Opt-in weekly sending of statistics (#6851)

This way, the statistics / self-reporting bot will be made into an opt-in regular sending of statistics, where you enable the setting once and then they will be sent automatically. The statistics will be sent to a bot, so that the user can see exactly which data is being sent, and how often. The chat will be archived and muted by default, so that it doesn't disturb the user. The collected statistics will focus on the public-key-verification that is performed while scanning a QR code. Later on, we can add more statistics to collect. **Context:** _This is just to give a rough idea; I would need to write a lot more than a few paragraphs in order to fully explain all the context here_. End-to-end encrypted messengers are generally susceptible to MitM attacks. In order to mitigate against this, messengers offer some way of verifying the chat partner's public key. However, numerous studies found that most popular messengers implement this public-key-verification in a way that is not understood by users, and therefore ineffective - [a 2021 "State of Knowledge" paper concludes:](https://dl.acm.org/doi/pdf/10.1145/3558482.3581773) > Based on our evaluation, we have determined that all current E2EE apps, particularly when operating in opportunistic E2EE mode, are incapable of repelling active man-in-the-middle (MitM) attacks. In addition, we find that none of the current E2EE apps provide better and more usable [public key verification] ceremonies, resulting in insecure E2EE communications against active MitM attacks. This is why Delta Chat tries to go a different route: When the user scans a QR code (regardless of whether the QR code creates a 1:1 chat, invites to a group, or subscribes to a broadcast channel), a public-key-verification is performed in the background, without the user even having to know about this. The statistics collected here are supposed to tell us whether Delta Chat succeeds to nudge the users into using QR codes in a way that is secure against MitM attacks. **Plan for statistics-sending:** - [x] Get this PR reviewed and merged (but don't make it available in the UI yet; if Android wants to make a release in the meantime, I will create a PR that removes the option there) - [x] Set the interval to 1 week again (right now, it's 1 minute for testing) - [ ] Write something for people who are interested in what exactly we count, and link to it (see `TODO[blog post]` in the code) - [ ] Prepare a short survey for participants - [ ] Fine-tune the texts at https://github.com/deltachat/deltachat-android/pull/3794, and get it reviewed and merged - [ ] After the next release, ask people to enable the statistics-sending
2026-04-17 21:46:35 +03:00 · 2025-10-21 15:29:21 +02:00
parent 347938a9f9
commit 51b9e86d71
17 changed files with 1747 additions and 180 deletions
--- a/src/sql/migrations.rs
+++ b/src/sql/migrations.rs
@@ -1271,6 +1271,45 @@ CREATE INDEX gossip_timestamp_index ON gossip_timestamp (chat_id, fingerprint);
        .await?;
    }

+    inc_and_check(&mut migration_version, 135)?;
+    if dbversion < migration_version {
+        sql.execute_migration(
+            "CREATE TABLE stats_securejoin_sources(
+                source INTEGER PRIMARY KEY,
+                count INTEGER NOT NULL DEFAULT 0
+            ) STRICT;
+            CREATE TABLE stats_securejoin_uipaths(
+                uipath INTEGER PRIMARY KEY,
+                count INTEGER NOT NULL DEFAULT 0
+            ) STRICT;
+            CREATE TABLE stats_securejoin_invites(
+                already_existed INTEGER NOT NULL,
+                already_verified INTEGER NOT NULL,
+                type TEXT NOT NULL
+            ) STRICT;
+            CREATE TABLE stats_msgs(
+                chattype INTEGER PRIMARY KEY,
+                verified INTEGER NOT NULL DEFAULT 0,
+                unverified_encrypted INTEGER NOT NULL DEFAULT 0,
+                unencrypted INTEGER NOT NULL DEFAULT 0,
+                only_to_self INTEGER NOT NULL DEFAULT 0,
+                last_counted_msg_id INTEGER NOT NULL DEFAULT 0
+            ) STRICT;",
+            migration_version,
+        )
+        .await?;
+    }
+
+    inc_and_check(&mut migration_version, 136)?;
+    if dbversion < migration_version {
+        sql.execute_migration(
+            "CREATE TABLE stats_sending_enabled_events(timestamp INTEGER NOT NULL) STRICT;
+            CREATE TABLE stats_sending_disabled_events(timestamp INTEGER NOT NULL) STRICT;",
+            migration_version,
+        )
+        .await?;
+    }
+
    let new_version = sql
        .get_raw_config_int(VERSION_CFG)
        .await?