGP key into Delta Chat.
- Private Apps / webxdc
- Experimental Features
- How can I use audio/video calls with Delta Chat?
- What is a verified group? Why is it experimental?
- What are Broadcast Lists and how can I use them?
- How can I share my location with my chat partners?
- What does the experimental database encryption actually protect?
- Why can I choose to only watch the DeltaChat folder?
- How can I change my account to a different e-mail address?
- Does Delta Chat work with my e-mail-provider?
- I want to manage my own e-mail server for Delta Chat. What do you recommend?
- If Delta Chat uses E-Mail, is it really an Instant Messenger?
- Is Delta Chat compatible with Protonmail / Tutanota / Criptext?
- I’m interested in the technical details. Can you tell me more?
- Was Delta Chat independently audited for security vulnerabilities?
- How are Delta Chat developments funded?
Delta Chat és una nova aplicació de xat que envia els missatges via correu electrònic, xifrat si és posible, amb Autocrypt. No cal pas que et donis d’alta enlloc, només has de fer servir el teu actual compte de correu electrònic amb amb Delta Chat.
Amb Delta Chat pots escriure a qualsevol adreça de correu electrònic, fins i tot si el destinatari no usa Delta Chat. No cal que ell s’instal·li la mateixa app que tu, com passa amb els altres programes de missatgeria.
- Independent of any company or services. You own your data.
- Your data is not saved on a central server unless all users are using the same e-mail servers
- You do not distribute your address book to anyone.
- Fast by the use of Push-IMAP.
- Largest userbase - recipients not using Delta Chat can be reached as well.
- No Spam - only messages of known users are shown by default.
- End-to-end-encryption via Autocrypt.
- Copyleft and Standards based libre software.
- Flexible identity with built-in support for multiple accounts
By default, Delta Chat shows all e-mails.
At “Settings -> Chats & Media -> Show Classic E-Mails”, you can change this. You have these options:
- “No, chats only”: Only messages sent by other Delta Chat users and replies to your Delta Chat messages are shown. This makes most sense if you use the same e-mail account for normal e-mails as well.
- “All”: Delta Chat shows all e-mails that are sent to your email address. This makes sense if you want to use Delta Chat for all your e-mails, so no message gets lost. This is the default setting.
- “For accepted contacts”: Delta Chat shows all e-mails from contacts with whom you already have a chat, but new chats only pop up for Delta Chat messages. This helps to decide on a case-by-case basis whether you want to have a conversation in Delta Chat or in a “normal” e-mail app.
- If a message comes from an unknown contact, it appears as a request. You need to accept the request before you can reply.
- You can also “delete” it if you don’t want to chat with them for now. This does not delete the message on the server, only on your device. So you can still deal with the message in a different mail app.
- If you delete a request, future messages from that contact will still appear as message request, so you can change your mind. If you really don’t want to receive messages from this person, consider blocking them.
Yes. Beside the plain text, all e-mail attachments are displayed as separate messages. Outgoing messages get attachments as needed automatically.
For performance, images are optimized and sent at a smaller size by default, but you can send it as a “file” to preserve the original.
You can easily work with additional accounts on Delta Chat mobile and desktop clients by clicking either:
- on the menu button and then ‘Switch Account’ (Android and desktop)
- or the profile icon and then ‘Add Account’ (iOS)
You may also wish to learn how to add accounts to multiple devices.
You can add a profile picture in your settings. If you write to your contacts or add them via QR code, they automatically see it as your profile picture.
Contacts who don’t use Delta Chat do not see the profile picture (however, of course, they can install Delta Chat :)
For privacy reasons, no one sees your profile picture until you write a message to them.
Your profile picture isn’t sent with every message, but regularly enough that your contacts will re-receive your profile picture, even if they add a new device.
- Yes. If needed, incoming messages get a “Show full message” button. Outgoing e-mails always use plain text.
As with other E-Mail programs like Thunderbird, K9-Mail, or Outlook, the program needs the password so you can use it to send mails. Of course, the password is stored only on your device. The password is only transmitted to your E-Mail provider (when you login), which has access to your mails anyway.
If you use an E-Mail provider with OAuth2 support like gmail.com or yandex.ru, there is no need to store your password on the device. In this case, only an access token is used.
As Delta Chat is Open Source, you can check the Source Code if you want to verify that your credentials are handled securely. We are happy about feedback which makes the app more secure for all of our users.
Depending on the operating system in use, you may be asked to grant permissions to the app. This is what Delta Chat does with these permissions:
- Camera (can be disallowed)
- take pictures and videos: for sending Photos
- Contacts (can be disallowed)
- read your contacts: to discover contacts to chat with
- Location (can be disallowed)
- access approximate location (network location sources): for the location streaming feature
- access precise location (GPS and network location sources): for the location streaming feature
- Microphone (can be disallowed)
- record audio: for audio messages
- Storage (can be disallowed)
- modify or delete the contents of your SD card: to download message attachments
- read the contents of your SD card: to share files with your contacts
- Other app capabilities
- change your audio settings: so you can choose ring tones and volume for notifications and audio messages
- run at startup: so you don’t have to start Delta Chat manually
- control vibration: for notifications
- view network connections: to connect to your E-Mail provider
- prevent phone from sleeping: so you can easier copy the security code during the Autocrypt Setup Message
- have full network access: to connect to your E-Mail provider
- view Wi-Fi connections: to connect to your E-Mail provider
- ask to ignore battery optimisations: for users who want to receive messages all the time
Use these tools to organize your chats and keep everything in its place:
Pinned chats always stay atop of the chat list. You can use them to access your most loved chats quickly or temporarily to not forget about things.
Mute chats if you do not want to get notifications for them. Muted chats stay in place and you can also pin a muted chat.
Archive chats if you do not want to see them in your chat list any longer. Archived chats remain accessible above the chat list or via search.
When an archived chat gets a new message, unless muted, it will pop out of the archive and back into your chat list. Muted chats stay archived until you unarchive them manually.
To archive or pin a chat, long tap (Android), use the chat’s menu (Android/Desktop) or swipe to the left (iOS); to mute a chat, use the chat’s menu (Android/Desktop) or the chat’s profile (iOS).
- Since Delta Chat 1.34 you can sometimes see a “green dot” next to the avatar of a contact. It means they were “recently seen”.
- In detail: it means, that in the last 10 minutes, Delta Chat has seen them:
- either because they messaged you directly,
- because they wrote something to a group you are both a member of,
- because they sent you a read receipt for a message you wrote,
- or because they sent data to your Delta Chat app by using a private app.
- So this is not a real time online status - and if someone doesn’t answer right away even though they seem to be online, don’t worry and give them some space ;-)
- On the other hand, others will not always “see that you are online”. If you have turned off read receipts, they will not see the green dot until you message them or write to a group they’re in as well.
As you use an e-mail account for Delta Chat, how you can delete your account depends on your e-mail provider. We don’t have any control over your e-mail account, so unfortunately we can’t help you with that.
If you want to keep the account, but uninstall Delta Chat, it is recommended to leave any group chat before uninstalling Delta Chat.
- Select New chat and then New group from the menu in the upper right corner or hit the corresponding button on Android/iOS.
- On the following screen, select the group members and define a group name. You can also select a group avatar.
- As soon as you write the first message in the group, all members are informed about the new group and can answer in the group (as long as you do not write a message in the group the group is invisible to the members).
- Cada membre del grup te els mateixos drets que els altres. Per això mateix, tothom pot esborrar a qualsevol membre o afegir-ne de nous.
- Per afegir o esborrar membres, prem a sobre del nom del grup des de la finestra de xat.
- As you’re no longer a group member, you cannot add yourself again. However, no problem, just ask any other group member in a normal chat to re-add you.
Either delete yourself from the member list or delete the whole chat. If you want to join the group again later on, ask another group member to add you again.
As an alternative, you can also “Mute” a group - doing so means you get all messages and can still write, but are no longer notified of any new messages.
- One tick means that the message was sent successfully to your provider.
- Two ticks mean that at least one recipient’s device reported back to having received the message.
- Recipients may have disabled read-receipts, so even if you see only one tick, the message may have been read.
- The other way round, two ticks do not automatically mean that a human has read or understood the message ;)
By default, Delta Chat stores all messages locally on your device. If you e.g. want to save storage space at your mail provider, you can configure Delta Chat to delete old already-received messages on the server automatically. They still remain on your device until you delete them there, too.
To turn it on, go to Delete Old Messages → Delete Messages from Server in the “Chats and Media” settings. You can set a timeframe between “At once” and “After 1 year”. All e-mails received by Delta Chat will be deleted from the server after this timeframe.
Note that if you use Delta Chat on more than one device, you need to leave the message on the server with a sufficient timeframe so that the other device(s) can download them, too.
- If you want to save storage on your device, you can choose to delete old messages automatically.
- To turn it on, go to “delete old messages from device” in the “Chats & Media” settings. You can set a timeframe between “after an hour” and “after a year”; this way, all messages will be deleted from your device as soon as they are older than that.
Yes. Delta Chat implements the Autocrypt Level 1 standard and can thus E2E-encrypt messages with other Autocrypt-capable apps.
Delta Chat also supports a strong form of end-to-end encryption that is even safe against active attacks, see “verified groups” further below.
Delta Chat apps (and other Autocrypt-compatible e-mail apps) share the keys required for end-to-end-encryption automatically as the first messages are sent. After this, all subsequent messages are encrypted end-to-end automatically. If one of the chat partners uses a non-Autocrypt e-mail app, subsequent messages are not encrypted until an Autocrypt-compliant app is available again.
If you want to rather avoid end-to-end-encrypted e-mails by default, use the corresponding Autocrypt setting in “Settings” or “Advanced settings”.
- With most mail servers, Delta Chat establishes transport encryption (TLS). This only secures the connection between your device and your e-mail server. Whereas e2e-encryption provides safety between your device and a friend’s device.
If you are within immediate distance of the chat partner:
- Select QR Invite code on one device and then Scan QR code on the other one and scan the code. If both devices are online, they will introduce a chat channel with each-other (if it doesn’t exist already) and the encryption keys will also be verified. Both will see a “sender verified” system message in their 1:1 chat.
If you are not near the chat partner, you can check the status manually in the “Encryption” dialog (user profile on Android/iOS or right-click a user’s chat-list item on desktop):
For end-to-end-encryption, Delta Chat shows two fingerprints there. If the same fingerprints appear on your chat partner’s device, the connection is safe.
For transport encryption, this state is just shown there
A little padlock shown beside a message denotes whether the message is end-to-end-encrypted from from the given sender.
If there is no padlock, the message is usually transported unencrypted e.g. because you or the sender have turned off end-to-end-encryption, or the sender uses an app without support for end-to-end-encryption.
The best way to ensure every message is encrypted, and metadata deleted as quickly as possible is creating a verified group and turning on disappearing messages.
Verified groups are always encrypted and protected against MITM attacks.
Metadata can’t be encrypted, as the server needs to know where to deliver your messages. But turning on “disappearing messages” deletes the messages on the server after they were delivered.
If you need the messages on your device, but not on the server, you can also agree in the group to turn on “delete messages from server automatically”.
If you want to protect a 1:1 conversation like this, you should create a verified group with only 2 people. If the other person loses their device but not their account, you can still communicate in the 1:1 chat. (Read more)
Autocrypt is used for establishing e2e-encryption with other Delta Chat and other Autocrypt-capable mail apps. Autocrypt uses a limited subset of OpenPGP functionality.
Delta Chat implements countermitm setup-contact and verified-group protocols to achieve protection against active network attacks. This goes beyond the opportunistic base protection of Autocrypt Level 1, while maintaining its ease of use.
1:1 chats with a verified contact and verified groups are not the same, even if there are only 2 people in the verified group. One difference is that you could easily add more people to the group, but there are other implications as well.
Verified groups are invariably secured. Any breakage (cleartext or wrongly signed messages etc.) will be flagged and such messages will not be shown in this chat. You can trust all messages in this verified-checkmark chat to have not been read/altered by middle parties.
1:1 chats are opportunistic, it is meant to allow people to communicate no matter if they change e-mail clients, devices, setups etc. That’s why there is no verification checkmark, even if you have verified the contact.
No, OpenPGP doesn’t support Perfect Forward Secrecy. Perfect Forward Secrecy works session-oriented, but E-Mail is asynchronous by nature and often used from multiple devices independently. This means that if your Delta Chat private key is leaked, and someone has a record of all your in-transit messages, they will be able to read them.
Note that if anyone has seized or hacked your running phone, they will typically be able to read all messages, no matter if Perfect Forward Secrecy is in place or not. Having access to a single device from a member of a group, will typically expose a lot of the social graph. Using e-mail addresses that are not easily tracked back to persons helps group members to stay safer from the effects of device seizure.
We are sketching ways to protect communications better against the event of device seizure.
As Delta Chat is a decentralized messenger, the metadata of Delta Chat users are not stored on a single central server. However, they are stored on the mail servers of the sender and the recipient of a message.
Each mail server currently knows about who sent and who received a message by inspecting the unencrypted To/Cc headers and thus determine which e-mail addresses are part of a group. Delta Chat itself could avoid unencrypted To/Cc headers quite and always put them only into the encrypted section. See Avoid sending To/CC headers for verified groups. For opportunistic chats the main concern is how it affects other mail apps who might participate in chats.
Many other e-mail headers, in particular the “Subject” header, are end-to-end-encryption protected, see also this upcoming IETF RFC.
Yes. The best way is to send an Autocrypt Setup Message from the other e-mail client. Look for something like Start Autocrypt Setup Transfer in the settings of the other client and follow the instructions shown there.
Alternatively, you can import the key manually in “Settings -> Advanced settings -> Import secret keys”. Caution: Make sure the key is not protected by a password, or remove the password beforehand.
If you don’t have a key or don’t even know you would need one - don’t worry: Delta Chat generates keys as needed, you don’t have to hit a button for it.
The most likely cause is that your key is encrypted and/or uses a password. Such keys are not supported by Delta Chat. You could remove the passphrase encryption and the password and try the import again. If you want to keep your passphrase you’ll have to create an e-mail alias for use with Delta Chat such that Delta Chat’s key is tied to this e-mail alias.
Delta Chat supports common OpenPGP private key formats, however, it is unlikely that private keys from all sources will be fully supported. This is not the main goal of Delta Chat. In fact, the majority of new users will not have any key prior to using Delta Chat. We do, however, try to support private keys from as many sources as possible.
Removing the password from the private key will depend on the software you use to manage your PGP keys. With Enigmail, you can set your password to an empty value in the Key Management window. With GnuPG you can set it via the command line. For other programs, you should be able to find a solution online.
Yes. Delta Chat 1.36 comes with a new, experimental function for using the same account on different devices:
Make sure both devices are on the same Wi-Fi or network
On the first device, go to Settings → Add Second Device, unlock the screen if needed and wait a moment until a QR code is shown
On the second device, install Delta Chat
On the second device, start Delta Chat, select Add as Second Device, and scan the QR code from the old device
Transfer should start after a few seconds and during transfer both devices will show the progress. Wait until it is finished on both devices.
In contrast to many other messengers, after successful transfer, both devices are completely independent. One device is not needed for the other to work.
Double-check both devices are in the same Wi-Fi or network
Your system might have a “personal firewall”, which is known to cause problems (especially on Windows). Disable the personal firewall for Delta Chat on both ends and try again
Ensure there is enough storage on the destination device
If transfer started, make sure, the devices stay active and do not fall asleep. Do not exit Delta Chat. (we try hard to make the app work in background, but systems tend to kill apps, unfortunately)
Delta Chat is already logged in on the destination device? You can use multiple accounts per device, just add another account
If you still have problems or if you cannot scan a QR code try the manual transfer described below
This method is only recommended if “Add Second Device” as described above does not work.
- On the old device, go to “Settings -> Chats and media -> Export Backup”. Enter your screen unlock PIN, pattern, or password. Then you can click on “Start Backup”. This saves the backup file to your device. Now you have to transfer it to the other device somehow.
- On the new device, on the login screen, instead of logging into your email
account, choose “Import Backup”. After import, your conversations, encryption
keys, and media should be copied to the new device.
- If you use iOS: and you encounter difficulties, maybe this guide will help you.
- You are now synchronized, and can use both devices for sending and receiving E2E-encrypted messages with your communication partners.
- There are no immediate plans but some preliminary thoughts.
- There are 2-3 avenues for introducing a Delta Chat Web Client, but all are significant work. For now, we focus on getting stable releases into all app stores (Google Play/iOS/Windows/macOS/Linux repositories) as native apps.
- If you need a Web Client, because you are not allowed to install software on the computer you work with, you can use the portable Windows Desktop Client, or the AppImage for Linux. You can find them on get.delta.chat.
Sending a copy of your messages to yourself ensures that you receive your own messages on all devices. If you have multiple devices and don’t turn it on, you see only the messages from other people, and the messages you send from the current device.
The copy is sent to the Inbox, and then moved to the DeltaChat folder; it’s not put into the “Sent” folder. Delta Chat never uploads anything to the Sent folder because this would mean uploading a message twice (once through SMTP, and once through IMAP to Sent folder).
The default setting for copy-to-self is “no”.
The only reason one wants to watch the Sent folder is if you are using another mail program (like Thunderbird) next to your Delta Chat app, and want your MUA to participate in chat conversations.
However, we recommend using the Delta Chat Desktop Client; you can download it on get.delta.chat. The option to watch the “Sent” folder might go away in the future. It was introduced at a time where there was no Delta Chat Desktop client available on all platforms.
Some people use Delta Chat as a regular email client, and want to use the Inbox folder for their mail, instead of the DeltaChat folder. If you disable “Watch DeltaChat folder”, you should also disable “move chat messages to DeltaChat”. Otherwise, deleting messages or multi-device setups might not work properly.
In Delta Chat, you can share “private apps”, attachments with an
extension. They can do very different things, and make Delta Chat a truly
extendable messenger. The technical term is webxdc.
- Private apps can not send data to the Internet, or download anything.
- A private app can only exchange data within a Delta Chat chat, with its copies on the devices of your chat partners. Other than that, it’s completely isolated from the Internet.
- The privacy a private app offers is the privacy of your chat - as long as you trust the people you chat with, you can trust the private app as well.
- This also means: it can be a privacy risk to open private apps in chats where you don’t trust the members - as you know it from e-mail attachments, where you only open attachments from senders you trust, and not from spammers.
- In general, anyone can share private apps with each other without restrictions.
- You can send ‘hi’ to email@example.com to see an experimental webxdc appstore. All of the apps are open source and for free.
- Many people write their own private apps and post them to the Delta Chat forum.
- You can extend the Hello World example app to get started.
- All else you need to know is written in the documentation.
- If you have question, you can ask others with experience in the Delta Chat Forum.
We are very grateful about feedback on these features - do you want to share your ideas? Join the Forum to contribute. (You like experiments? Register through “Sign up -> with Delta Chat”!)
- To turn on audio/video calls, go to the “experimental features” section in the advanced settings and choose a “videochat instance”.
- When you invite others to a video chat, it is opened in your browser/app at once. The others receive an e-mail with a link to your jitsi/BBB room. This way, it is also compatible if your chat partners don’t use Delta Chat.
- Note that there is no ring tone on the other side, and your chat partners will not get interrupted by a video chat invite.
- You can use any video chat service which allows joining by link. Just add the link in the settings.
- For example, to use the flagship Jitsi Meet instance, you could enter
$ROOMvariable will be a random value; this way, you will have a new random jitsi room every time you call someone.
A verified group is a chat that guarantees safety against an active attacker. All Messages in a verified chat view are e2e-encrypted, and members can join by scanning a “QR invite code”. All members are thus connected with each other through a chain of invites, which guarantee cryptographic consistency against active network or provider attacks. See countermitm.readthedocs.io for the R&D behind this feature.
As of Oct 2022, “verified groups” remain an experimental feature. It is continuously improved and many bugs have been fixed since the original introduction in 2018. However, there remain cases, especially with large groups where inconsistencies can occur, or messages become unreadable.
- With a Broadcast List you can send a message to many recipents at once; when they reply to you, you get the reply in your direct 1:1 chat with them. The recipients can’t see each other.
- Technically, it is an E-Mail with many recipients in BCC.
- You can turn on the feature in the “experimental features” section in the advanced settings. Then you can create a Broadcast List from the “New Chat” dialog.
- In case you are using more than one device, Broadcast Lists are currently not synced between them.
- Messages sent to broadcast lists are not encrypted. Encryption would break anonymity, because then all recipients would know who else received it (Sending individual mails to everyone would be worse for rate limit and network consumption reason).
- You can turn on location streaming in the “experimental features” section of the advanced settings.
- Now, if you want to share your location in a chat, go to “attach” and select “location”. You can now set a time frame in which your location will be streamed to your chat partners, between 5 minutes and 6 hours.
- When your location changes, the others in the chat can view it on a map in the chat.
- To see the map and view locations of others, you need to turn on the feature in the advanced settings.
- This feature will not share your location with anyone except your chat partners. But: to show the map, we need to download map tiles from mapbox.com, so if you view the map, mapbox.com is asked for the map of a specific area. If this is a privacy risk for you, this feature might not be for you. We are working on finding a decentralized alternative for Mapbox.
- On desktop, the OS typically can’t determine your location. Instead you can right click on the map and describe a location, which is sent to the chat as a message, but also appears on the map.
- Right now, the database encryption is still very experimental. Don’t rely on it for protection, you should additionally use encryption of your operating system, if it provides any.
- The database encryption does not yet encrypt the blobs, only the rows and columns of the database. This more or less means that your messages are safe, but not your attachments.
- For iOS and Android, the encryption keys are stored in the system keychain. This means the encryption is as secure as the operating system it’s running on.
- The Delta Chat desktop client doesn’t offer database encryption yet, as there is no standard way to store the encryption keys on the different supported platforms.
This is an experimental setting for some people who are experimenting with server-side rules. Not all providers support this, but with some you can move all mails with a “Chat-Version” header to the DeltaChat folder. Normally, this would be done by the Delta Chat app.
Enabling “Only Fetch from DeltaChat folder” makes sense if you have both:
- enabled a server-side rule to move all messages with Chat-Version header to the DeltaChat folder, and
- have set the “Show classic emails” setting to “no, chats only”.
In this case, Delta Chat doesn’t need to watch the Inbox, and it’s enough to only watch the DeltaChat folder.
- Change your address at the “Password and Account” seetings screen in Delta Chat, enter your password (and if necessary, server settings) for the new account
- If possible, make your old e-mail provider forward all e-mails to your new email address
- Tell your contacts that you changed your address. If you write this to a verified group, they will acknowledge this automatically.
To learn about the details behind this, read our blogpost on it.
- With a rather good chance: Yes :)
However, some providers need special options to work properly, see Provider Overview
- Most mail servers will work well. But what we personally recommend is a combination of mailcow and mailadm, as described in this blogpost.
- You can find an installation guide on our website.
- Sending and receiving messages takes a few seconds, typically. Sometimes there are cases where it takes longer but that is arguably true as well for any other messenger.
- Instant chatting works fast if both parties are actively using the app. It’s sometimes slower if the app is running in the background.
- Receiving messages then can take minutes because both Android and iOS often stop Delta Chat from running in the background, and only wake it up occasionally. This artificial delay is usually worse on iOS than on Android.
- However, Android and iOS kill apps running in the background is a problem for many legitimate apps. For more information, see dontkillmyapp.com.
- Yes and No.
- No, you can not use your Protonmail, Tutanota, or Criptext account with Delta Chat; they do not offer receiving mails via IMAP.
- In any case you can use Delta Chat to send Messages to people who use Protonmail, Tutanota, or Criptext. Those messages will not be End-to-End encrypted, though. The End-to-End encryption those providers offer is not compatible with Autocrypt, the standard Delta Chat uses.
- Delta Chat can e2e-encrypt through any e-mail provider with any Autocrypt-enabled e-mail app.
The Delta Chat project underwent four independent security audits in the last years:
In 2019, Include Security analyzed Delta Chat’s PGP and RSA libraries. It found no critical issues, but two high-severity issues that we subsequently fixed. It also revealed one medium-severity and some less severe issues, but there was no way to exploit these vulnerabilities in the Delta Chat implementation. Some of them we nevertheless fixed since the audit was concluded. You can read the full report here.
In 2020, Include Security analyzed Delta Chat’s Rust core, IMAP, SMTP, and TLS libraries. It did not find any critical or high-severity issues. The report raised a few medium-severity weaknesses - they are no threat to Delta Chat users on their own because they depend on the environment in which Delta Chat is used. For usability and compatibility reasons, we can not mitigate all of them and decided to provide security recommendations to threatened users. You can read the full report here.
Beginning 2023, Cure53 analyzed both the transport encryption of Delta Chat’s network connections and a reproducible mail server setup as recommended on this site. You can read more about the audit on our blog or read the full report here.
Beginning 2023, we fixed security and privacy issues with the “web apps shared in a chat” feature, related to failures of sandboxing especially with Chromium. We subsequently got an independent security audit from Cure53 and all issues found were fixed in the 1.36 app series released in April 2023. See here for the full background story on E2E security in the web.
Delta Chat does not receive any Venture Capital and is not indebted, and under no pressure to produce huge profits, or to sell users and their friends and family to advertisers (or worse). We rather use public funding sources, so far from EU and US origins, to help our efforts in instigating a decentralized and diverse chat messaging eco-system based on Free and Open-Source community developments.
Concretely, Delta Chat developments have so far been funded from these sources:
The Open Technology Fund gave us a first 2018/2019 grant (~$200K) during which we majorly improved the Android app and released a first Desktop app beta version, and which moreover moored our feature developments in UX research in human rights contexts, see our concluding Needfinding and UX report. The second 2019/2020 grant (~$300K) helped us to release Delta/iOS versions, to convert our core library to Rust, and to provide new features for all platforms.
The NLnet foundation granted in 2019/2020 EUR 46K for completing Rust/Python bindings and instigating a Chat-bot ecosystem.
In 2021 we received further EU funding for two Next-Generation-Internet proposals, namely for EPPD - e-mail provider portability directory (~97K EUR) and AEAP - email address porting (~90K EUR) which resulted in better multi-account support, improved QR-code contact and group setups and many networking improvements on all platforms.
From End 2021 till March 2023 we received Internet Freedom funding (500K USD) from the U.S. Bureau of Democracy, Human Rights and Labor (DRL). This funding supported our long-running goals to make Delta Chat more usable and compatible with a wide range of e-mail servers world-wide, and more resilient and secure in places often affected by internet censorship and shutdowns.
Beginning 2023 we got accepted in the Next Generation Internet (NGI) Entrust program for our “Private Decentralized Apps” proposals. Exact amount is to be determined (around 100K EUR). This funding supports further developments of webxdc “apps shared in a chat”.
Sometimes we receive one-time donations from private individuals. For example, in 2021 a generous individual bank-wired us 4K EUR with the subject “keep up the good developments!”. 💜 We use such money to fund development gatherings or to care for ad-hoc expenses that can not easily be predicted for, or reimbursed from, public funding grants. Receiving more donations also helps us to become more independent and long-term viable as a contributor community.
Last but by far not least, several pro-bono experts and enthusiasts contributed and contribute to Delta Chat developments without receiving money, or only small amounts. Without them, Delta Chat would not be where it is today, not even close.
The monetary funding mentioned above is mostly organized by merlinux GmbH in Freiburg (Germany), and is distributed to more than a dozen contributors world-wide.
Please see Delta Chat Contribution channels for both monetary and and other contribution possibilities.