Revisit "How private are webxdc apps?" (because of real-time channels)

[WofWca]

With the addition of real-time channels, and the plans to enable this feature by default (deltachat/deltachat-core-rust#6125), I think it's worth to revisit this section:

deltachat-pages/en/help.md

Lines 908 to 918 in 1b5fc44

	### How private are webxdc apps?
	- webxdc apps can not send data to the Internet, or download anything.
	- A webxdc app can only exchange data within a Delta Chat chat, with its
	copies on the devices of your chat partners. Other than that, it's completely
	isolated from the Internet.
	- The privacy a webxdc app offers is the privacy of your chat - as long as you
	trust the people you chat with, you can trust the webxdc app as well.
	- This also means: it can be a privacy risk to open webxdc apps in chats where
	you don't trust the members - as you know it from e-mail attachments, where
	you only open attachments from senders you trust, and not from spammers.

Real-time channels are off-band (i.e. communicate outside the chat's communication channel), so the section is not quite correct anymore.

I think webxdc apps can now be compared to P2P video calls, e.g. as in Signal.

[r10s]

has really much changed here? sending and downloading data from/to the "internet" is still not possible. and esp. the last to points points already reads as if it was written with having p2p already in mind - you need to trust the members.

still, maybe change the 4th point to:

 - This also means: it can be a privacy risk to open apps in chats with untrusted members.
  Just like with e-mail attachments, video calls or plain links:
  open them only from senders you trust, and not from spammers.
  Spammers can get to know any data you send to them, as well as your IP address.

I think webxdc apps can now be compared to P2P video calls, e.g. as in Signal.

maybe. signal does not say much about p2p on their faq, btw, at least not at a first glance: https://support.signal.org/hc/en-us/articles/360007060492-Voice-or-Video-Calling

[WofWca]

has really much changed here?

Without real-time channels I can open a webxdc app in, let's say the "DC Community" group without worrying about my IP getting leaked to the members.
With real-time channels I cannot, even if the app itself does not maliciously try to collect data but just uses real-time channels in a regular way.

In addition, malicious chat members are not the only problem: it's also the outside observers that can discover who is talking to whom by making P2P connections between each other.

[r10s]

sure, but that you need to trust the chat members is already already mentioned in the FAQ.

i tried to clarify that, by comparing with plain links, attachment and video calls, which share the same issue (one should be at least same afraid of tapping a link in "DC Community", probably more, as the tooling for links is still better than for creating a hacked delta chat)

[WofWca]

The privacy a webxdc app offers is the privacy of your chat

This part is outdated IMO. Maybe I'm just tunnel-visioned, knowing how it used to be before the real-time stuff, but this might be read as "webxdc apps communicate through the same channel that is used to send regular messages" (which is not the case anymore with real-time channels).

[r10s]

i think, the part is not really meant technical, but more abstract, as clarified after the comma. key point and advantage is that not random internet folks can access the apps, as it is usual in many comparable concepts. also, ppl reading this FAQ will not think about "before" and "after" as we currently do :)