It's the end of 2019 and there still is no decent, usable, #PGP-enabled e-mail client that I could roll-out to regular, non tech-savvy users without feeling bad.

10 years ago that would have been #KMail. But KMail shot itself in the foot, knee, and hip with Akonadi.

#Thunderbird is... Thunderbird.
#Mailpile doesn't do writes to IMAP, so you either use *only* it, or not use it at all.

#Kube just crashed on me because I tried to reply to a signed e-mail.

Anybody any other suggestions?

@rysiek have you tried @delta ? The Desktop client ist out of beta soon, Android just released on Google Play. OpenPGP via , but with quite nice verification flows to counter MITM.

@compl4xx I have not. I have an issue with how Autocrypt seems to make it impossible to *enforce* encryption. Can't find info if in Delta Chat I can enforce encryption to certain contacts or on certain messages, regardless of what Autocrypt deems proper. If not, that's a no-go.

@rysiek also, the Desktop app seems to be Electron-based. Not strictly a no-go, but a bit meh. I will install and test it out, though. Thanks!

@rysiek well, the encryption is consensual, but usually your contacts will have it turned on. And if they don't, why & how would you want to force encryption?

If someone turns it off, it's not worse than if they don't even have it installed. And then you couldn't encrypt to them anyway...

@compl4xx because my contacts use a number of e-mail clients, and they work with sensitive sources that might get killed if an e-mail goes accidentally in the clear.

So I need to be able to make sure this doesn't happen even if accidentally their e-mail client signals "no encryption please".

@compl4xx and for the record, I am not talking "hypothetically":
occrp.org/en/plunder-and-patro
occrp.org/en/amurderedjournali
occrp.org/en/thedaphneproject/
occrp.org/en/documentaries/kil

We deal with actual physical danger. And we need all possible ways to protect sensitive information. The way Autocrypt does it is dangerous in our particular situation.

Follow

@rysiek Okay, then you can take a look at addons.thunderbird.net/en-US/t

You can force encryption, you can not fuck up as easily as with Enigmail, it's compatible with Thunderbird 68+, you don't have to explain how keys work.

Good luck with everything!

@compl4xx oh, interesting. Last time I checked forcing encryption was explicitly not an option. Thanks!

@rysiek Yeah, just checked it - you can manually set this button to green if it's possible to encrypt, thereby forcing encryption. And because Autocrypt recommends to encrypt all replies to encrypted messages (for not leaking quotes, e.g.), every message after that will be encrypted as well.

@rysiek (That was possible when the recipient had autocrypt installed, but "Allow Automated"/"Prefer Mutual Encryption" turned off. Of course, when there is no Autocrypt key for the other person, it's not possible to encrypt to them.)

@compl4xx is it possible to globally set "always encrypt if key available, regardless of Autocrypt signalling from other end"? That's the thing I need.

@rysiek Hm, you could discuss it with @Valodim, the best place for that would be github.com/autocrypt-thunderbi I guess.

I suggest to read k9mail.github.io/2018/02/26/Op beforehand, so he does not have to repeat his arguments ;) Also it's a good text which explains the reasoning behind the current UX better than I can.

@compl4xx I spoke with @Valodim in person about this. We have basically agreed that in my particular threat model Autocrypt is not what makes sense. Which was the source of my original comment about Autocrypt and enforcement of encryption.

So yeah.

@rysiek @Valodim lol :D cirrrrcles. But yeah, E-Mail encryption is hard 🤷

Sign in to participate in the conversation
chaos.social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!