Frequently Asked Questions

In a hurry? You can read this help relaxed at anytime within the app, also without internet.

What is Delta Chat?

Delta Chat is a new chat app that sends messages via e-mails, encrypted if possible, with Autocrypt. You do not have to sign up anywhere, just use your existing e-mail account with Delta Chat.

How can I find people to chat with?

With Delta Chat, you can write to every existing e-mail address - even if the recipient is not using the Delta Chat app. No need for the recipient to install the same app as yours, as with other messengers.

What are the advantages of Delta Chat compared to other messengers?

Which messages do appear in Delta Chat?

By default, Delta Chat shows all e-mails.

At “Settings -> Chats & Media -> Show Classic E-Mails”, you can change this. You have these options:

What if I expect a message from someone I didn’t write to in the past?

Does Delta Chat support images, videos and other attachments?

How can I add or switch between multiple accounts?

You can easily work with additional accounts on Delta Chat mobile and desktop clients by clicking either:

You may also wish to learn how to add accounts to multiple devices.

Who sees my profile picture?

Does Delta Chat support HTML e-mails?

Why do I have to enter my E-Mail password into Delta Chat? Is this secure?

As with other E-Mail programs like Thunderbird, K9-Mail, or Outlook, the program needs the password so you can use it to send mails. Of course, the password is stored only on your device. The password is only transmitted to your E-Mail provider (when you login), which has access to your mails anyway.

If you use an E-Mail provider with OAuth2 support like gmail.com or yandex.ru, there is no need to store your password on the device. In this case, only an access token is used.

As Delta Chat is Open Source, you can check the Source Code if you want to verify that your credentials are handled securely. We are happy about feedback which makes the app more secure for all of our users.

Which permissions does Delta Chat need?

Depending on the operating system in use, you may be asked to grant permissions to the app. This is what Delta Chat does with these permissions:

What means Pinning, Muting, Archiving?

Use these tools to organize your chats and keep everything in its place:

To archive or pin a chat, long tap (Android), use the chat’s menu (Android/Desktop) or swipe to the left (iOS); to mute a chat, use the chat’s menu (Android/Desktop) or the chat’s profile (iOS).

What does the green dot mean?

How can I delete my account?

As you use an e-mail account for Delta Chat, how you can delete your account depends on your e-mail provider. We don’t have any control over your e-mail account, so unfortunately we can’t help you with that.

If you want to keep the account, but uninstall Delta Chat, it is recommended to leave any group chat before uninstalling Delta Chat.

Groups

Creation of a group

Add members to a group

I have deleted myself by accident.

I do not want to receive the messages of a group any longer.

What do the ticks shown beside outgoing messages mean?

What happens if I turn on “Delete old messages from server”?

What happens if I turn on “Delete old messages from device”?

Encryption and Security

Which standards are used for end-to-end encryption?

Autocrypt is used for automatically establishing E2E-encryption with contacts and group chats. Autocrypt uses a limited and secure subset of the OpenPGP standard.

Secure-Join protocols are used to implement verified groups which provide pervasive protection against network attacks and compromised servers. Verified groups enforce all messages in a chat to be safely E2E-encrypted with an unparalleled ease of use that avoids users having to learn about public key cryptography, key management or key verification.

When will messages be E2E-encrypted?

After a first message was received from a Delta Chat or other Autocrypt-capable contact, Delta Chat defaults to using E2E-encryption with that contact (and vice versa). When creating a group chat with contacts where E2E-encrypted is individually in place, all group members will automatically use E2E-encryption with each other and in the group. However, if you add a contact that lacks E2E-encryption, the group chat will not use E2E-encryption.

If you want to be sure to always and only use E2E-encryption in a group use verified chat groups which additionally protects against compromised or malfeasant e-mail servers.

Are attachments (pictures, files, audio etc.) E2E-encrypted?

Yes. When we talk about an “E2E-encrypted message” we always mean a whole message is encrypted, including all the attachments and attachment metadata such as filenames.

Is OpenPGP secure?

Yes, Delta Chat uses a secure subset of OpenPGP and only displays a padlock security indicator on a message if the whole message is properly encrypted and signed. For example, “Detached signatures” are not treated as secure.

OpenPGP is not insecure by itself. Most publically discussed OpenPGP security problems actually stem from bad usability or bad implementations of tools or apps (or both). It is particularly important to distinguish between OpenPGP, the IETF encryption standard, and GnuPG (GPG), a command line tool implementing OpenPGP. Many public critiques of OpenPGP actually discuss GnuPG which Delta Chat has never used. Delta Chat rather uses the OpenPGP Rust implementation rPGP, available as an independent “pgp” package, and security-audited in 2019.

We aim, along with other OpenPGP implementors, to further improve security characteristics by implementing the new IETF OpenPGP Crypto-Refresh which was thankfully adopted in summer 2023.

Did you consider using alternatives to OpenPGP for E2E-encryption?

Yes, we are following efforts like MLS or Saltpack but adopting them would mean breaking E2E-encryption interoperability with all other e-mail apps that typically support OpenPGP encryption. So it would not be a light decision to take and there must be tangible improvements for users.

Delta Chat takes a holistic “usable security” approach and works with a wide range of activist groupings as well as renowned researchers such as TeamUSEC to improve actual user outcomes against security threats. The wire protocol and standard for establishing E2E-encryption is only one part of “user outcomes”, see also our answers to device-seizure and message-metadata questions.

Is Delta Chat vulnerable to EFAIL?

No, Delta Chat never was vulnerable to EFAIL because its OpenPGP implementation rPGP uses Modification Detection Code when encrypting messages and returns an error if the Modification Detection Code is incorrect.

Delta Chat also never was vulnerable to the “Direct Exfiltration” EFAIL attack because it only decrypts multipart/encrypted messages which contain exactly one encrypted and signed part, as defined by the Autocrypt Level 1 specification.

Is a message exposed in cleartext if E2E-encryption is not available?

No, this does not necessarily mean that the message is exposed in cleartext.

Delta Chat always uses (TLS) encryption which secures connections between your device and your e-mail provider unless you explicitly disable it. All of Delta Chat’s TLS-handling has been independently security audited.

Moreover, the connection between your and the recipient’s e-mail provider will today typically be transport-encrypted as well. If the involved e-mail servers support MTA-STS then transport encryption will be enforced in all inter e-mail server communications in which case Delta Chat communications will never be exposed in cleartext to the network even if the message was not E2E-encrypted.

Note that maintaining E2E-encryption on top of TLS encryption is highly advisable because it provides safety between your device and a contact’s device, irrespective of any hops over potentially compromised e-mail servers.

How does Delta Chat protect metadata in messages?

Delta Chat protects most message metadata by putting the following information into the E2E-encrypted part of messages:

E-Mail servers do not get access to this protected metadata but they do see the message date as well as the message size, and, more importantly, the sender and receiver addresses. E-mail servers need receiver addresses to route and deliver messages to recipient’s devices.

How to protect metadata and contacts when a device is seized?

Both for protecting against metadata-collecting e-mail servers as well as against the threat of device seizure we recommend to use a Delta Chat optimized e-mail server instance to create pseudonymous temporary accounts through QR-code scans. Note that Delta Chat apps on all platforms support multiple accounts so you can easily use action-specific “1-week” or “1-month” accounts next to your “main” account with the knowledge that all temporary account data, along with all metadata, will be deleted. Moreover, if a device is seized then contacts using temporary e-mail accounts can not be identified easily, as compared to messengers which reveal phone numbers in chat groups which in turn are often associated with passport identities.

How can I verify E2E-security with a contact?

If you are within immediate distance of your contact, select QR Invite code on one device and then Scan QR code from within Delta Chat on the other device. If both devices are online, they will setup a chat with each-other (if it doesn’t exist already) and both will see a “sender verified” system message in their chat. Showing and scanning a QR code can also happen in any “second channel” such as a video call or another messenger.

If QR code scanning is for some reason not viable, you may check the E2E encryption status manually in the “Encryption” dialog (user profile on Android/iOS or right-click a user’s chat-list item on desktop). Delta Chat shows two fingerprints there. If the same fingerprints appear on your own and your contact’s device, the connection is safe.

How can I check the encryption status of messages?

A little padlock in a message bubble denotes that the message was properly E2E-encrypted from the given sender. If there is no padlock, the message was not properly E2E-encrypted most likely because the sender uses an app or webmail interface without support for E2E–encryption.

Why do I see unencrypted messages?

If a contact uses a non-Autocrypt e-mail app, all messages involving this contact (in a group or 1:1 chat) will not be E2E-encrypted, and thus not show a “padlock” with messages. Note that even if your contacts use Delta Chat on their account, they might also use a non-Autocrypt e-mail app on that account which then may cause intermittently unencrypted messages. Replying unencrypted to unencrypted messages is mandated by Autocrypt to prevent unreadable messages on the side of your contacts and their non-Autocrypt e-mail app.

If you need a safely E2E-encrypted chat with contacts who are using their account also with Autocrypt-incapable apps (e.g. webmail) it’s best to create a verified group chat with them. Any message sent into a verified group chat will be E2E-encrypted irrespective of the last incoming message from a contact.

How can I ensure message E2E-encryption and deletion?

The best way to ensure every message is encrypted, and metadata deleted as quickly as possible is using verified groups and turning on disappearing messages.

Verified groups are always encrypted and protected against MITM attacks and turning on “disappearing messages” deletes the messages on the server after a user-configured time.

If you don’t need a longer-lived copy of your messages on the server, you can also turn on “delete messages from server automatically”.

Does Delta Chat support Perfect Forward Secrecy?

No, Delta Chat doesn’t support Perfect Forward Secrecy (PFS). This means that if your Delta Chat private decryption key is leaked, and someone has collected your prior in-transit messages, they will be able to decrypt and read them using the leaked decryption key.

Note, however, that if anyone obtains to your decryption keys, they will typically also be able to obtain your messages, irrespective if Perfect Forward Secrecy is in place or not. The typical real-world situation for leaked decryption keys is device seizure which we discuss in our answer on metadata and device seizure.

It is possible that Delta Chat evolves to support Perfect Forward Secrecy, because OpenPGP is just a container for encrypted messages but encryption key management (and thus key rotation or key “ratcheting”) could be organized in flexible ways. See Seqouia’s PFS prototype for existing experiments in the OpenPGP implementor community.

Can I reuse my existing private key?

Yes. The best way is to send an Autocrypt Setup Message from the other e-mail client. Look for something like Start Autocrypt Setup Transfer in the settings of the other client and follow the instructions shown there.

Alternatively, you can import the key manually in “Settings -> Advanced settings -> Import secret keys”. Caution: Make sure the key is not protected by a password, or remove the password beforehand.

If you don’t have a key or don’t even know you would need one - don’t worry: Delta Chat generates keys as needed, you don’t have to hit a button for it.

I can’t import my existing PGP key into Delta Chat.

The most likely cause is that your key is encrypted and/or uses a password. Such keys are not supported by Delta Chat. You could remove the passphrase encryption and the password and try the import again. If you want to keep your passphrase you’ll have to create an e-mail alias for use with Delta Chat such that Delta Chat’s key is tied to this e-mail alias.

Delta Chat supports common OpenPGP private key formats, however, it is unlikely that private keys from all sources will be fully supported. This is not the main goal of Delta Chat. In fact, the majority of new users will not have any key prior to using Delta Chat. We do, however, try to support private keys from as many sources as possible.

Removing the password from the private key will depend on the software you use to manage your PGP keys. With Enigmail, you can set your password to an empty value in the Key Management window. With GnuPG you can set it via the command line. For other programs, you should be able to find a solution online.

Multi-client

Can I use Delta Chat on multiple devices at the same time?

Yes. Delta Chat 1.36 comes with a new, experimental function for using the same account on different devices:

In contrast to many other messengers, after successful transfer, both devices are completely independent. One device is not needed for the other to work.

Troubleshooting

Manual Transfer

This method is only recommended if “Add Second Device” as described above does not work.

Are there any plans for introducing a Delta Chat Web Client?

What is the “Send Copy to Self” setting good for?

Sending a copy of your messages to yourself ensures that you receive your own messages on all devices. If you have multiple devices and don’t turn it on, you see only the messages from other people, and the messages you send from the current device.

The copy is sent to the Inbox, and then moved to the DeltaChat folder; it’s not put into the “Sent” folder. Delta Chat never uploads anything to the Sent folder because this would mean uploading a message twice (once through SMTP, and once through IMAP to Sent folder).

The default setting for copy-to-self is “no”.

Why can I choose to watch the “Sent” folder?

The only reason one wants to watch the Sent folder is if you are using another mail program (like Thunderbird) next to your Delta Chat app, and want your MUA to participate in chat conversations.

However, we recommend using the Delta Chat Desktop Client; you can download it on get.delta.chat. The option to watch the “Sent” folder might go away in the future. It was introduced at a time where there was no Delta Chat Desktop client available on all platforms.

Why can I choose not to watch the DeltaChat folder?

Some people use Delta Chat as a regular email client, and want to use the Inbox folder for their mail, instead of the DeltaChat folder. If you disable “Watch DeltaChat folder”, you should also disable “move chat messages to DeltaChat”. Otherwise, deleting messages or multi-device setups might not work properly.

Private Apps / webxdc

In Delta Chat, you can share “private apps”, attachments with an .xdc file extension. They can do very different things, and make Delta Chat a truly extendable messenger. The technical term is webxdc.

How private are private apps?

Where can I get private apps?

How can I create my own private apps?

Experimental Features

We are very grateful about feedback on these features - do you want to share your ideas? Join the Forum to contribute. (You like experiments? Register through “Sign up -> with Delta Chat”!)

How can I use audio/video calls with Delta Chat?

What is a verified group? Why is it experimental?

Verified groups carry a green verification checkmark in the group title that guarantees that all messages are E2E-encrypted and can not be read or altered by e-mail servers. Each member in a verified group chat can add already verified contacts or tap “QR Invite code” to let invitees scan the code to get verified and added (“secure-join”). This “secure-join” protocol ensures that all verified group chat members are connected with each other through a chain of verifications (“web of trust”), guaranteeing E2E-encryption consistency even if e-mail servers are compromised or malfeasant. See countermitm.readthedocs.io for a detailed security discussion.

Note that “1:1” chats are currently only opportunistically encrypted (Autocrypt). You need to create a verified group with your contact to ensure that all messages will be safely E2E-encrypted between you two. We plan to introduce verified 1:1 chats around the end of 2023, simplifying and extending the guarantees of verified E2E-encryption for all chat types. Until then verified groups will remain classified as an experimental feature although they are widely and successfully used already, and reported bugs have been continously fixed in the last years.

What are Broadcast Lists and how can I use them?

How can I share my location with my chat partners?

What does the experimental database encryption actually protect?

Why can I choose to only watch the DeltaChat folder?

This is an experimental setting for some people who are experimenting with server-side rules. Not all providers support this, but with some you can move all mails with a “Chat-Version” header to the DeltaChat folder. Normally, this would be done by the Delta Chat app.

Enabling “Only Fetch from DeltaChat folder” makes sense if you have both:

In this case, Delta Chat doesn’t need to watch the Inbox, and it’s enough to only watch the DeltaChat folder.

How can I change my account to a different e-mail address?

  1. Change your address at the “Password and Account” seetings screen in Delta Chat, enter your password (and if necessary, server settings) for the new account
  2. If possible, make your old e-mail provider forward all e-mails to your new email address
  3. Tell your contacts that you changed your address. If you write this to a verified group, they will acknowledge this automatically.

To learn about the details behind this, read our blogpost on it.

Miscellaneous

Does Delta Chat work with my e-mail-provider?

I want to manage my own e-mail server for Delta Chat. What do you recommend?

If Delta Chat uses E-Mail, is it really an Instant Messenger?

Is Delta Chat compatible with Protonmail / Tutanota / Criptext?

I’m interested in the technical details. Can you tell me more?

Was Delta Chat independently audited for security vulnerabilities?

The Delta Chat project underwent four independent security audits in the last years:

How are Delta Chat developments funded?

Delta Chat does not receive any Venture Capital and is not indebted, and under no pressure to produce huge profits, or to sell users and their friends and family to advertisers (or worse). We rather use public funding sources, so far from EU and US origins, to help our efforts in instigating a decentralized and diverse chat messaging eco-system based on Free and Open-Source community developments.

Concretely, Delta Chat developments have so far been funded from these sources:

The monetary funding mentioned above is mostly organized by merlinux GmbH in Freiburg (Germany), and is distributed to more than a dozen contributors world-wide.

Please see Delta Chat Contribution channels for both monetary and and other contribution possibilities.