I’m going to drop some notes here as a lot of stuff is out of date.
I would recommend looking at Delta Chat as a messenger, not an email client. Let me walk through some of the previous comments that caught my eye:
This is an issue when you use legacy/classic email servers. If you use dedicated Chatmail servers this is not a problem. Chatmail servers do not allow any emails to be sent or received unless they’re encrypted. If you try to use Delta Chat with a normal email server you need to at least send each other one message in cleartext so the key exchange happens in the background. With Chatmail servers you cannot message anyone without using an invite link or QR code that gives you their public key.
This was actually a bug due to inverted logic on iOS. It was ignoring the notifications in some edge cases like recently switching away from the app and it wasn’t backgrounded by iOS yet.
Probably a bug long since fixed. I’ve never encountered this in the last 6 months of heavy testing.
That’s true for legacy PGP usage, but Delta Chat’s implementation doesn’t have this problem. Even the Subject field is encrypted.
Delta Chat protects most message metadata by putting the following information into the end-to-end encrypted part of messages:
* Subject line
* Group avatar and name
* MDN (read receipt) requests (Chat-Disposition-Notification-To)
* Disappearing message timer (Ephemeral-Timer)
* Chat-Group-Member-Removed, Chat-Group-Member-Added
* Secure-Join header containing secure join commands
* Notification about enabling location streaming
* WebRTC room URL
E-Mail servers do not get access to this protected metadata but they do see the message date as well as the message size, and, more importantly, the sender and receiver addresses. E-mail servers need receiver addresses to route and deliver messages to recipient’s devices.
source: https://delta.chat/en/help#message-metadataSince the creation of Chatmail servers they have been pushing people away from using regular email addresses with Delta Chat. Based on my discussions with the devs it will continue to be supported as it can still be useful in some situations, but the app and onboarding pushes you to use Chatmail servers.
I already covered the metadata. Rolling keys/PFS is not important for most people. Do you keep your chat history? Congratulations, PFS gives you no advantages. If your device is seized they still get all your messages. How many people ensure all their chats have disappearing messages? I want all my chats with friends and family to be secure, but I also want the history and to be able to search them. So what is PFS going to do for me? Nothing.
PFS is still important if you’re a target of a sophisticated State-funded attacker.
Compatibility with old PGP: technically true. Although it’s not vulnerable to EFAIL and DeltaChat will generate keys that are Ed25519/Curve25519 and use AES128 for the session keys. It’s technically possible for someone to manually import an ancient DES PGP key and use it via a normal email address. This is a pretty extreme scenario though.
Try Delta Chat again. It has in-chat apps now via WebXDC.org. It can do realtime p2p comms that bypasses the email servers. It’s fast. It has a quality client on all major platforms. It is open, permissionless, and federated. The Chatmail servers scrub metadata and logs. The Chatmail servers require significantly lower resources to host users than Matrix – even less than XMPP.
There are a lot of interesting things on the horizon such as making it possible to have it automatically register new random accounts on different Chatmail servers and rotate through them transparently. Your contacts and chat groups wouldn’t notice anything changed (a feature of AEAP), but it makes it very hard for adversaries to track you.
Try it again, but only with Chatmail servers. I think you’ll be pleased.