Notices by Delta Chat (delta@chaos.social)

#deltachat community milestones:

Dec 2023: first #chatmail server

Feb 2024: iOS push notifications

March 2024: ETH Zuerich #security analysis

June 2024: Instant onboarding on all clients

Nov 2024: #P2P #webxdc realtime and home-screen apps

Dec 2025: rPGP #security audit, 20 known #chatmail servers world-wide

Jan 2025: new #webxdc store, UI integrated app-picker, webxdc push notifications.

Spring 2025: is coming :)

money used: ~600K EUR, a tiny amount compared to other messengers.

Woah! You can now run 32bit operating systems (alpine, ReactOS, ...) via the new v86emu #webxdc app available at https://webxdc.org/apps/#mightyshadow702-v86emu

Ethernet networking uses "webxdc realtime API" implemented via @n0iroh gossip channels.

Basically the Linux VMs are wired to an Ethernet that is constrained to chat members only and uses forward-secret encryption with #p2p connections. Result: Telnet and netcat are similarly secure as signal, and you can run all kinds of systems and nets :)

Isn't it poetic and ironic that out of all possible time lines we are in one where #securejoin #openpgp protocols on top of the existing #email protocols offer the arguably most solidly scaling, useable, world-wide federated end-to-end encrypted messaging reality, safe against compromised #mitm servers? Hundreds of billions spend to create "the email successor" and here we are in 2025 .... #interopable #email and #cryptography as the turtoise looking at Achilles through the back mirror :)

@sardon not that we know off. As far as we know thunderbirds current extension model does not allow even an #autocrypt compliant plugin let alone all the rest that delta offers. #enigmail used to offer full autocrypt support but when thunderbird changed the plugin model and integrated openpgp into thunderbird they went back to the old idea of "users have to consciously manage their encryption keys" ... An unfortunate old tradition. We aim for modern usable security like signal delivers.

No coins, no chains, no big machinery but plain, efficient and scalable decentralization, leveraging the largest open internet messaging network ever created by humans ... made safe, fast and resource efficient with #chatmail servers using strong and audited #interoperable #cryptography. It just works (tm) in many places where Signal and WhatsApp fail today. It's time to reclaim "decentralization" from techbros, insist on real-life #resilience and trust this cute figure from @Xeniax :)

There is a new #chatmail server deployment using #chef tooling, put together by @feld , incorporating the same "chatmaild" services used by the mainline chatmail server template, and also otherwise achieving feature-parity ... Thanks Mark!

https://github.com/feld/chatmail-cookbook

@ambiguous_yelp @gh0stz0x @feld SimpleX was blocked in Russia simply by blocking a single UDP port nation-wide. The solution is to use SOCKS proxy: https://mastodon.social/@simplex/113137959973971123

People like to say "email leaks metadata" but consider this: Delta apps do not store group metadata (memberlists, group names, avatars, keys) on servers. By comparison,

- #matrix stores group metadata unencrypted on home servers and replicates it to other federated matrix servers

- #signal stores encrypted group metadata on Amazon cloud servers

#deltachat uses a #p2p messaging model for encrypted group metadata where servers function as transport only.

The ecosystem is moving ... away from corporate centralization and mindsets.
Billionaires are out, federated and multi-player systems are in, if we gather the many chats, gossips and happenings around #fosdem correctly. Dispersing ourselves around Bruxelles the last couple of days was very enjoyable (thanks Sun!) and helpful to orient in convivial directions in this otherwise extraordinarily stupid 2025 timeline ... thanks to the many people we enjoyed conversations and hang outs with! ❤️

Signal has the most carefully designed cryptographic protocols that you can run on a central platform, thanks to Trevor and Moxie. They have truly inspired many end-to-end encryption advances everywhere in the last decade. Great stuff.

However, Signal depends on Amazon/ DynamoDB, Intel/SGX , on Cloudflare, on Google Cloud ... and operations are expensive, with financing dependent on US jurisdiction and non-profit status there.

Dear @Mer__edith , isn't it time to revisit operational choices?

As an excellent programmer once noted: constraints induce creativity and focused design. Delta Chat has been running against classic e-mail provider constraints for years and had to evolve its code to work against these constraints (rate limits, spam filters, signups, delays etc) and thus we were uniquely positioned to create a minimal #chatmail server template that beats Gmail, Outlook, iCloud etc regarding security, performance and efficiency. It's a similar story with #deepseek if you will.

@leaf yes, there are futures where servers play less of a role than they do today. We are thinking/prototyping on that.

But already today, #webxdc realtime apps eg at https://delta.chat/en/2024-11-20-webxdc-realtime#pixel-app-small-offline-first-and-realtime are using @n0iroh and thus offer a private #p2p network. Here, the rather reliable #SMTP server network is used to bootstrap lots of little private P2P ones consisting of unstable peers. Without this bootstrapping you need central root servers along with DHTs or other mechanism for discovery.

Preventing enshittification of platforms rests on credible exit for users and devs. #ActivityPub and #SMTP are not perfect but

a) are implemented und understood by many players,

b) enable freedom of choice of servers and clients,

c) implement #RightToMigrate as well as self/community custody

Many #p2p projects promise to remove servers but often promote and depend on a single implementation stack, have no spec and no interop among #p2p islands, and thus struggle to provide credible exit.

Where we stand as a project:

- delivering usable decentralized and secure super-apps across all platforms with many friendly forks and alternative, complementary community developments.

- thinking/prototyping several "next big things" (tm) and working on delivering them for real.

Delta Chat is a realist R&D endeavour involving many contributing world-class experts in their fields. Because real expertise is needed to cut through all the crap in specs and softwares.

Idealism is not enough.

@lasagne no, delta chat does not expose filenames. https://delta.chat/en/help#are-attachments-pictures-files-audio-etc-end-to-end-encrypted

When not dabbling in undusting the venerable Email system we play with rewiring the Web to free it from the possibility of billionaire platforms. With a nod to @pluralistic 's "Ulysses Pact" we just published "Replacing billionairish platforms with ZIP files"
highlighting a bunch of new #webxdc features and community developments. The challenge is on who wants to join in de-platforming Venture-Capital-backed web apps that try to mediate our private communications https://delta.chat/en/2025-01-23-webxdc-notifications

@kinetix It's totally fine to go with self-hosting but >99.99% percent of potential users are not running their own e-mail servers and it doesn't make sense to recommend it as the sellling-point then generally? Also, Delta Chat has multi-profile support. There is nothing speaking against first trying things with friends with default profiles, and if you like it use self-hosted addresses. Some first users evolved to run their own #chatmail server and migrated there.

@billseitz @kinetix we understand the sentiment and reluctance of "creating yet another account". Everybody is tired of signing up somewhere. But since chatmail servers and instant onboarding was introduced some 9 months ago, usage strongly increased and there are now at least a dozen independent #chatmail servers with many more we don't know. Did you try it? There is no "heavyness" of registration typically associated with "signing up". Chatmail addresses make e-mail cheap again! :)

PSA: please recommend newcomers to use chatmail servers instead of suggesting they start first with an existing classic e-mail address.

#Chatmail servers provide a dependable, fast and secure messaging experience, with instant push notifications for Google and Apple phones. No personal data needed. Delta Chat profiles with chatmail servers come closest to mainstream messaging experiences and typically "just work" also in many repressive situations with bad internet or partial blockings.

@ax3 @me we may eventually return to the topic of forward secrecy ... it is doable but details matter which we won't discuss much here. Please do note that up until today, nobody has come up with federated PFS protocols in real life messengers that would be as reliable as Signal. For now, PFS means centralization and that's a very high price to pay.