New blog post: Yes, We Want Cryptographic Protection for Email https://sequoia-pgp.org/blog/2021/06/29/202106-yes-we-want-cryptographic-protection-for-email/
The TL;DR is: email is not going away, and it is being used for some important things. So it would be negligent to give up on protecting email, just because we have Signal.
Despite the Johnny studies, which focus on ordinary users, there is a evidence that people who need protection are able to successfully use OpenPGP. For instance, hundreds of people involved in the Panama Papers correctly and consistently used PGP over the course of a year. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/mcgregor
Our email accounts are our primary online trust anchor. If you forget your password, you can use an account recovery tool to get an email that will let you back in. So can an attacker. Securing email would move the trust anchor to the encryption key.
Phishing results in huge financial loses. If businesses consistently used digital signatures, users would largely be protected without have to think.
Businesses need to communicate with everyone. Email is the common denominator. And even if they did want to use a secure messenger, they probably can't due to compliance requirements like archival. These emails deserve cryptographic protection.
@nwalfield I agree with your thesis & most of what you're saying, but I can't relate to email being the common denominator. Since #MS & #Google have broken email by restricting inbound msgs on the basis of IP, I can no longer email most people and businesses.
@nwalfield i can receive email, but I can't send it.. unless I dance for them and conform to relaying my mail through a 3rd party & needlessly expose metadata, and also give up the ability to see if the receiving servers accepts the msg.
@nwalfield when small companies DNSBL firewall their inbound mail, it's an overreaction to spam. When big corps do it, it's to monopolize under the veil of anti-spam. Either way, two-way email is dead to me.
@resist1984 @nwalfield I disagree. For about a decade my personal e-mail account has been (and continues to be) hosted with the Warsaw Hackerspace, who self-host their e-mail system. Never had any major problems with mail delivery to third-parties, including GMail and MS infrastructure.
A few months ago I also set-up my own self-hosted e-mail system using @yunohost, which makes it easy to have DMARC and SPF. It works well. No delivery problems so far either.
@resist1984 @nwalfield @yunohost and even *with* DNSBL and spam issues, e-mail is STILL more open and self-hostable than WhatsApp and Signal, and the like.
Yes, it's a bit of a chore (although it got easier with Yunohost), and no I would not expect a non-techie to host.
But even a fantastic techie would not be able to "self-host" Signal or WhatsApp to stay in touch with their users. The very thought is absurd, because these are walled-gardens.
@resist1984 @nwalfield @yunohost and that's kind of the point, isn't it.
There are plenty of problems with e-mail, and some can be fixed. And yes, it's hosting is very centralized. It still remains a more self-hostable solution, and one that gives the users more agency, than walled gardens.
@rysiek @yunohost @nwalfield in Europe you can't self host unless you pay more. In the US, you can self host but most recipients (dominant tech giants in particular) will reject. That's not "the point", it's missing the point. EFF wrote a good article on the collateral damage.
@resist1984 @nwalfield sure, and currently security is *unavailable* for *most* of communication, a large part of it happens to go through e-mail.
That is *not* going away, because e-mail is infrastructure much more than Signal and WhatsApp *could ever be*.
Ignoring e-mail is ignoring hundreds of millions of users. Telling them to move to walled gardens is simply not going to work, long-term. For all the reasons mentioned in the blogpost linked at the start of this thread.
@resist1984 @yunohost @nwalfield and with Signal and WhatsApp you *cant self-host, full stop*!
I honestly do not understand what you are arguing for here?
@rysiek @nwalfield @yunohost i oppose both Signal and WhatsApp. they are even more exclusive than email. But email is also exclusive. A premise that email is a "common denominator" is a broken premise
@resist1984 @nwalfield @yunohost okay, it's just much closer to being a common denominator, than Signal and WhatsApp could ever be. Does that sound better?
@rysiek @yunohost @nwalfield i've not suggested walled gardens. #Jami is a decent option that is not a walled garden. It's more inclusive than email, signal, and whatsapp.
@resist1984 @yunohost @nwalfield sure, but the question the blogpost answers is not: "what better system can we try to get people on?"
...but: "should we perhaps consider actually making e-mail encryption work?"
And the answer to that question is a strong "we absolutely should".
Simply because not doing that is leaving millions people vulnerable.
@rysiek @nwalfield @yunohost i'm running into lots of cases where a business or gov. agency or NGO service assumes (and expects) me to send them email. Then their server blocks me. The assumption is quite damaging because alternates are not offered. There needs to be pushback on the assumption. I'm actually taking companies to court over this.
@yunohost @nwalfield @rysiek i'll say to them in a written letter: "i can't send you email because your server blocks me.. you need to give me a phone number or discuss by letter", and their reply is "send us an email and we'll go from there".
@resist1984 @nwalfield good luck (honestly)!
Polish @panoptykon foundation sued Polish gov't agencies for blocking their e-mail server's IP address based on the fact that the same IP is running a tor node. They've won, and their server's IP got un-blacklisted.
@resist1984 @yunohost @nwalfield and I think what really annoys me (not necessarily with your position, but definitely with EFF's) is that they make a huge thing about how "exclusive" e-mail is, and then proceed to tell people to move to Signal.
🤦♀️
I've seen this pattern with the EFF for years - one can see a similar thing with their criticism of social media monopolists but still shunning of fedi. I even spoke to them about it. They don't see a problem there.
@rysiek @nwalfield @yunohost EFF's article which correctly criticizes collaterally damaging email practices long predates Signal. It was written when email was the only game in town
@yunohost @nwalfield @rysiek but certainly the #EFF's endorsement of #Signal today is despicable
@resist1984 @nwalfield I could understand it if it was a piece of a bigger puzzle: "for these specific kinds of things, Signal is your best bet; otherwise you might want to look at Jami, Briar, or OpenPGP e-mail even".
I know first-hand how important OpenPGP e-mail is for journalists in the field. And I also remember how utterly fscked I was when during E-Fail debacle, the only info EFF was sending out is "stop using e-mail", and I had nothing to work with regarding ~150 PGP-using journalists.
@rysiek @nwalfield Jami should be your first port of call because it's the most inclusive and also more secure than PGP mail (due to all the plaintext metadata). Sure failing that, PGP email may suit some circumstances but that's always a subset of what Jami can accomodate.
@nwalfield @rysiek to get an idea of the severe availability/reliability problem with email, I suggest reading this email vs #Fax article => https://oasis.code-cat.com/posts/1833714
@rysiek @nwalfield you two are addressing the 5th to the last bullet on that article (a good thing), but it's nowhere near enough to be able to consider email a common denominator.. it's more of something for cornercases or when dealing w/someone who is stuck in their ways (which I believe are the same as those who would resist PGP anyway)
@rysiek
> during E-Fail debacle, the only info EFF was sending out is "stop using e-mail"
I blogged about this at the time. The EFF's position was a ridiculous over-reaction. "Stop using HTML in email" would have been better advice if I remember the vulnerability correctly.
@strypey @nwalfield @rysiek Indeed it was an absurd overreaction, which was clear to me as my toolchain was unaffected by it. Of course it's still sensible to stop using compromised components until they're patched. In the same vein, it's a good idea to selectively stop sending email to exclusive platforms that reject RFC-compliant msgs on the sole basis of IP address. Emailing them is supporting them.
@resist1984
@yunohost @nwalfield @rysiek
I have a feeling many signal folks are waiting for session msgr (getsession.org) to improve, include voice and video features before jumping ship. that's just my feeling though.
@rysiek @resist1984 @yunohost @nwalfield
S/MIME (as built into many popular mail clients) is a lot easier for unskilled users than PGP. The problem is it requiring a signed TLS cert.
@rysiek
@resist1984 @yunohost @nwalfield
take a look at https://pep.software for zero trust encrypted email
@NatCor @nwalfield @yunohost @rysiek the problem is not crypto. I have gpg & s/mime setup. The problem is transmission -- mail servers refusing legit mail on the sole basis of IP address.
@resist1984 @rysiek @yunohost @nwalfield sadly I have to disagree on #jami (same apply to #briar) : it’s not a decent replacement for email because both user shall be online to communicate, by design there is no server to deliver or receive the message in case the devise is shut down. It is impractical to use a message system with this behavior equivalent to posting letters.
@parisni @rysiek @nwalfield @yunohost for asynchronous msgs, #Wire is better. It's centralized, but it's more inclusive and less exposing than email. It relies on email for registration, but you only need to be able to receive email so it avoids all the pitfalls of sending email.
@resist1984 @rysiek @nwalfield @yunohost IMHO matrix is the best. But this is #offtopic : email should be securized and #autocrypt is one step for this
@parisni @rysiek @nwalfield @yunohost matrix uses #Cloudflare for some of their web stuff so i've not looked further into it. I should mention that Jami can be used asynchronously, but it's not straight forward.. someone at one end has to run their own server for it to work. So indeed it's still impractical for novice-to-novice async comms.
@resist1984 @rysiek @nwalfield @yunohost matrix isself hosted. You can chose tour instance and never deal with cloudflare
@resist1984 @rysiek @nwalfield @yunohost good to know Jami can be async. I will dig this
@parisni @rysiek @nwalfield @yunohost i heard about it from someone in #jami on freenode. BTW, there are (were?) matrix bridges to some freenode channels, and those bridges went through Cloudflare servers. IIRC the only way to avoid CF was to not use matrix and connect to freenode another way. i'm sure there are CF-free ways to use matrix but I was just put off by the fact that key organizers were using CF.
@resist1984 @rysiek @nwalfield @yunohost i dont see a real problem for matrix being behind cloudflare or any man in the middle. Matrix is e2e encrypted.
@parisni @rysiek @nwalfield @yunohost there are a couple ways to promote privacy abuse. One way is to directly expose profitable data to the abuser. The other way is to use the services of some entity that has a privacy abuser in the supply chain.
@yunohost @nwalfield @rysiek @parisni I've not investigated this case in detail, but one question is whether CF sees the user's IP address. If not, then the privacy issue may be indirect (CF doesn't give gratis service for nothing; e.g. CF profits from every solved captcha)
@resist1984 @yunohost @nwalfield @rysiek sure it does see IP address. no more. While I condamn cloudflare as a huge problem for the internet in the case of matrix, i that,s OK this is mitigated with great design
@resist1984
> for asynchronous msgs, #Wire is better.
What about using XMPP or matrix apps? I used Wire extensively for a while but Element and Snikket are pretty competitive now with the Wire feature set, without the centralization.
@strypey @yunohost @nwalfield @rysiek @parisni Wire has shortcomings for sure. XMPP is great for advanced users. Matrix caters for novices IIUC but #Cloudflare has a role that screams run away. #Element.io is a #Cloudflare site. It's avoidable (thanks fdroid!) but it's a big red flag that the people behind it are not on the ball & so it should be approached w/great caution b/c incompetency can manifest in other ways.
@resist1984
Do let us know if you come across any issues.
𝚜𝚎𝚕𝚎𝚊
@selea @yunohost @nwalfield @rysiek @parisni Because it's not broken. A working centralized solution like Wire is better in more situations than a broken decentralized solution (email). Of course if you can find a viable working decentralized option for the case at hand, that's your answer. But email is mostly broken notwithstanding non-MACFANG corner cases.
@parisni @yunohost @nwalfield @resist1984 @rysiek with swarm any device connected in the swarm will be able to store and retransmit.
@AmarOk @yunohost @nwalfield @resist1984 @rysiek apparently swarm works for one to one conversation and is based on git ?https://jami.net/swarm-introducing-a-new-generation-of-group-conversations/
@parisni @yunohost @nwalfield @resist1984 @rysiek it also works for group but yeah
@parisni
@yunohost @AmarOk @nwalfield @resist1984 @rysiek
matrix also working on p2p project called dendrite.
@resist1984, Jami is certainly cool and promising, but adoption is an issue. Same for XMPP (which also supports PGP and more recently OMEMO), which is quite self-hostable. I’d consider solving this on the same level of impossibility with email monopoly and hostile ISPs.
There is also Matrix which I use the most frequently and even got adopted by e.g. the French government but the specs is too complicated to be implemented completely beside the reference client and server, which is expensive enough to operate that most are using matrix.org.
We have the technologies at hand, we just lack the power to make actual social changes.
Cc: @rysiek, @yunohost, @nwalfield
@resist1984
Jami is a cool idea, and unlike Toxic apps it offers a fairly consistent UI across the major OS. But in my experience it's still a PoC, of limited practical use. Basic functions like group text chat and message syncing between devices are still absent, despite being promised for years.
@resist1984
Jami is a cool idea, and unlike Tox apps it offers a fairly consistent UI across the major OS. But in my experience it's still a PoC, of limited practical use. Basic functions like group text chat and message syncing between devices are still absent, despite being promised for years.
@resist1984
Jami is a cool idea, and unlike Tox apps it offers a fairly consistent UI across the major OS. But in my experience it's still a PoC, of limited practical use. Basic functions like group text chat and message syncing between devices are still absent, despite being promised for years. Unless there are newer versions that don't work on my ancient devices?
@resist1984 @rysiek @yunohost @nwalfield Would you have a link to that article available?
@nwalfield @yunohost @rysiek the point to security is /availability/ (ensuring that ppl can communicate). Spam degrades quality, but blunt anti-spam efforts actually kill availability, when the whole point to fighting spam is to increase availability.