delta.chat advertises that they provide “🔒 Audited end-to-end encryption safe against network and server attacks”, but if you click through it turns out that supposed audit:
(1) didn’t actually cover their e2ee but only a key establishment protocol and
(2) wasn’t actually an audit. Instead, unprompted, some researchers took a look at that key establishment protocol and found 20(!!) separate flaws. This research was not intended as an audit, nor was it commissioned or paid by delta.chat.
jaseg 🔜 GPN24
npub1vl…8c98g
2026-05-14 16:56:21 UTC
Author Public Key
npub1vlfnuzvrxyutgc04tyrwvxelcu777sg6tzpyqmwmd6c6jffmlj3sw8c98gSeen on
wss://relay.momostr.pinkPublished at
2026-05-14 16:56:21 UTCEvent JSON
{
"id": "7817ed7adbcade291c17652ab33b42abb49f54d68c70ceb7223fd13cfceb67b6",
"pubkey": "67d33e09833138b461f55906e61b3fc73def411a5882406ddb6eb1a9253bfca3",
"created_at": 1778777781,
"kind": 1,
"tags": [
[
"proxy",
"https://chaos.social/@jaseg/116573980685550373",
"web"
],
[
"proxy",
"https://chaos.social/users/jaseg/statuses/116573980685550373",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://chaos.social/users/jaseg/statuses/116573980685550373",
"pink.momostr"
],
[
"-"
]
],
"content": "delta.chat advertises that they provide “🔒 Audited end-to-end encryption safe against network and server attacks”, but if you click through it turns out that supposed audit:\n\n(1) didn’t actually cover their e2ee but only a key establishment protocol and \n\n(2) wasn’t actually an audit. Instead, unprompted, some researchers took a look at that key establishment protocol and found 20(!!) separate flaws. This research was not intended as an audit, nor was it commissioned or paid by delta.chat.",
"sig": "ddb5336501b29f7957259328dc62d07f43b900763954c0e9b55d570163ed81c582bb0910b0c5d0d0436e858cc7a15a66a95542e5dabd7bf5e117fcff12eb916d"
}