delta.chat advertises that they provide “🔒 Audited end-to-end encryption safe against network and server attacks”, but if you click through it turns out that supposed audit:
(1) didn’t actually cover their e2ee but only a key establishment protocol and
(2) wasn’t actually an audit. Instead, unprompted, some researchers took a look at that key establishment protocol and found 20(!!) separate flaws. This research was not intended as an audit, nor was it commissioned or paid by delta.chat.
jaseg
npub1cf…h67h8
2026-05-14 16:56:21 UTC
Author Public Key
npub1cf6khe43y948lrtdp7w5sdvl08tqla027lfquelytmyv66c34w6qgh67h8Seen on
wss://relay.ditto.pubPublished at
2026-05-14 16:56:21 UTCEvent JSON
{
"id": "35b0ea7c23ec1feb673f9a34c38a47de14d78451503707de92f8ef05fc4f8c7a",
"pubkey": "c2756be6b1216a7f8d6d0f9d48359f79d60ff5eaf7d20e67e45ec8cd6b11abb4",
"created_at": 1778777781,
"kind": 1,
"tags": [
[
"proxy",
"https://chaos.social/users/jaseg/statuses/116573980685550373",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.ditto.pub"
]
],
"content": "delta.chat advertises that they provide “🔒 Audited end-to-end encryption safe against network and server attacks”, but if you click through it turns out that supposed audit:\n\n(1) didn’t actually cover their e2ee but only a key establishment protocol and \n\n(2) wasn’t actually an audit. Instead, unprompted, some researchers took a look at that key establishment protocol and found 20(!!) separate flaws. This research was not intended as an audit, nor was it commissioned or paid by delta.chat.",
"sig": "734127e701bb8c3fc7701024b339d884ea997255930b8a0ccbf9d62a5a9984e26917217f8a3f8295ac4139a973882bd2075efa89c505e9d3c3c1a46e642b8a5c"
}