Do you use Signal for chatting securely with friends and loved ones? Me too! I endorse it wholeheartedly, and rely on it for nearly all my communication.
But the vibes are deteriorating here in the US, and we should have a communications contingency plan for if Signal goes down.
Some countries block Signal already -- "censorship circumvention" is enabled by default for Egypt, the UAE, Oman, Qatar, Iran, Cuba, Uzbekistan, Venezuela, and Pakistan. But other countries are known to block Signal too, including China and Russia.
The throughline in all these national Signal blocks is the desire to suppress dissent, which is exactly what we're facing in the US.
Is it technologically possible for Signal to get blocked in the US? I'm not sure. I'm not sure even Signal can answer that question. Is it bureaucratically feasible for Signal to get blocked here? Impossible to say. But the vibes are deteriorating, and if we don't set up backup communications before a theoretical Signal block, we won't be able to get in touch securely after. So let's make a plan.
My recommendation is that people download Delta Chat from the app store, make an account, scan your friends' QR codes to get connected, and then leave it on your phone as a backup in case Signal gets blocked. Continue using Signal, but keep Delta Chat installed as a backup.
Onboarding to Delta Chat is so easy that I won't even give instructions. Just install it and create an account. Accept all the defaults.
To connect with a friend:
That's it, you're connected!
It's possible to get connected by sending a linkified version of the QR code (over Signal of course) rather than scanning in person. Feel free to do that if you can figure it out, but it's trickier.
It's important to get connected with friends on Delta Chat before a potential Signal block. Otherwise you won't be able to communicate securely with them until you meet up in person and scan those QR codes. How will you securely plan to meet up without Signal?
That's the spirit! I'm an anonymish, hackerish sysadmin who thinks that Signal is the best, but Delta Chat is next-best and by far the most user-friendly alternative. I don't work for or on Delta Chat.
My opinion here comes from experience -- I've used Signal, Matrix, Delta Chat, and Snikket extensively. I've hosted Chatmail (the Delta Chat backend server) and Snikket servers myself. Signal ranks first since we're all already on there and its track record is impeccable, but I believe that Delta Chat is the clear second.
I am not advocating that anyone leave signal. Stay on Signal! We just need a contingency plan for a theoretical, hopefully temporary, future emergency situation. Delta Chat is secure, open source, and the most user-friendly alternative I've used. The Delta Chat maintainers are embedded in German DIY hacker community, and are personally known and trusted by many.
If you're still feeling unsure, check out their FAQ where they answer a million questions.
Aside from being the most user-friendly alternative, Delta Chat is uniquely resilient to censorship compared to other encrypted chat apps.
Delta Chat is decentralized, meaning anyone can run a Delta Chat backend server, and Delta Chat uses email protocols under the hood to send messages. Decentralization means that if a government or ISP blocks the main Delta Chat server, we ourselves can just make a different one and migrate. The use of email protocols to send messages means that a government or ISP can't simply block the entire Delta Chat protocol on the network, because that would also block all email. Blocking all email is unprecendented and would probably cause the government and economy to grind to a hault.
Together, these two things make Delta Chat nimble in an unpredictable future emergency scenario, which is exactly what we would need.
Signal also has censorship circumvention capabilities, which it achieves in part with proxies. If Signal gets blocked, we should use these too! But getting connected ahead of time on Delta Chat is still critically important. I'll cover Signal censorship circumvention more in the Q&A below.
You don't have to listen to me! But show me a centralized, end-to-end encrypted Signal alternative that is not backed by venture capital, blockchain, the Saudi royal family, or all three, and I'll sell you the Brooklyn Bridge.
In seriousness though, the only alternatives I considered are decentralized because we will need the flexibility of decentralization if Signal gets blocked. I did not consider Briar because it doesn't have an iOS app. All these alternatives are also open source and end-to-end encrypted because that's table stakes. Among them, I think Delta Chat is the best.
Let's scan some QR codes!
This section is for people who are itching to learn more. It is somewhat more technical than the previous sections, and is not essential reading.
Delta Chat uses email under the hood. Messages are emails, reactions are emails, it's all emails. However, these emails are being sent between highly customized backend servers that, despite running standard and time-tested email server software, only really work with Delta Chat. This is not regular email, and the usual caveats of email security (that there is none), do not apply. Despite using email for transport, Delta Chat backend servers cannot send or receive unencrypted messages, and it uses an audited, memory-safe implementation of the OpenPGP specification
There are significant benefits to using email as transport in a hostile network environment. As mentioned above, it is infeasible to block email protocols across a network, because everyone relies on email for everything. Since there's no way to differentiate Delta Chat messages from emails on a network, Delta Chat protocols can't be blocked without blocking all email. Individual Delta Chat servers can be blocked, but the protocol cannot be blocked network-wide.
Another benefit of using email protocols in a hostile network environment is that email works very well on unreliable internet connections. If a Delta Chat user is temporarily offline and tries to send messages, they will just queue on their phone and then send once it's online again. Signal usually does a good job of this too, but it's not a given that any messaging app will. So it's notable that Delta Chat works well on unreliable networks.
Delta Chat struggles with large group chats. It will work, it just may not work well. The limitations are technical -- message ordering is difficult with email protocols, and there may be other reasons I don't know.
However small and medium sized group chats work great. Though Delta Chat will allow you to make large group chats, the experience may start to degrade above 50-100 people.
Delta Chat groups also do not have moderation tools. Everyone is an admin and has full power to add or remove group chat members. So group chats should only include trusted participants.
Signal does have two features for circumventing attempts to block it: "censorship circumvention" and proxy support.
"Censorship circumvention" is just an on/off toggle in Signal's settings, and I can't find any current writing about what it does. An old post on Signal's blog indicates that it was previously doing "domain fronting" (making connections look like they are for something other than Signal), but the post explains that domain fronting isn't feasible anymore so they must have implemented something different since then. Whatever this feature is, it's turned on by default in some countries.
If Signal is blocked in the US, we may be able to just turn on "censorship circumvention" and it will magically work. That would be fantastic, but I don't think it's enough to rely on and it's still important to have a contingency plan.
Signal's other block-circumvention mechanism is proxy support. Proxying involves going into the settings and telling Signal to connect to a specific server that you've either found online or someone has told you the name of. That server then routes your connection to the Signal servers on your behalf. Signal proxies are not hosted by the Signal organization but by hackerish sysadmins like myself, making them flexible if there's an emergency. Despite the fact that Signal proxies can be hosted by anyone, they are secure to use. Instructions for running one yourself are here.
Signal proxies probably work great, but they can theoretically be blocked just like the actual Signal servers, or an individual Delta Chat server, can be blocked. If a Signal proxy's name is posted publicly online, that makes it easy for Signal users to find but it also makes it easy for someone blocking Signal to find. This means that in a hostile network environment, a long-lived Signal proxy's name will need to be given out privately between trusted friends, and if Signal is blocked then we won't have a secure way to give out those proxy names other than in person. So having a backup communication strategy that's fully separate from Signal is still important.
I am not a cryptographer or even a security professional, so I will not get too technical here. But I do think it's important to summarize the security tradeoffs between Signal and Delta Chat for those who care, and as a show of good faith.
At a high level, we know that Signal is more secure than Delta Chat because Signal has been in use in the real world by hundreds of millions of people for ten years, and in that entire time it has never had a vulnerability that led to an intermediary being able to intercept messages and decrypt them, or force the Signal organization to hand them over. Activists know that Signal is not secure against someone taking your phone from you and just looking through your messages, but Signal does not aim to be secure against that. Signal's track record in successfully securing communications in the way that it aims to secure communications, is quite literally perfect. It is heavily audited.
At a lower level, Signal is more secure than Delta Chat because the Signal protocol is designed such that the Signal organization has almost zero information about who you are and how you're using their app. This information is called "metadata", and includes things like what time and to whom you sent a message. Signal implements something called sealed sender, which means that Signal does not know who sent a message, it only knows where to send it. Signal encryption also implements something called forward secrecy, which means that if your signal private key is stolen, it can't be used to actually decrypt your messages.
Delta Chat does a lot to mitigate metadata retention, but it still leaves more metadata on the server than Signal does, including what time and to what account messages were sent. This is largely due to the fact that Delta Chat uses email protocols under the hood -- though email for transport has many benefits, one of the drawbacks is that you can't change how the email protocol behaves fundamentally, which makes things like sealed sender very difficult to implement.
Perfect security does not exist. Delta Chat doesn't have it and neither does Signal. Despite the fact that Delta Chat servers have some metadata on them, they are still highly secure.
Yes, if a government used courts and cops (or just cops) to force a Delta Chat server operator to hand over the contents of the server, the government would get a server with encrypted messages on it from the last 20 or so days (messages are deleted after a configurable amount of time). But those messages would be encrypted such that the government could not read them. The government would see which accounts were messaging each other and how much and at what times, but they would have no way to know whose accounts those are just from data on the server alone.
I believe that this is secure enough, especially for a service whose role is as a Signal contingency plan. You can read more about Delta Chat's encryption and security on their website.