Instant Messaging

Communicating is every person’s prerogative, and there are many ways to communicate.

We have already published other contributions on the point1.

Currently, messaging apps are preferred for sending short text messages, voice messages, images, and videos; calls and video calls are not excluded.

Many people use WhatsApp, which - in our opinion - is the solution to be avoided2 for several reasons widely exposed in other posts as well.

Therefore, our choice is to use other messaging systems that respect both the security criteria and data protection and privacy principles, leaving the user complete control over their personal data.

We have already presented in other posts3 some complete solutions for communication (not only instant messaging - IM) that we consider attractive for the reasons explained.

In particular, from our point of view, they respect the following criteria and principles

DeltaChat: what is it?

DeltaChat is another very appreciable and fascinating solution that - at the moment and in our opinion - completes the list of communication apps that respect security and privacy.

The solution of DeltaChat developers is undoubtedly original, as you can use the app simply through the e-mail account that the user already has.

DeltaChat doesn’t require any registration or other data (mobile number, first and last name, etc.), except only your e-mail address.

What is, then, the originality of DeltaChat?

Well, to realize a messaging app without inventing a specific protocol, realizing sending and receiving messages through the oldest and most famous system: e-mail.

Who among us doesn’t use at least one e-mail account?

DeltaChat uses the e-mail account as a vehicle for sending messages. In essence, the app makes it easy to send and receive messages by transmitting e-mail.

When someone asks us what tool to communicate “properly” with, we answer to look at the features of DeltaChat. You always have to create an account; with DeltaChat, you don’t have to create anything because you have to log in to your e-mail account.

That’s it, and that’s no small thing.

As you can see from this page, DeltaChat is available for macOS, iOS (iPhone and iPad), Android, Windows, GNU/Linux.

In this post, we will refer to iOS and macOS only.

Who is behind DeltaChat?

Below we report the data published on the DeltaChat site (on the page https://delta.chat/it/imprint) and precisely:

Delta.Chat is an open source community project. The person responsible for the content of the pages is:

Merlinux GmbH
Reichsgrafenstr. 20
79102 Freiburg, Germany

So, DeltaChat is a community project (maybe they meant a European project, but it doesn’t matter) by a company based in Germany. The information that DeltaChat is a European project is essential, but it is certainly not the element that can discriminate this solution from others. We know that excellent developers have produced software solutions defined as “must-have,” and their projects have not been the object of attention from institutions.

However, we are pleased that DeltaChat is a European project because it has deserved attention from the institutional bodies of the European Union.

More in detail, we recall the question “How are Delta Chat developments funded?” present in the FAQ of the official site, and we report the relative answer:

First of all, Delta Chat does not receive any Venture Capital and is not indebted, and under no pressure to produce huge profits, or to sell users and their friends and family to advertisers (or worse).

Delta Chat developments have so far been funded from four major sources:

  • The NEXTLEAP EU project funded the research and implementation of verified groups and setup contact protocols in 2017 and 2018.

  • The Open Technology Fund has given two grants. The first 2018/2019 grant (~$200K) majorly improved the Android app and allowed us to release a Desktop app beta version, and also moored our feature developments in UX research in human rights contexts, see our concluding Needfinding and UX report. The second 2019/2020 grant (~$300K) is still ongoing and helps us to release Delta/iOS versions, to convert our core library to Rust, and to provide new features for all platforms. See the ongoing blog posts for more info.

  • The NLnet foundation granted EUR 46K for completing Rust/Python bindings and instigating a Chat-bot ecosystem.

  • Last but by far not least, several pro-bono experts and enthusiasts contributed and contribute to Delta Chat developments without receiving money, or only small amounts. Without them, Delta Chat would not be where it is today, not even close.

The monetary funding mentioned above was organized by merlinux GmbH in Freiburg (Germany), and then distributed to almost a dozen contributors.

Funding for 2020/2021 is yet to be determined. We are pursuing several opportunities with different organisations and partners. We also are considering to ask for donations. In fact, we experimentally started a little Delta Chat / Liberapay donation account but have not published this yet. There were also around 3-4K so far donated to Bjoern’s (the original author of Delta Chat) paypal and bitcoin donation channels.

We feel it is very appreciable and truly transparent to have published information regarding the funding of the DeltaChat project.

How to use DeltaChat?

Moving on to the more operational part, how can you send messages with just your email address?

That is the original part of the app, instead of who developed it.

As we already said, with DeltaChat, you can send and receive encrypted messages using Autocrypt.

Thus, on the DeltaChat FAQ webpage to the question Does Delta Chat support end-to-end-encryption? we read the following answer:

  • Yes. Delta Chat implements the Autocrypt Level 1 standard and can thus E2E-encrypt messages with other Autocrypt-capable apps.

  • Delta Chat also supports a strong form of end-to-end encryption that is even safe against active attacks, see “verified groups” further below.

On Autocrypt website we read:

What is Autocrypt?”"

We read the following answer:

Autocrypt is a set of guidelines for developers to achieve convenient end-to-end-encryption of e-mails. It specifies how e-mail programs negotiate encryption capabilities using regular e-mails.

For users, Autocrypt Level 1 offers single-click, opt-in encryption, eases encrypted group communications, and provides a way to setup encryption on multiple devices.

The use of DeltaChat is straightforward and immediate.

We indicate some steps even if on the official website there are FAQ very complete that provide the necessary clarifications.

DeltaChat Desktop for macOS at startup looks like this:

dc-login](/images/deltachat/deltachat-login.png#center)

As you can see, you’re asked to login to your email server, and then we’ll have to enter our email address and password.

Once that’s done, the app is ready as per the following image:

dcready01

What happens, server-side, to the email account used for DeltaChat login?

DeltaChat, once you log in to your email account, creates a folder called DeltaChat that the app will use to pass messages on the server.

Moving a little on the technical side, we point out that DeltaChat uses the standards indicated on this page, including the RFC for the IMAP protocol.

Returning to the app, in the “Device Messages” section, you’ll see the following messages that attest to the completion of the login process and that the app is ready to work properly:

dcready02

The next step, which we suggest, is to customize the settings.

There are three vertical dots in the upper right corner, and if we click them, a menu opens from which we can choose the settings.

Under “Communication”, you can choose between showing classic emails or not, only chat.

It is preferable to have activated “chat only”; otherwise, you will receive very long messages with signatures sometimes present in email messages. That is a handy feature.

dc

Continuing in the settings, you can enable or disable Autocrypt (i.e., encryption); it is preferable to leave the setting on.

dc

Then there are other functions, as you can see in the following image:

dc

Sending messages

Sending messages is straightforward.

Let’s assume that Bob wants to send a message through DeltaChat to Alice, who hasn’t installed the app.

In DeltaChat, Bob will click on the three vertical dots and choose “New chat”. A window will open, and Bob will only have to type the recipient’s (Alice’s) email address.

At that point, a chat will open in Bob’s DeltaChat as it does in any other messaging app.

The advantage is that - using email - even if the recipient (Alice) does not have the DeltaChat app installed, he will receive the message as a standard email.

At that point, Alice will be able to decide whether to install DeltaChat and continue the message exchange with Bob through the app.

Otherwise, Alice can reply to the message by replying to the email received from Bob.

So, Bob will still receive Alice’s reply if Alice decides to reply to the email or installs DeltaChat and responds with the app.

We are experiencing a problem with the message notification that we have duly reported, and we hope for a quick solution.

Conclusions and Privacy

As per our custom, we will present the conclusions that concern both the evidence of a concrete use of the app and considerations related to the protection of personal data and privacy.

On the use of the app: DeltaChat is simple and of immediate use; the learning curve is low, and it is, therefore, accessible to anyone.

Another advantage, as mentioned, is the operation is based solely on an email account.

Regarding the protection of personal data and privacy, in our opinion DeltaChat, as it is structured, has no impact on personal data protection and privacy, precisely because it uses an email account to convey messages. The message encryption feature using Autocrypt is an added value in security.

In conclusion, DeltaChat is a valid alternative to other well-known and popular messaging apps, which are less adherent to the principles and provisions on personal data protection and privacy.