51b9e86d71
This way, the statistics / self-reporting bot will be made into an opt-in regular sending of statistics, where you enable the setting once and then they will be sent automatically. The statistics will be sent to a bot, so that the user can see exactly which data is being sent, and how often. The chat will be archived and muted by default, so that it doesn't disturb the user. The collected statistics will focus on the public-key-verification that is performed while scanning a QR code. Later on, we can add more statistics to collect. **Context:** _This is just to give a rough idea; I would need to write a lot more than a few paragraphs in order to fully explain all the context here_. End-to-end encrypted messengers are generally susceptible to MitM attacks. In order to mitigate against this, messengers offer some way of verifying the chat partner's public key. However, numerous studies found that most popular messengers implement this public-key-verification in a way that is not understood by users, and therefore ineffective - [a 2021 "State of Knowledge" paper concludes:](https://dl.acm.org/doi/pdf/10.1145/3558482.3581773) > Based on our evaluation, we have determined that all current E2EE apps, particularly when operating in opportunistic E2EE mode, are incapable of repelling active man-in-the-middle (MitM) attacks. In addition, we find that none of the current E2EE apps provide better and more usable [public key verification] ceremonies, resulting in insecure E2EE communications against active MitM attacks. This is why Delta Chat tries to go a different route: When the user scans a QR code (regardless of whether the QR code creates a 1:1 chat, invites to a group, or subscribes to a broadcast channel), a public-key-verification is performed in the background, without the user even having to know about this. The statistics collected here are supposed to tell us whether Delta Chat succeeds to nudge the users into using QR codes in a way that is secure against MitM attacks. **Plan for statistics-sending:** - [x] Get this PR reviewed and merged (but don't make it available in the UI yet; if Android wants to make a release in the meantime, I will create a PR that removes the option there) - [x] Set the interval to 1 week again (right now, it's 1 minute for testing) - [ ] Write something for people who are interested in what exactly we count, and link to it (see `TODO[blog post]` in the code) - [ ] Prepare a short survey for participants - [ ] Fine-tune the texts at https://github.com/deltachat/deltachat-android/pull/3794, and get it reviewed and merged - [ ] After the next release, ask people to enable the statistics-sending
The chatmail core library implements low-level network and encryption protocols,
integrated by many chat bots and higher level applications,
allowing to securely participate in the globally scaled e-mail server network.
We provide reproducibly-built deltachat-rpc-server static binaries
that offer a stdio-based high-level JSON-RPC API for instant messaging purposes.
The following protocols are handled without requiring API users to know much about them:
-
secure TLS setup with DNS caching and shadowsocks/proxy support
-
safe and interoperable MIME parsing and MIME building.
-
security-audited end-to-end encryption with rPGP and Autocrypt and SecureJoin protocols
-
ephemeral Peer-to-Peer networking using Iroh for multi-device setup and webxdc realtime data.
-
a simulation- and real-world tested P2P group membership protocol without requiring server state.
Installing Rust and Cargo
To download and install the official compiler for the Rust programming language, and the Cargo package manager, run the command in your user environment:
$ curl https://sh.rustup.rs -sSf | sh
On Windows, you may need to also install Perl to be able to compile deltachat-core.
Using the CLI client
Compile and run the command line utility, using cargo:
$ cargo run --locked -p deltachat-repl -- ~/profile-db
where ~/profile-db is the database file. The utility will create it if it does not exist.
Optionally, install deltachat-repl binary with
$ cargo install --locked --path deltachat-repl/
and run as
$ deltachat-repl ~/profile-db
Configure your account (if not already configured):
Chatmail is awaiting your commands.
> set addr your@email.org
> set mail_pw yourpassword
> configure
Connect to your mail server (if already configured):
> connect
Export your public key to a vCard file:
> make-vcard my.vcard 1
Create contacts by address or vCard file:
> addcontact yourfriends@email.org
> import-vcard key-contact.vcard
List contacts:
> listcontacts
Contact#Contact#11: key-contact@email.org <key-contact@email.org>
Contact#Contact#Self: Me √ <your@email.org>
2 key contacts.
Contact#Contact#10: yourfriends@email.org <yourfriends@email.org>
1 address contacts.
Create a chat with your friend and send a message:
> createchat 10
Single#Chat#12 created successfully.
> chat 12
Selecting chat Chat#12
Single#Chat#12: yourfriends@email.org [yourfriends@email.org] Icon: profile-db-blobs/4138c52e5bc1c576cda7dd44d088c07.png
0 messages.
81.252µs to create this list, 123.625µs to mark all messages as noticed.
> send hi
List messages when inside a chat:
> chat
For more commands type:
> help
Installing libdeltachat system wide
$ git clone https://github.com/chatmail/core.git
$ cd deltachat-core-rust
$ cmake -B build . -DCMAKE_INSTALL_PREFIX=/usr
$ cmake --build build
$ sudo cmake --install build
Development
# run tests
$ cargo test --all
# build c-ffi
$ cargo build -p deltachat_ffi --release
Debugging environment variables
-
DCC_MIME_DEBUG: if set outgoing and incoming message will be printed -
RUST_LOG=async_imap=trace,async_smtp=trace: enable IMAP and SMTP tracing in addition to info messages.
Expensive tests
Some tests are expensive and marked with #[ignore], to run these
use the --ignored argument to the test binary (not to cargo itself):
$ cargo test -- --ignored
Fuzzing
Install cargo-bolero with
$ cargo install cargo-bolero
Run fuzzing tests with
$ cd fuzz
$ cargo bolero test fuzz_mailparse -s NONE
Corpus is created at fuzz/fuzz_targets/corpus,
you can add initial inputs there.
For fuzz_mailparse target corpus can be populated with
../test-data/message/*.eml.
Features
vendored: When using Openssl for TLS, this bundles a vendored version.
Update Provider Data
To add the updates from the
provider-db to the core,
check line REV= inside ./scripts/update-provider-database.sh
and then run the script.
Language bindings and frontend projects
Language bindings are available for:
- C [📂 source | 📚 docs]
- JS: [📂 source | 📦 npm | 📚 docs]
- Python [📂 source | 📦 pypi | 📚 docs]
- Go
- Free Pascal1 [📂 source]
- Java and Swift (contained in the Android/iOS repos)
The following "frontend" projects make use of the Rust-library or its language bindings:
-
Out of date / unmaintained, if you like those languages feel free to start maintaining them. If you have questions we'll help you, please ask in the issues. ↩︎