I have a question for the #DeltaChat crowd: What if someone has a quick access to one of my devices, let’s say I forget to lock my phone or laptop and an attacker adds their phone as a secondary device to my profile. Is there any mitigation possible? Could I realize it? Could I disable their access?
@ineedmana
Your account is on the devices, not on the server. You can’t change your password (unless you’re using non-chatmail servers)
@lou_de_sel
Maybe I’m missing some detail on how DC works but you have to have an account in order to get your messages. Even in Arcane, which is aimed at being more non-technical-friendly, you can see your login and password in the “relays” settings
@ineedmana
At this point it becomes technical jargon but “account” kinda implies storing settings, profile, and such. A relay address has none of this, it’s relay just a queue you have exclusive access to.
This setting allows you to modify the password to access the address on the relay, but you can’t change the password of the address on the relay
Hmm. So to invalidate all other accesses one would have to reach out to relay admin?
Since technically it’s an email server underneath, maybe that feature could be available via mail web ui if the relay had one?
@ineedmana
I’m not part of the team, but that is counter to the philosophy of where chatmail relays are going, which is “no admin of mail accounts”. All administration must be doable on the device with no dependency on the server. It is important that the server can be offline, or just disappear with no warning, and that the user can still do everything.
Well, in that case administration of password change seems to not be doable on the device