This is a really nice write up. The automated recipient for testing is particularly cool.
The problem with it though is that the average person isn't going to read 10 pages of configuration and warnings to set up an email client. Hell I doubt the average person who works in tech will even bother with that, let alone John Q. Public.
Also minor nitpick:
> Before configuring GnuPG though, you'll need the IceDove desktop email program installed on your computer. Most GNU/Linux distributions have IceDove installed already, though it may be under the alternate name "Thunderbird."
That's backwards. Thunderbird is the root name of the software and IceDove is Debian's debranded / rebranded version of it. Also, I don't think it's actually installed by default on most desktop Linux systems.
Firstly, its great that more people are encouraging email encryption but why write yet another guide to it with essentially the same content as so many other similar guides? Considering its FSF, why not spend the time enhancing and updating existing open source/ creative commons guides?
For example Security in a Box, EFF Surveillance Self Defence and our own Umbrella App (we would love more community contributions). These are just some of the 15+ guides to essentially the same thing - using free open source encryption tools. Can't we all work together? I know some of us are using the Content as Code standard (on Github) to try and make this easier. There is so much more we need to address without writing the same stuff.
Wasn't there an EFF or Mozilla project to make e2e encryption as easy as using signal? Some code was written, I think even a plugin for thunderbird for testing.
Anyone remember the name?
I think basically it would lookup the recipients email address to see if they were a user. If not, they would send a invite type message. If they were a user then it would lookup their public key and encrypt it.
I think it was PGP compatible, basically just some glue to replace the PGP usablility issues related to key generation, web of trust, etc.
6 comments
[ 4.5 ms ] story [ 14.6 ms ] threadThe problem with it though is that the average person isn't going to read 10 pages of configuration and warnings to set up an email client. Hell I doubt the average person who works in tech will even bother with that, let alone John Q. Public.
Also minor nitpick:
> Before configuring GnuPG though, you'll need the IceDove desktop email program installed on your computer. Most GNU/Linux distributions have IceDove installed already, though it may be under the alternate name "Thunderbird."
That's backwards. Thunderbird is the root name of the software and IceDove is Debian's debranded / rebranded version of it. Also, I don't think it's actually installed by default on most desktop Linux systems.
I love the FSF and what it stands for however, I really think they have a huge communications issue with the average person, heck, most people.
Just looking over the page gave me a headache.
No one is going to go through all those steps to secure email when, to be perfectly honest, most don't care if their email is secure.
If they want most people to adopt secure email, they should look at how easy let's encrypt made getting and administrating SSL certs.
For example Security in a Box, EFF Surveillance Self Defence and our own Umbrella App (we would love more community contributions). These are just some of the 15+ guides to essentially the same thing - using free open source encryption tools. Can't we all work together? I know some of us are using the Content as Code standard (on Github) to try and make this easier. There is so much more we need to address without writing the same stuff.
Anyone remember the name?
I think basically it would lookup the recipients email address to see if they were a user. If not, they would send a invite type message. If they were a user then it would lookup their public key and encrypt it.
I think it was PGP compatible, basically just some glue to replace the PGP usablility issues related to key generation, web of trust, etc.