Merge remote-tracking branch 'upstream/main'

Author: adbenitez

CHANGELOG-upstream.md

@@ -1,6 +1,6 @@
 # Delta Chat Android Changelog
 
-## v2.6.0
+## v2.8.0
 
 * Profiles focus on recognizing contacts
 * See the number of media directly in the profile, no need to tap around
@@ -19,7 +19,7 @@
 * Allow to sort profiles up in the profile switcher
 * Add new option to create unencrypted email thread
 * Green checkmarks are removed where they mostly refer to guaranteed encryption, which is the default now. They are still used for profile's "Introduced by"
-* Update to core 2.6.0
+* Update to core 2.8.0
 
 ## v1.58.4
 2025-05

build.gradle

@@ -33,8 +33,8 @@ android {
     useLibrary 'org.apache.http.legacy'
 
     defaultConfig {
-        versionCode 30000725
-        versionName "2.6.0"
+        versionCode 30000726
+        versionName "2.8.0"
 
         applicationId "chat.delta.lite"
         multiDexEnabled true

jni/deltachat-core-rust

@@ -50,9 +50,10 @@
       <li><a href="#tls">Are messages marked with the mail icon exposed on the Internet?</a></li>
       <li><a href="#message-metadata">How does Delta Chat protect metadata in messages?</a></li>
       <li><a href="#device-seizure">How to protect metadata and contacts when a device is seized?</a></li>
-      <li><a href="#how-can-i-check-encryption-information">How can i check encryption information?</a></li>
+      <li><a href="#sealedsender">Does Delta Chat support “Sealed Sender”?</a></li>
       <li><a href="#pfs">Does Delta Chat support Perfect Forward Secrecy?</a></li>
-      <li><a href="#will-delta-chat-support-forward-secrecy">Will Delta Chat support Forward Secrecy?</a></li>
+      <li><a href="#pqc">Does Delta Chat support Post-Quantum-Cryptography?</a></li>
+      <li><a href="#how-can-i-manually-check-encryption-information">How can I manually check encryption information?</a></li>
       <li><a href="#importkey">Lze znovu použít můj stávající soukromý klíč?</a></li>
       <li><a href="#security-audits">Was Delta Chat independently audited for security vulnerabilities?</a></li>
     </ul>
@@ -973,25 +974,25 @@ <h3 id="message-metadata">
 
       </h3>
 
-<p>Delta Chat protects most message metadata by putting the following information
-into the end-to-end encrypted part of messages:</p>
+<p>Unlike most other messengers, 
+Delta Chat apps do not store any metadata about contacts or groups on servers, also not in encrypted form. 
+Instead, all group metadata is end-to-end encrypted and stored on end-user devices, only.</p>
+
+<p>E-mail Servers can therefore only see</p>
 
 <ul>
-  <li>Subject line</li>
-  <li>Group avatar and name</li>
-  <li>MDN (read receipt) requests (<code class="language-plaintext highlighter-rouge">Chat-Disposition-Notification-To</code>)</li>
-  <li>Disappearing message timer (<code class="language-plaintext highlighter-rouge">Ephemeral-Timer</code>)</li>
-  <li><code class="language-plaintext highlighter-rouge">Chat-Group-Member-Removed</code>, <code class="language-plaintext highlighter-rouge">Chat-Group-Member-Added</code></li>
-  <li><code class="language-plaintext highlighter-rouge">Secure-Join</code> header containing secure join commands</li>
-  <li>Notification about enabling location streaming</li>
-  <li>WebRTC room URL</li>
+  <li>
+    <p>the message date,</p>
+  </li>
+  <li>
+    <p>sender and receiver addresses</p>
+  </li>
+  <li>
+    <p>and message size.</p>
+  </li>
 </ul>
 
-<p>E-Mail servers do not get access to this protected metadata 
-but they do see the message date as well as the message size,
-and, more importantly, the sender and receiver addresses. 
-E-mail servers need receiver addresses to route and 
-deliver messages to recipient’s devices.</p>
+<p>All other message, contact and group metadata resides in the end-to-end encrypted part of messages.</p>
 
       <h3 id="device-seizure">
 
@@ -1003,28 +1004,34 @@ <h3 id="device-seizure">
 
 <p>Both for protecting against metadata-collecting e-mail servers 
 as well as against the threat of device seizure
-we recommend to use a <a href="https://delta.chat/chatmail">chatmail server</a>
-to create pseudonymous temporary profiles through QR-code scans.
+we recommend to use a <a href="https://chatmail.at/relays">chatmail relay</a>
+to create chat profiles using random e-mail addresses for transport. 
 Note that Delta Chat apps on all platforms support multiple profiles
 so you can easily use situation-specific profiles next to your “main” profile
 with the knowledge that all their data, along with all metadata, will be deleted.
-Moreover, if a device is seized then contacts using temporary profiles
-can not be identified easily, as compared to messengers which reveal
-phone numbers in chat groups which in turn are often associated with legal identities.</p>
+Moreover, if a device is seized then chat contacts using short-lived profiles
+can not be identified easily.</p>
 
-      <h3 id="how-can-i-check-encryption-information">
+      <h3 id="sealedsender">
 
 
-          How can i check encryption information? <a href="#how-can-i-check-encryption-information" class="anchor"></a>
+          Does Delta Chat support “Sealed Sender”? <a href="#sealedsender" class="anchor"></a>
 
 
       </h3>
 
-<p>You may check the end-to-end encryption status manually in the “Encryption” dialog
-(user profile on Android/iOS or right-click a user’s chat-list item on desktop).
-Delta Chat shows two fingerprints there.
-If the same fingerprints appear on your own and your contact’s device,
-the connection is safe.</p>
+<p>No, not yet.</p>
+
+<p>The Signal messenger introduced <a href="https://signal.org/blog/sealed-sender/">“Sealed Sender” in 2018</a>
+to keep their server infrastructure ignorant of who is sending a message to a set of recipients. 
+It is particularly important because the Signal server knows the mobile number of each account,
+which is usually associated with a passport identity.</p>
+
+<p>Even if <a href="https://chatmail.at/relays">chatmail relays</a> 
+do not ask for any private data (including no phone numbers), 
+it might still be worthwhile to protect relational metadata between addresses. 
+We don’t foresee bigger problems in using random throw-away e-mail addresses for sealed sending
+but an implementation has not been agreed as a priority yet.</p>
 
       <h3 id="pfs">
 
@@ -1037,32 +1044,49 @@ <h3 id="pfs">
 <p>No, not yet.</p>
 
 <p>Delta Chat today doesn’t support Perfect Forward Secrecy (PFS).
-This means that if your Delta Chat private decryption key is leaked,
+This means that if your private decryption key is leaked,
 and someone has collected your prior in-transit messages,
-they will be able to decrypt and read them using the leaked decryption key.</p>
+they will be able to decrypt and read them using the leaked decryption key.
+Note that Forward Secrecy only increases security if you delete messages. 
+Otherwise, someone obtaining your decryption keys
+is typically also able to get all your non-deleted messages
+and doesn’t even need to decrypt any previously collected messages.</p>
 
-<p>Note however, that Forward Secrecy only increases your security
-if you delete messages or use ephemeral deletion timers.
-Otherwise, if anyone obtains your decryption keys, 
-they are typically also able to get all your non-deleted messages
-and don’t need to decrypt any previously collected messages.</p>
-
-<p>The typical real-world situation for leaked decryption keys is device seizure
-which we also discuss in our answer <a href="#device-seizure">on metadata and device seizure</a>.</p>
+<p>We designed a Forward Secrecy approach that withstood 
+initial examination from some cryptographers and implementation experts 
+but is pending a more formal write up 
+to ascertain it reliably works in federated messaging and with multi-device usage,
+before it could be implemented in <a href="https://github.com/chatmail/core">chatmail core</a>,
+which would make it available in all <a href="https://chatmail.at/clients">chatmail clients</a>.</p>
 
-      <h3 id="will-delta-chat-support-forward-secrecy">
+      <h3 id="pqc">
 
 
-          Will Delta Chat support Forward Secrecy? <a href="#will-delta-chat-support-forward-secrecy" class="anchor"></a>
+          Does Delta Chat support Post-Quantum-Cryptography? <a href="#pqc" class="anchor"></a>
 
 
       </h3>
 
-<p>Yes.</p>
+<p>No, not yet.</p>
 
-<p>We devised a forward secrecy scheme that withstood initial scrutiny from cryptographers and usable security experts. 
-Our tentative scheme is designed to reliably work in federated messaging networks and with multi-device usage. 
-However, an implementation has not been scheduled yet (as of Mid 2025).</p>
+<p>Delta Chat uses the Rust OpenPGP library <a href="https://github.com/rpgp/rpgp">rPGP</a>
+which supports the latest <a href="https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/">IETF Post-Quantum-Cryptography OpenPGP draft</a>. 
+We aim to add PQC support in <a href="https://github.com/chatmail/core">chatmail core</a>  after the draft is finalized at the IETF
+in collaboration with other OpenPGP implementers.</p>
+    
+      <h3 id="how-can-i-manually-check-encryption-information">
+        
+        
+          How can I manually check encryption information? <a href="#how-can-i-manually-check-encryption-information" class="anchor"></a>
+        
+        
+      </h3>
+
+<p>You may check the end-to-end encryption status manually in the “Encryption” dialog
+(user profile on Android/iOS or right-click a user’s chat-list item on desktop).
+Delta Chat shows two fingerprints there.
+If the same fingerprints appear on your own and your contact’s device,
+the connection is safe.</p>
 
       <h3 id="importkey">