Delta Chat
Donate
Delta Chat in Whonix.
Overview[edit]
Delta Chat
is a wrapper around email and GPG that provides chat client functionality. The client is Freedom Software, licensed under the GNU GPLv3 license.[1] Supported features include text and voice messages, image and file sharing, direct messaging, and group chats.
Delta Chat uses the same protocols traditionally used by email for client-to-server communication. As such, theoretically any email service can be used as a Delta Chat server, even if it was not intended for this purpose. However, to facilitate anonymous use and easier onboarding, Delta Chat provides a server implementation known as chatmail, which configures traditional open-source email server software for use as a Delta Chat server. The server is open-source, licensed under the MIT license.[2]
One notable Delta Chat feature is the ability to send packaged web applications as messages. These applications are shared as WebXDC packages, and allow the chat experience to be extended in arbitrary ways with limited network access. The privacy impact of WebXDC applications has not yet been investigated.
Advantages of Delta Chat:
- End-to-end encryption is mandatory and pervasive for sent messages when using chatmail servers.[3] Encryption may not be mandatory when using traditional email servers.
- Users are heavily encouraged (though not required) to use QR codes or invite links for establishing connections, which acts as an out-of-band key sharing mechanism to prevent MITM attacks.
- Chats where all users have E2EE keys properly shared will display a green checkmark badge. Rooms without this badge contain at least one user whose keys have not been verified out-of-band.
- Users unable to verify out-of-band can fall back to "trust on first use" key sharing by simply sharing an invite link in an unverified chat. This will cause the chat connection to be marked as verified.
- Messages are encrypted with GPG, providing decent security, though not as robust as double-ratchet encryption.
- It is very easy to create anonymous user accounts - Delta Chat will allow you to create an account on the default server (nine.testrun.org) by providing only a username. A randomly generated email address will be provided for newly created accounts. Other chatmail servers exist and can be used similarly.
Known disadvantages include:
- Quantum-resistant encryption is not yet available.
- Group chats feature no moderation safeguards - any user can kick any other user from a shared room or delete anyone else's messages. This makes Delta Chat unsafe for communities where untrusted users may be present in a room.
- Releases on Github are not yet signed.
- No support for voice or video calls.
- Accounts are server-local and thus vulnerable to loss if a server goes down.
Delta Chat intentionally does not provide a way to import secret keys from an external device. It is therefore not easy to use Delta Chat in live mode without creating an account in persistent mode first, unless you are willing to lose all encryption keys on every reboot. Logging into a chatmail account without secret keys has not yet been tested.
Installation[edit]
Delta Chat's desktop client can be installed via the official Flatpak package. Ensure that the Flatpak package manager is installed and the Flathub repository is enabled:
Install chat.delta.desktop via flatpak.
1. Add a Flatpak repository.
Select your platform.
A : Non-Qubes-Whonix
===Already enabled by default. (system-wide). No additional steps needed to enable the Flathub repository.
B : Qubes-Whonix Template
===whonix-workstation-17)Already enabled by default. (system-wide). No additional steps needed to enable the Flathub repository.
C : Qubes-Whonix App Qube
anon-whonix)The user needs to 
Enable the Flathub Repository
. Must be enabled per-user.
2. Install the flatpak chat.delta.desktop package.
B : Qubes-Whonix Template
===Qubes-Whonix Template (whonix-workstation-17) [5]
Note: Advanced users that uninstalled the qubes-core-agent-passwordless-sudo package should see forum thread Warning: Flatpak system operation Deploy not allowed for user.
http_proxy=http://127.0.0.1:8082 https_proxy=$http_proxy flatpak install flathub chat.delta.desktop
C : Qubes-Whonix App Qube
Qubes-Whonix App Qube (anon-whonix) [6]
flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak --user install flathub chat.delta.desktop
3. Done.
The procedure of installing chat.delta.desktop is complete.
4. Upgrades notice.
Note: this procedure will not keep the software up-to-date. How to update installation installed by flatpak is also documented on the Operating System Software and Updates wiki page.
You may have to log out and log back in before Delta Chat appears in the application menu.
Other ways to install and run Delta (AppImage, deb package) and current installation guides can be found on Delta Chat's download page. Note that non-Flatpak packages do NOT automatically update when updating other packages on the system.
Tips[edit]
Using non-default servers[edit]
By default, Delta Chat will use nine.testrun.org for new accounts. This is convenient, but users may prefer to use a different server to avoid the pitfalls of centralization and prevent overloading a single server.
The Delta Chat website provides a list of alternate public chatmail servers that can be used. To create an account using one of them:
1. Click on the link to the service to view the service's website.
2. Right-click on the account creation QR code on the service's website. This code will usually, though not always, have a Delta Chat logo in the middle of it.
3. Click "Copy Link".
4. On the Delta Chat account creation wizard's first screen, click "Create New Profile".
5. Click "Use Other Server".
6.' Click "Scan Invitation Code".
7. Click "Paste".
8. Click the "About profiles on example.com" link in the wizard to view the server's terms of service. (example.com will be replaced with the web address of the chosen chatmail service.)
9. Enter your desired username, and click "Agree & Create Profile".
10. Done.
The process of creating a Delta Chat account on a non-default server is now complete.
Footnotes[edit]
- ↑ Client license: https://github.com/deltachat/deltachat-desktop/blob/main/LICENSE
- ↑ Server license: https://github.com/chatmail/relay/blob/main/LICENSE
- ↑ It is possible to receive and read unencrypted messages, which may be sent to a Delta Chat user via a traditional email client. However, chatmail servers will refuse to allow unencrypted messages to be sent as per the chatmail README.
- ↑
Non-Qubes-Whonix:
- A) system-wide (requires administrative ("root") rights) (compatible with noexec): flatpak install flathub {{{package}}}
- B) per-user (no administrative rights required) (probably not compatible with noexec): flatpak --user install flathub {{{package}}}
- usability: Flathub is enabled by default system-wide but not per-user.
- multi-user: On a multi-user system (probably if multiple human users use the same computer, which is rare nowadays), system-wide might be preferable as this saves disk space.
- At preset: Does not make any difference.
- Future-proof: Per-user might be more future-proof. It would be compatible with future Whonix security improvements user-sysmaint-split. However, noexec for the home folder is to be considered later, at which point this documentation needs to be updated once that has been implemented.
- ↑
Qubes-Whonix Template:
flatpakcannot be used with the--useroption. This is because in case of using a Qubes Template, the flatpak needs to be installed system-wide into the/var/lib/flatpakfolder. This is due to Qubes Persistence. If the--useroption was used, the flatpak would only be available in the Template's home folder but not in any App Qube based on that Template, because App Qubes have their own independent home folder. - ↑
Qubes-Whonix App Qube:
flatpakshould be used with the--useroption. This is because in case of using an App Qube, the flatpak needs to be installed per-user only into the~/.local/share/flatpakfolder and not system-wide. This is due to Qubes Persistence. If the--useroption was not used, the flatpak would only be available in the App Qube's non-persistent/var/lib/flatpakfolder located in the root image.
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!