Opt-in weekly sending of statistics (#6851)

This way, the statistics / self-reporting bot will be made into an
opt-in regular sending of statistics, where you enable the setting once
and then they will be sent automatically. The statistics will be sent to
a bot, so that the user can see exactly which data is being sent, and
how often. The chat will be archived and muted by default, so that it
doesn't disturb the user.

The collected statistics will focus on the public-key-verification that
is performed while scanning a QR code. Later on, we can add more
statistics to collect.

**Context:**

_This is just to give a rough idea; I would need to write a lot more
than a few paragraphs in order to fully explain all the context here_.

End-to-end encrypted messengers are generally susceptible to MitM
attacks. In order to mitigate against this, messengers offer some way of
verifying the chat partner's public key. However, numerous studies found
that most popular messengers implement this public-key-verification in a
way that is not understood by users, and therefore ineffective - [a 2021
"State of Knowledge" paper
concludes:](https://dl.acm.org/doi/pdf/10.1145/3558482.3581773)

> Based on our evaluation, we have determined that all current E2EE
apps, particularly when operating in opportunistic E2EE mode, are
incapable of repelling active man-in-the-middle (MitM) attacks. In
addition, we find that none of the current E2EE apps provide better and
more usable [public key verification] ceremonies, resulting in insecure
E2EE communications against active MitM attacks.

This is why Delta Chat tries to go a different route: When the user
scans a QR code (regardless of whether the QR code creates a 1:1 chat,
invites to a group, or subscribes to a broadcast channel), a
public-key-verification is performed in the background, without the user
even having to know about this.

The statistics collected here are supposed to tell us whether Delta Chat
succeeds to nudge the users into using QR codes in a way that is secure
against MitM attacks.

**Plan for statistics-sending:**

- [x] Get this PR reviewed and merged (but don't make it available in
the UI yet; if Android wants to make a release in the meantime, I will
create a PR that removes the option there)
- [x] Set the interval to 1 week again (right now, it's 1 minute for
testing)
- [ ] Write something for people who are interested in what exactly we
count, and link to it (see `TODO[blog post]` in the code)
- [ ] Prepare a short survey for participants
- [ ] Fine-tune the texts at
deltachat/deltachat-android#3794, and get it
reviewed and merged
- [ ] After the next release, ask people to enable the
statistics-sending

Author: Hocuri

assets/self-reporting-bot.vcf renamed to assets/statistics-bot.vcf

@@ -66,7 +66,7 @@ use self::types::{
     },
 };
 use crate::api::types::chat_list::{get_chat_list_item_by_id, ChatListItemFetchResult};
-use crate::api::types::qr::QrObject;
+use crate::api::types::qr::{QrObject, SecurejoinSource, SecurejoinUiPath};
 
 #[derive(Debug)]
 struct AccountState {
@@ -381,11 +381,6 @@ impl CommandApi {
         Ok(BlobObject::create_and_deduplicate(&ctx, file, file)?.to_abs_path())
     }
 
-    async fn draft_self_report(&self, account_id: u32) -> Result<u32> {
-        let ctx = self.get_context(account_id).await?;
-        Ok(ctx.draft_self_report().await?.to_u32())
-    }
-
     /// Sets the given configuration key.
     async fn set_config(&self, account_id: u32, key: String, value: Option<String>) -> Result<()> {
         let ctx = self.get_context(account_id).await?;
@@ -884,6 +879,38 @@ impl CommandApi {
         Ok(chat_id.to_u32())
     }
 
+    /// Like `secure_join()`, but allows to pass a source and a UI-path.
+    /// You only need this if your UI has an option to send statistics
+    /// to Delta Chat's developers.
+    ///
+    /// **source**: The source where the QR code came from.
+    /// E.g. a link that was clicked inside or outside Delta Chat,
+    /// the "Paste from Clipboard" action,
+    /// the "Load QR code as image" action,
+    /// or a QR code scan.
+    ///
+    /// **uipath**: Which UI path did the user use to arrive at the QR code screen.
+    /// If the SecurejoinSource was ExternalLink or InternalLink,
+    /// pass `None` here, because the QR code screen wasn't even opened.
+    /// ```
+    async fn secure_join_with_ux_info(
+        &self,
+        account_id: u32,
+        qr: String,
+        source: Option<SecurejoinSource>,
+        uipath: Option<SecurejoinUiPath>,
+    ) -> Result<u32> {
+        let ctx = self.get_context(account_id).await?;
+        let chat_id = securejoin::join_securejoin_with_ux_info(
+            &ctx,
+            &qr,
+            source.map(Into::into),
+            uipath.map(Into::into),
+        )
+        .await?;
+        Ok(chat_id.to_u32())
+    }
+
     async fn leave_group(&self, account_id: u32, chat_id: u32) -> Result<()> {
         let ctx = self.get_context(account_id).await?;
         remove_contact_from_chat(&ctx, ChatId::new(chat_id), ContactId::SELF).await

deltachat-jsonrpc/src/api.rs

@@ -1,4 +1,5 @@
 use deltachat::qr::Qr;
+use serde::Deserialize;
 use serde::Serialize;
 use typescript_type_def::TypeDef;
 
@@ -304,3 +305,53 @@ impl From<Qr> for QrObject {
         }
     }
 }
+
+#[derive(Deserialize, TypeDef, schemars::JsonSchema)]
+pub enum SecurejoinSource {
+    /// Because of some problem, it is unknown where the QR code came from.
+    Unknown,
+    /// The user opened a link somewhere outside Delta Chat
+    ExternalLink,
+    /// The user clicked on a link in a message inside Delta Chat
+    InternalLink,
+    /// The user clicked "Paste from Clipboard" in the QR scan activity
+    Clipboard,
+    /// The user clicked "Load QR code as image" in the QR scan activity
+    ImageLoaded,
+    /// The user scanned a QR code
+    Scan,
+}
+
+#[derive(Deserialize, TypeDef, schemars::JsonSchema)]
+pub enum SecurejoinUiPath {
+    /// The UI path is unknown, or the user didn't open the QR code screen at all.
+    Unknown,
+    /// The user directly clicked on the QR icon in the main screen
+    QrIcon,
+    /// The user first clicked on the `+` button in the main screen,
+    /// and then on "New Contact"
+    NewContact,
+}
+
+impl From<SecurejoinSource> for deltachat::SecurejoinSource {
+    fn from(value: SecurejoinSource) -> Self {
+        match value {
+            SecurejoinSource::Unknown => deltachat::SecurejoinSource::Unknown,
+            SecurejoinSource::ExternalLink => deltachat::SecurejoinSource::ExternalLink,
+            SecurejoinSource::InternalLink => deltachat::SecurejoinSource::InternalLink,
+            SecurejoinSource::Clipboard => deltachat::SecurejoinSource::Clipboard,
+            SecurejoinSource::ImageLoaded => deltachat::SecurejoinSource::ImageLoaded,
+            SecurejoinSource::Scan => deltachat::SecurejoinSource::Scan,
+        }
+    }
+}
+
+impl From<SecurejoinUiPath> for deltachat::SecurejoinUiPath {
+    fn from(value: SecurejoinUiPath) -> Self {
+        match value {
+            SecurejoinUiPath::Unknown => deltachat::SecurejoinUiPath::Unknown,
+            SecurejoinUiPath::QrIcon => deltachat::SecurejoinUiPath::QrIcon,
+            SecurejoinUiPath::NewContact => deltachat::SecurejoinUiPath::NewContact,
+        }
+    }
+}

deltachat-jsonrpc/src/api/types/qr.rs

@@ -20,6 +20,11 @@ impl SystemTimeTools {
     pub fn shift(duration: Duration) {
         *SYSTEM_TIME_SHIFT.write().unwrap() += duration;
     }
+
+    /// Simulates the system clock being rewound by `duration`.
+    pub fn shift_back(duration: Duration) {
+        *SYSTEM_TIME_SHIFT.write().unwrap() -= duration;
+    }
 }
 
 #[cfg(test)]

deltachat-time/src/lib.rs

@@ -14,7 +14,6 @@ use tokio::fs;
 
 use crate::blob::BlobObject;
 use crate::configure::EnteredLoginParam;
-use crate::constants;
 use crate::context::Context;
 use crate::events::EventType;
 use crate::log::{LogExt, info};
@@ -23,6 +22,7 @@ use crate::mimefactory::RECOMMENDED_FILE_SIZE;
 use crate::provider::{Provider, get_provider_by_id};
 use crate::sync::{self, Sync::*, SyncData};
 use crate::tools::get_abs_path;
+use crate::{constants, stats};
 
 /// The available configuration keys.
 #[derive(
@@ -408,9 +408,22 @@ pub enum Config {
     /// used for signatures, encryption to self and included in `Autocrypt` header.
     KeyId,
 
-    /// This key is sent to the self_reporting bot so that the bot can recognize the user
+    /// Send statistics to Delta Chat's developers.
+    /// Can be exposed to the user as a setting.
+    StatsSending,
+
+    /// Last time statistics were sent to Delta Chat's developers
+    StatsLastSent,
+
+    /// Last time `update_message_stats()` was called
+    StatsLastUpdate,
+
+    /// This key is sent to the statistics bot so that the bot can recognize the user
     /// without storing the email address
-    SelfReportingId,
+    StatsId,
+
+    /// The last contact id that already existed when statistics-sending was enabled for the first time.
+    StatsLastOldContactId,
 
     /// MsgId of webxdc map integration.
     WebxdcIntegration,
@@ -576,8 +589,9 @@ impl Context {
     /// Returns boolean configuration value for the given key.
     pub async fn get_config_bool(&self, key: Config) -> Result<bool> {
         Ok(self
-            .get_config_parsed::<i32>(key)
+            .get_config(key)
             .await?
+            .and_then(|s| s.parse::<i32>().ok())
             .map(|x| x != 0)
             .unwrap_or_default())
     }
@@ -716,10 +730,19 @@ impl Context {
             true => self.scheduler.pause(self).await?,
             _ => Default::default(),
         };
+        if key == Config::StatsSending {
+            let old_value = self.get_config(key).await?;
+            let old_value = bool_from_config(old_value.as_deref());
+            let new_value = bool_from_config(value);
+            stats::pre_sending_config_change(self, old_value, new_value).await?;
+        }
         self.set_config_internal(key, value).await?;
         if key == Config::SentboxWatch {
             self.last_full_folder_scan.lock().await.take();
         }
+        if key == Config::StatsSending {
+            stats::maybe_send_stats(self).await?;
+        }
         Ok(())
     }
 
@@ -871,6 +894,10 @@ pub(crate) fn from_bool(val: bool) -> Option<&'static str> {
     Some(if val { "1" } else { "0" })
 }
 
+pub(crate) fn bool_from_config(config: Option<&str>) -> bool {
+    config.is_some_and(|v| v.parse::<i32>().unwrap_or_default() != 0)
+}
+
 // Separate impl block for self address handling
 impl Context {
     /// Determine whether the specified addr maps to the/a self addr.

src/config.rs

@@ -101,6 +101,8 @@ pub const DC_CHAT_ID_LAST_SPECIAL: ChatId = ChatId::new(9);
     Copy,
     PartialEq,
     Eq,
+    PartialOrd,
+    Ord,
     FromPrimitive,
     ToPrimitive,
     FromSql,