We hereby challenge _all_ other messaging apps, FOSS or not, to provide a more convenient private onboarding experience than #deltachat
1. Install app
2. "Create new profile"
3. Enter nick name, tap "Agree and continue"
4. Tap "+" and "new contact" and provide/scan qr code/link
Voila! A secure private chat, familiar to those coming from Whatsapp or Telegram (without "AI", with #a11y).
Note: chat identities are private and can not be queried or discovered. Servers keep no track or metadata
This entry was edited (2 days ago)
Peter Vágner likes this.
Peter Vágner reshared this.
Magical Cat
in reply to Delta Chat • • •I think having
Delta Chat
in reply to Magical Cat • • •Magical Cat
in reply to Delta Chat • • •Now i aware of all that, but my contact got discouraged with that complexity and don't want to try again.
Have to keep using whatsapp (it sometimes get blocked).
Delta Chat
in reply to Magical Cat • • •Magical Cat
in reply to Delta Chat • • •Delta Chat
in reply to Magical Cat • • •Scott Murray
in reply to Delta Chat • • •Delta Chat
in reply to Scott Murray • • •Welcome to the Future Nauseous
www.ribbonfarm.comDusty
in reply to Delta Chat • • •Frederik Braun �
in reply to Delta Chat • • •Delta Chat
in reply to Frederik Braun � • • •Chatmail: Relays
chatmail.atFabrice Desré
in reply to Delta Chat • • •Delta Chat
in reply to Fabrice Desré • • •we hear you but it's the truth: by onboarding to #deltachat today you are diving into an experimental testrun of "the future of email" , also known as #chatmail chatmail.at
Finally we, as app distributors, want to fully disentangle from any "default" server. Testrun will become history :)
Chatmail
chatmail.atElena Brescacin
in reply to Delta Chat • • •Peter Vágner
in reply to Elena Brescacin • •WofWca likes this.
Elena Brescacin
in reply to Peter Vágner • • •Sensitive content
Peter Vágner
in reply to Elena Brescacin • •Peter Vágner
in reply to Elena Brescacin • •@Elena Brescacin Okay, so you are with your @Delta Chat app running on windows and you are about to start a new chat.
You have these options:
Conversely if you are about to invite someone else to chat with you on deltachat, you can invite them like this:
If you enter the chat, as an addition to standard navigation shortcut keys such as tab, shift+tab, arrow keys, applications key, deltachat has some usefull shortcut keys on its own and those are:
If you like to try this right now, here is an invite link to screen reader users chat I have created a few months ago when other screen reader users were interested in trying out deltachat.
I am alone lurking in this chat for now, so bear with me if I won't be able to respond in real time.
i.delta.chat/#6FE1642916908F1A…
like this
MarieB and Delta Chat like this.
Elena Brescacin
in reply to Peter Vágner • • •Sensitive content
Peter Vágner
in reply to Elena Brescacin • •@Elena Brescacin For me there are multiple reasons why to prefer @Delta Chat over other similar apps and platforms.
It's free, open-source, self-hostable, respecting privacy, giving control to users rather than to someone else who might have the whole platform under his control.
However most prominent reason why it's so appealing to me is that screen reader #accessibility is being taken so seriously and actionably from the dev team. They have no contracts, no investors, no one time opportunities pushing for accessibility features and they are working on these features from the bottom of their hearts.
Do you think so called gate keepers would care to implement some of their accessibility if they have not been pushed to do so? Why do you think it takes so long to fix some accessibility related discrepancies in the most popular messaging apps?
I think this invisible message should be warmly understood by the blindness community and other communities where it makes such a significant impact.
Aren't you happy you do have verry accessible messaging app at your disposal you can freely use to its maximum?
XMPP is good however it's not yet screen reader accessible on the major platforms.
Matrix is also good it's even fully accessible technically however it still can be improved in this regard and it's more difficult to adopt. Further accessibility improvements are more difficult to get implemented when I am comparing to delta chat.
There were other attempts at a messaging app such as tox in the past that were verry promising however screen reader accessibility has never been recognized like this.
like this
Delta Chat and WofWca like this.
Elena Brescacin
in reply to Peter Vágner • • •Sensitive content
Peter Vágner
in reply to Elena Brescacin • •Delta Chat likes this.
Elena Brescacin
in reply to Peter Vágner • • •Sensitive content
The issue isn't for me. But for my contacts who would ask: why should I install yet another app, to chat just with you? What can I find better?
I am referring to folks whose interests in privacy and stuff, are zero. Wrong. It's the basics of digital life. But how can I make them aware if they spend their days in "good morning banana" groups?
WofWca
in reply to Peter Vágner • • •@pvagner
> They have no contracts, no investors, no one time opportunities pushing for accessibility features
I am afraid this is not true. Most of the accessibility work in the past ~year has been funded by NLnet, as part of nlnet.nl/project/DeltaTauri/ project. Of course the developers were the ones to request a grant for that, but the work wasn't done for free.
I think Delta Chat wouldn't be where it is right now without the money.
Also see delta.chat/en/help#how-are-del…
Delta Chat: FAQ
delta.chatPeter Vágner likes this.
Peter Vágner
in reply to WofWca • •@WofWca Oh, I've idealized it too much. Please accept my apologies for spreading inaccurate info.
The other feelings from my previous post are still true, it's very usefull, I like it and the screen reader accessibility is improving even further beyond that project.
Let's see if your dedication pays off and more people will be able to adopt using it and motivate you to keep up with the accessibility related work.
WofWca likes this.
WofWca
in reply to Peter Vágner • • •> motivate you to keep up with the accessibility related work
You alone, @pvagner, are sure doing a lot on this front 😀
Peter Vágner likes this.
feld
in reply to WofWca • • •Delta has funding and funding is absolutely crucial for the project to be able to keep people focused on the work instead of $DAYJOB. But none of the funding has strings attached where undesirable features or backdoors can be foisted upon the users.
Some of the funding in the past was by the Open Technology Fund who also funded Signal, Tor, and others.
Peter Vágner likes this.
LΞX/NØVΛ
in reply to Delta Chat • • •i would use you ... if you had Perfect Forward Secrecy.
Until them don't expect me to use or recommend your app
Bruce Walzer 🇨🇦
in reply to LΞX/NØVΛ • • •@lexinova Message retention more or less negates the benefit of forward secrecy. If an attacker gets your secret key information they for sure are going to get your old messages. Since most people want to keep their old messages around forward secrecy is not very important for encrypted messaging.
articles.59.ca/doku.php?id=pgp… (my article)
Forward Secrecy [The Call of the Open Sidewalk]
articles.59.caLΞX/NØVΛ
in reply to Bruce Walzer 🇨🇦 • • •Delta Chat
in reply to LΞX/NØVΛ • • •Chatmail: Clients
chatmail.atLΞX/NØVΛ
in reply to Delta Chat • • •@upofadown oh tauri one i would use it when it go out thanks :)
for once an app is willing to use it :)
LΞX/NØVΛ
in reply to Delta Chat • • •adb
in reply to LΞX/NØVΛ • • •@lexinova you don't need perfect forward secrecy... first of all, it is useless if you don't use short-term disappearing messages, second, it is useful if you can have only a single profile like on Signal, where you mix sending memes to your mom with planing a government boicot in the same account, any serious activist will use a dedicated profile they can just throw away, together with all its suspicious chats, this is super easy to do in Delta Chat, impossible with Signal
@delta
adb
in reply to adb • • •LΞX/NØVΛ
in reply to adb • • •@adbenitez It's not because YOU want chat history that everyone want it.
Me and my familly all use 1 week auto deletion.
if we need something we save it ....
adb
in reply to LΞX/NØVΛ • • •@lexinova glad you have such a privacy conscious family, most people don't want to put the efforts of saving every family photo or important message in Saved Messages, and then you are not protecting those with PFS anyways
also, for PFS to work your enemy needs to control or have access to the server you use, which is easier with a centralized server but not so much with decentralized platforms like Delta Chat,
can you point out when PFS saved anyone? never
LΞX/NØVΛ
in reply to adb • • •@adbenitez never say never, and again because you don't need it does not mean it's not good.
Also you put a little too much trust on the operator of your decentralized server of the one that relay it.
operator can go rogue, or the server can be seized and run (many federal agency trough the world take over and run the server to catch as much as possible).
But what do i know i'm only a CISO after all
adb
in reply to LΞX/NØVΛ • • •@lexinova I didn't say it is not good to have, I say it is not a reason for you to upfront reject any solution if it doesn't have the typical fusswords out of context
about the operator of the relay I use, yes, I trust him, it is MYSELF, I don't need to trust a 3rd party...
if I would need to do some dangerous business I would create a new account which takes 3 taps and use that then easily delete it with all its chats and contacts, you never replied to this point of using multi-account, well
LΞX/NØVΛ
in reply to adb • • •@adbenitez No self deleting message and PFS, also protect from the crap of a phone many contact have by making sure it's deleted after a time, and not brokable later on with PFS, so your example fail both thing i'm protected from with autodeleted message + PFS
But i will stop to answer as you don't understand that your threat model cannot work on everyone
adb
in reply to LΞX/NØVΛ • • •LΞX/NØVΛ
in reply to adb • • •@adbenitez you can resume it in one sentence :
"if it does not break it secure it", so if it does not hinder the convenience of normal people and do not prevent the system to work it must be added.
and for why the answer is simple, i was born and lived in the russian federation before comming to EU freedom so security and privacy is non negociable for me.
feld
in reply to LΞX/NØVΛ • • •LΞX/NØVΛ
in reply to feld • • •feld
in reply to LΞX/NØVΛ • • •even if you had a state level attacker coming after you they're more likely to compromise the software supply chain and backdoor your virtual keyboard or be able to screenshot and exfiltrate without you knowing. Then they don't need your key anyway because capturing the traffic is so much harder
With delta, your client to server is TLS 1.3 with PFS anyway so they gotta break that first
LΞX/NØVΛ
in reply to feld • • •@feld @adbenitez was not thinking of state attack, just that many unknown are generated trough email relay
that mean (for example) if half the user use relay that run on AWS, amazon can theorically shadow copy them crack them, no pfs = everything is cooked
again it's a threat i took out of my pocket and i'm pretty sure pfs also protect other kind of attack i didn't think off.
feld
in reply to LΞX/NØVΛ • • •LΞX/NØVΛ
in reply to feld • • •@feld @adbenitez or in a week if in 2 day we find a flaw or bug in how keepass handle something, that made it easy to guess
Never think your encryption is flawless or you might be cooked if some flaw like this appear.
feld
in reply to LΞX/NØVΛ • • •if some flaw like that appears, it's not me that's cooked -- it's the entire internet, corporations, governments...
encryption HAS to withstand being in the hands of an adversary. Otherwise what good is full disk encryption? If they have their hands on your disk and you really think that it could get cracked in a week or a year, why waste your time? It would be better to just take extreme caution to physically protect access to it.
I trust the math. And I also don't have any faith at all in quantum CPUs. Until I can order one and it does EXACTLY what they claim it can do, it's a fantasy. I say this all the time: the quantum CPU is the new cold fusion.
LΞX/NØVΛ
in reply to feld • • •@feld @adbenitez not really already happened in the past, never blindly trust encryption (even more if only one is done), and never trust the network.
it's security 101
feld
in reply to LΞX/NØVΛ • • •why not just wrap even more layers around everything then? You already suggesed that if it doesn't break it you must add it. So let's do AES-256 inside EC inside Twofish and sprinkle some ROT13 in there with a little ML-DSA on top to appease the people afraid of the boogeyman
We don't do this because it's ridiculous
LΞX/NØVΛ
in reply to feld • • •@feld @adbenitez don't exagerate my claim please.
Normally when we do backup you have the data backuped (encrypted), and we make a file (or multiple if the compressed file is cut in multiple file), that himself is encrypted before being send on external infra..
making 2 encryptions without making the ridiculous thing you just said ...
feld
in reply to LΞX/NØVΛ • • •> making 2 encryptions without making the ridiculous thing you just said ...
ahh, but that's exactly what we're doing! They've standardized PQC as a hybrid, not as a standalone. It's two layers of encryption when one should be sufficient if it's any good.
Phantasm
in reply to LΞX/NØVΛ • • •Look at it this way, if AES-256 wasn't random enough, banks wouldn't use it to secure connections your TLS sessions and likely communications between them. There are known attacks against AES-128 which leak information in a few rounds and are very far from working at full 10 rounds. They don't completely break the encryption. There are known attacks against Chacha20 which leak information at ~6 rounds, far from the full 20 rounds.
The reason why you can blindly trust modern-enough encryption is because it is known how hard the math problems are. Same with large primes (like in RSA) and EC cryptography. It is approximately known how difficult the discrete log problems are.
And the reason why some people are freaking out about quantum computers is because there are known algorithms that can potentially break RSA far quicker than regular computers and cut security of AES by half at best. But quantum computers capable of running those algorithms are at best 5+ years from even potentially existing. If they will ever exists, nobody knows yet.
feld
in reply to Phantasm • • •> And the reason why some people are freaking out about quantum computers is because there are known algorithms that can potentially break RSA far quicker than regular computers and cut security of AES by half at best.
but ONLY if quantum computing can leave the "theory" stage and we can produce a real CPU with enough qubits to do the work and store the state duplicated across enough other qubits for error correction purposes. And keep them in the state we want. Which will require extremely clean and reliable power.
> New research: RSA-2048 encryption keys can be broken with single qubit and 3 oscillators. The catch? You’ll need about 10 followed by 45 million zeros joules of energy—roughly comparable to several medium-sized stars, or 10^44,999,986 Hiroshima bombs. Good luck! arxiv.org/pdf/2412.13164
And people think AI is a waste of fucking energy? I'm not holding my breath.
GutterPoetry
in reply to Delta Chat • • •Шуро
in reply to Delta Chat • • •Andrey [0xdc, 0x09];
in reply to Шуро • • •nine.testrun.orginstanceDelta Chat
in reply to Andrey [0xdc, 0x09]; • • •Delta Chat (@delta@chaos.social)
chaos.socialШуро
in reply to Delta Chat • • •@Delta Chat this likely won't help much against censorship but is certainly welcome for other reasons. So I get it right that it will be possible to migrate between servers?
@Andrey [0xdc, 0x09];
Delta Chat
in reply to Шуро • • •Kalle Kniivilä
in reply to Delta Chat • • •Delta Chat
in reply to Kalle Kniivilä • • •Kalle Kniivilä
in reply to Delta Chat • • •Шуро
in reply to Kalle Kniivilä • • •@Kalle Kniivilä sadly our censors are not completely dumb and run device farms to detect even undisclosed servers which apps connect to one way or another. This way they managed to render Tor practically non-functional without private bridge servers as all public ways to distribute them eventually lead to blocks. So it doesn't matter much :(
@Delta Chat
Delta Chat
in reply to Шуро • • •Kalle Kniivilä
in reply to Delta Chat • • •Kenny
in reply to Delta Chat • • •People don't like scanning QRs: when people add my Signal, even if the username is shown on my screen right below a QR code, nobody scanned the QR yet. Everybody just typed the username. Scanning QRs kinda sucks.
And it's rather impractical when the person is not next to me. At which point sending a long link also is meh (or, depending on context, just not possible).
Delta Chat
in reply to Kenny • • •Kenny
in reply to Delta Chat • • •Delta Chat
in reply to Kenny • • •Crazy Pony
in reply to Delta Chat • • •Delta Chat
in reply to Crazy Pony • • •1) there are bridges ("matterdelta") which provide interop with Matrix, XMPP, Telegrram, ssh and anything that Matterbridge provides. It doesn't preserve end-to-end encryption and so bridging bot choice is tricky.
2) There are growing efforts around 3rd party #chatmail clients chatmail.at/clients. Interoperability is "free" between all chatmail clients (#deltachat being the prominent one). Unlike #Signal we welcome third parties to the party :)
Chatmail: Clients
chatmail.atDelta Chat reshared this.
Limping
in reply to Delta Chat • • •I wonder if there are any comments how it works.
Nick
in reply to Delta Chat • • •I use DeltaChat on my tablet and ArcaneChat on my phone. Other than branding, is there any real difference between them?
@crazy_pony
Delta Chat
in reply to Nick • • •ArcaneChat is maybe a bit more of an experiments-pushing client, and some of its features made it back to mainline, and arcanechat is continously rebasing on mainline, in turn.
Wilfried Klaebe
in reply to Delta Chat • • •rootnode
in reply to Delta Chat • • •Delta Chat
in reply to rootnode • • •rootnode
in reply to Delta Chat • • •Delta Chat
in reply to rootnode • • •rootnode
in reply to Delta Chat • • •Delta Chat
in reply to rootnode • • •@rootnode "add second device'" is found in settings of an established chat profile. It's about setting up multiple devices for the same chat chat profile.
To use a different email address it's "create new profile" and then "use other server". If you have further questions or suggestions maybe better use support.delta.chat
Delta.Chat
Delta.Chatrootnode
in reply to Delta Chat • • •Delta Chat
in reply to rootnode • • •Sheri Gulam
in reply to Delta Chat • • •the last step can be challenging. You need to be close and have working camera (yes, people have broken cameras) to scan QR, or have an already established communication channel to send the link, which in slme situations defeats the purpose.
There should be some human readable / easy to memorize or pronounce "nickname", "username", "ID" or something, so than you can tell someone "just type John Doe once you install DeltaChat to find me".
Delta Chat
in reply to Sheri Gulam • • •Sheri Gulam
in reply to Delta Chat • • •hope I see this issue solved some day
Thank you for great app.
indyradio
in reply to Delta Chat • • •@abolitionmedia Hello, I was just appreciating your work. Maybe we should set up a couple of these servers. I have an extra vps and will test one this week. Thought it worth a mention. I installed this, and it looks pretty good. The fact it's not fully p2p seems a disadvantage, but it looks like the server is not hard to set up. Hopefully not. chaos.social/@delta/1154793927…
Delta Chat
2025-11-02 09:28:14
[RoÆ] Viktor Bobanovich
in reply to Delta Chat • • •feld
in reply to [RoÆ] Viktor Bobanovich • • •Çois
in reply to Delta Chat • • •Delta Chat
in reply to Çois • • •Other relays have different limits (often higher) chatmail.at/relays and people can onboard through the respective relay website after installing delta chat.
Chatmail: Relays
chatmail.atDelta Chat
in reply to Çois • • •Çois
in reply to Delta Chat • • •BoloMKXXVIII
in reply to Delta Chat • • •Peter Vágner
in reply to BoloMKXXVIII • •feld likes this.
BoloMKXXVIII
in reply to Peter Vágner • • •feld
in reply to Peter Vágner • • •correct, the in-app QR code scanner for this part just looks for a URL encoded in the QR image that has to match:
dcaccount:some.chatmail.server/new
it doesn't parse or load anything else; it's completely safe.
QR codes are not inherently dangerous. They just hold text. No different than a link you click on, but we aren't going out of our way to avoid sharing links to things either
Peter Vágner likes this.
Shoq
in reply to Delta Chat • • •