Delta Chat V2: a major security upgrade, beautified contact profiles, new email action and direct app access in chats

August 04, 2025 by olgax, r10s, l, hocuri, adb, ndh, amzd, xenia, nami, wofwca, iequidoo, treefit, sebi, lothar, gerry, dignifiedquire, hko, alireza, feld, flub, rako, dkg, ...

With Delta Chat Version 2, chats are end-to-end encrypted, always and by default. Previously it was possible that chats without green checkmarks could contain messages without end-to-end encryption. Not anymore. Consequently, Version 2 drops all lock icons, most green checkmarks and a few “decryption problem” dialogues, simplifying the user interface and raising the floor for real-world security outcomes. After all, most users don’t want to engage in theorizing and checking end-to-end encryption. They have actual lives to live, and enough challenges to tackle already. They just want a reliable fun-to-use messenger that keeps their chats, messages and contacts private. The decade long discourse on how to achieve this “just” is ongoing, and V2 releases are our contribution to it.

Rolling out major security-upgrades into federated ecosystems

V2 releases maintain compatibility with older releases, even though they roll out a major security upgrade across many hundred thousand devices, across dozens of apps and bots, at relatively random points in time. During 8 years of development, we never needed to ask users or developers for “co-ordinated upgrades” like for example Matrix and Session did in 2025. But how could we avoid asking for such painful coordination, when other federated messaging projects struggle?

First of all, the planetary-scale email system is mature and has separation between transport protocols and message formats. There are no sudden changes in the SMTP protocols which deliver 360 billion messages per day. There are many battle-tested server implementations. Upgrading any of the many chatmail clients is largely unrelated to how servers upgrade.

Second, Delta Chat and all other chatmail clients embed the chatmail core Rust library. This means there is a single central place where “moving the ecosystem” can be implemented. The key v2 work in the chatmail core Rust library added 4696 and removed 6299 lines of code, netting a removal of 1603 lines of code. It fundamentally changed how “identity” and end-to-end encryption is handled in chatmail V2 messaging. Chatmail clients, though? They don’t need to do much more than pulling in a V2 core version, drop some UI elements, adapt a few APIs and enjoy vast security and compatibility benefits. It’s as relaxing as it sounds (except for chatmail core developers who bear the brunt if anything goes wrong).

Third, low-level chatmail core developments are moored to UI and UX goals, and involve ongoing usable security research into federated messaging systems. Our protocol- and cryptography-experts accept constraining their designs so that they fit actual UI and UX goals, not the other way round. Providing smooth distributed upgrading across the ecosystem is a key UX goal which all teams aim for.

Fourth, luck. We may have been just lucky, all things considered :) Our centralized core Rust architecture and mature email protocols with transport/content separation help but do not guarantee that we never have to ask users unpleasant questions or for forgiveness. “Nothing works all the time” is a long-running meme in chatmail circles, with a double meaning. It was probably coined around the second 10-day gathering in Kyiv 2019.

Chatmail relays: a second layer of E2E enforcement

Chatmail relays are used for default onboarding of Delta Chat users and

Chatmail relays and apps each independently enforce transport and end-to-end encryption across the world-wide growing secure chatmail ecosystem. New relays are automatically interoperable based on cryptography and IETF standards. No permission from us needed.

Classic email usage was enhanced but requires opt-in

You can not receive or send messages without end-to-end encryption when onboarding with chatmail relays, but you may manually setup a classic email account, also as an additional profile. Messages without end-to-end encryption will then be marked with a mail icon. Only classic email profiles offer the new “new email” UI action that allows to set a subject and add email address recipients before sending a cleartext email. With Version 2 releases, emails without end-to-end encryption are generally easier to recognize because chat avatars will also use the same boring mail icon and chat messages in mail chats will never become end-to-end encrypted.

Contact Profiles are more beautiful on all platforms

While users have few problems navigating identities in small private circles, the new more beautiful contact profiles aim to help navigate larger chat circles where members frequently get added or removed. The new contact profile aims to help users to identify group members and chat partners more easily.

Shortcuts to recently used apps in chats

All Delta Chat clients now provide direct access in the chat title bar to recently used webxdc apps. For more background, we recently wrote about refined app discovery, notifications and home screen integration at Replacing billionarish platforms with zip-files, and about the introduction of realtime Peer-to-Peer networking, followed by running a Quake multiplayer game co-ordinated between chatmail peers.

PS: the chatmail ecosystem is moving

In 2016, Signal founder Moxie Marlinspike claimed in the ecosystem is moving that federated systems, and email in particular, can fundamentally not do end-to-end encryption:

So while it’s nice that I’m able to host my own email, that’s also the reason why my email isn’t end-to-end encrypted, and probably never will be. By contrast, WhatsApp was able to introduce end-to-end encryption to over a billion users with a single software update. So long as federation means stasis while centralization means movement, federated protocols are going to have trouble existing in a software climate that demands movement as it does today. (Moxie Marlinspike July 25, 2017)

Challenge accepted :) Today, the chatmail ecosystem of apps, servers and bots is living proof that email based end-to-end encrypted messaging is not only possible, but even rolling out big security enhancements throughout a federated system can work. But there is a fun twist that reinforces Moxie’s core “centralization means movement” argument: chatmail Rust core beats Signal in terms of being one centralized codebase that is used in all chatmail clients. All federation protocols and IETF standards are implemented in this one centralized library with a single database schema, whereas Signal’s Android, iOS and Desktop versions each use different databases (making migration between platforms hard) and different languages to implement networking, higher level data structures or even some cryptographic properties like Sealed Sender.

In the cryptographic machine rooms, centralized chatmail core efforts co-evolve with the security-audited rPGP Rust library which implements state-of-the-art end-to-end encryption protocols and algorithms. Few know that Delta Chat uses the same Ed25519 Rust signing crate as Signal, that chatmail only uses a minimal carefully selected subset of OpenPGP, and that current-day OpenPGP collaboration between various players is pretty enjoyable. Chatmail clients are not implementing any aspect of OpenPGP, TLS or email protocols. The embedded chatmail Rust core and rPGP do all the heavy lifting, both backed by multiple security audits.

To make a longer story short, we recently posted about our commitments to federation:

We are basically doing what #signal and in particular Moxie refused to do, or declared impossible: federation.

Both the #email and #activitypub ecosystems are all about federation.

However, #deltachat is vertically centralized in that all UIs use the same #rust core which implements all networking, encryption, chat/group/message logic in a single centralized place. The now 40+ #chatmail mail relay network is driven by centralized code.

At each level, replication and federation is built in.

PPS: What some of you may be curious about

We revised our Encryption and security FAQ and include notes on Forward Secrecy, Sealed Sender and Post Quantum Cryptography. To hear about our conceptions of usable security and future plans you may watch two security talks from June 2025.

PPPS: What regular end-users wonder about :)

A while ago, a contributor’s parent and long-time Delta Chat user got back saying: “Everything is fine! But why does each message have a hand bag?”


Show Comments


You can reply on any Fediverse (Mastodon, Pleroma, etc.) website or app by pasting this URL into the search field of your client:

https://chaos.social/@delta/114970861526411745