Really. I never could figure out how I'd get my public key in the hands of the people I was emailing in a way they would know how to use it to open and read my emails before deleting them in frustration...
E2E encrypted email can only work if it requires no more effort than regular email. OpenPGP doesn't come close.
That is why I spent the past four years building a cryptographic infrastructure that does ALL the work for the users. All the management of public and private keys is hidden under the covers. The user never has to think about any of it.
The technology making this possible wasn't available when we built S/MIME and PGP.
but I think it’s fair to look at something like WhatsApp and ask “why can a new system accomplish pervasive E2EE within a few years but e-mail still can’t after decades?” (Because e-mail isn’t centralized and has more compatibility to worry about. But still!)
Thank you for recommending our privacy-first email service!
If you have any questions about any of our products don't hesitate to check our Support sections: https://proton.me/support and https://protonvpn.com/support/, or contact us on Twitter (@ProtonSupport). We also respond on other social media channels, and have very active communities on Reddit (r/ProtonMail, r/ProtonDrive and r/ProtonVPN).
Get support for all of Proton's secure services, including free encrypted email, calendar, and drive. Find answers to your questions here or contact support.
I will say that some of the smartest people working on Mastodon and the fediverse right now are working on this very problem, and I'm pretty excited to see it become part of the stack.
I use Fediverse direct (mentioned only) messages for authentication in Owncast. Having these messages e2e encrypted would be a huge plus for this particular case. How do I get involved with this on a Fediverse (not Mastodon) level? At least I'm hoping it's not Mastodon only thing.
I think I have something that can fit your requirements.
I have been building cryptographic infrastructures for 30 years now, I made contributions to PKIX, WebPKI and SAML. For the past 4 years I have been working on what I consider the unfinished business - PKI for end users.
Since I can’t be bothered to do usability testing, I have adopted the principle that there must be absolutely no additional steps required to achieve security. So E2E chat must look exactly the same to the user as regular chat, which Signal showed is possible. Same for configuring mail clients for S/MIME, OpenPGP, etc.
I am currently working on adding end to end secure chat. From there, there is a really easy bridge to end to end secure voice and video by leveraging WebRTC. My original plan was for this to be phase 3 or 4 but I brought that forward due to the bird site fiasco and the UK criminalization of cryptography bill.
The Mesh is an open service so anyone can run a Mesh service, users of one service can interact with users of any other service just like with SMTP email. It is also possible for users to switch from one provider to another without switching costs. All the specs are open and the reference code is open source.
The protocol suite currently supports 2FA, contact exchange, bookmarks and password management, all completely E2E secure with a 2120 or better work factor throughout. It is not currently PQC but that can be added later.
My long term goal is to allow each Internet user to obtain permanent personal identifiers which do not expire or require any renewal fees. It is not possible to do this for free at a global level and do it right. But I can do it to an absurd degree of fidelity for $0.10 per name which seems fair in comparison to the cost of ICANN names. We will have to spin up a not for profit to manage that and stop people turning it into another yacht buying fund.
Why do you want to encrypt posts? They are meant to be publicly available. DMs are not e2eed on Mastodon too (at least it is the case on the server which I have chosen and it is written in the ToS). But I don't find it bad anyway.
That is a feature not a bug, right? I think there are better tools for privacy communication. But global communities should be open (non-encrypted) by default to encourage discovery.
I don't care about sending a DM in the clear, but the UI leads to embarrassing errors. For example if you mention someone in a DM now they're brought into the DM. Also it should be a distinct button not part of a list. More than once I've clicked on the wrong option with horrible results. I think there needs to be better segregation of the entire function.
I'm surprised, with all the advances in techniques and knowledge we have, and all those chat applications, that email remains basically unchanged since the times of RFC821/822 (both of 1982 vintage).
Heck, most of the people I work with weren't even born when these two RFC were written!
Regarding #Email, they are end-to-end encrypted if the email application supports #SMIME.
As you know, this isn't commonplace because of the rise of centralized emails servers that simply won't allow said functionality due to its incompatibility with their #SurveillanceCapitalism based business models.
Luckily, more email is happening via Apple Mail, courtesy of #iOS, which actually fully supports S/MIME for digitally signing and/or encrypting emails.
Neil E. Hodges
in reply to Evan Prodromou • •like this
Evan Prodromou, pocket philosopher 🦐, METADESTROYER !! (He/Him), Quincy and António Manuel Dias like this.
Evan Prodromou
in reply to Neil E. Hodges • • •Sören
in reply to Neil E. Hodges • • •Grassroots Joe
in reply to Sören • • •Phillip Hallam-Baker
in reply to Grassroots Joe • • •E2E encrypted email can only work if it requires no more effort than regular email. OpenPGP doesn't come close.
That is why I spent the past four years building a cryptographic infrastructure that does ALL the work for the users. All the management of public and private keys is hidden under the covers. The user never has to think about any of it.
The technology making this possible wasn't available when we built S/MIME and PGP.
Grassroots Joe
in reply to Phillip Hallam-Baker • • •Hope it can get incorporated into various email UIs.
Neil E. Hodges
in reply to Sören • •Sören
in reply to Neil E. Hodges • • •Decentralized identity is a hard nut to crack.
Neil E. Hodges likes this.
Sören
in reply to Sören • • •METADESTROYER !! (He/Him)
in reply to Neil E. Hodges • • •Proton Mail
in reply to METADESTROYER !! (He/Him) • • •If you have any questions about any of our products don't hesitate to check our Support sections: https://proton.me/support and https://protonvpn.com/support/, or contact us on Twitter (@ProtonSupport). We also respond on other social media channels, and have very active communities on Reddit (r/ProtonMail, r/ProtonDrive and r/ProtonVPN).
Proton Support
Protonmcc
in reply to Evan Prodromou • • •Evan Prodromou
in reply to mcc • • •Mori
in reply to Evan Prodromou • • •Evan Prodromou
in reply to Evan Prodromou • • •Gabe Kangas
in reply to Evan Prodromou • • •Evan Prodromou
in reply to Gabe Kangas • • •Phillip Hallam-Baker
in reply to Gabe Kangas • • •I have been building cryptographic infrastructures for 30 years now, I made contributions to PKIX, WebPKI and SAML. For the past 4 years I have been working on what I consider the unfinished business - PKI for end users.
Since I can’t be bothered to do usability testing, I have adopted the principle that there must be absolutely no additional steps required to achieve security. So E2E chat must look exactly the same to the user as regular chat, which Signal showed is possible. Same for configuring mail clients for S/MIME, OpenPGP, etc.
I am currently working on adding end to end secure chat. From there, there is a really easy bridge to end to end secure voice and video by leveraging WebRTC. My original plan was for this to be phase 3 or 4 but I brought that forward due to the bird site fiasco and the UK criminalization of cryptography bill.
The Mesh is an open service so anyone can run a Mesh service, users of one service can interact with users of any other service just like with SMTP email. It is also possible for users to switch from one provider to another without switching costs. All the specs are open and the reference code is open source.
The protocol suite currently supports 2FA, contact exchange, bookmarks and password management, all completely E2E secure with a 2120 or better work factor throughout. It is not currently PQC but that can be added later.
My long term goal is to allow each Internet user to obtain permanent personal identifiers which do not expire or require any renewal fees. It is not possible to do this for free at a global level and do it right. But I can do it to an absurd degree of fidelity for $0.10 per name which seems fair in comparison to the cost of ICANN names. We will have to spin up a not for profit to manage that and stop people turning it into another yacht buying fund.
:heart_pan: jo
in reply to Evan Prodromou • • •Kirill Ivanov
in reply to Evan Prodromou • • •Kofu
in reply to Evan Prodromou • • •Mike Fraser :Jets:
in reply to Evan Prodromou • • •Attila Kinali
in reply to Evan Prodromou • • •Heck, most of the people I work with weren't even born when these two RFC were written!
METADESTROYER !! (He/Him)
in reply to Evan Prodromou • • •IllTemperedCaviar
in reply to Evan Prodromou • • •Evan Prodromou
in reply to IllTemperedCaviar • • •IllTemperedCaviar
in reply to Evan Prodromou • • •Phillip Hallam-Baker
in reply to Evan Prodromou • • •I have the technlogy.
Dr. Matt Lee
in reply to Evan Prodromou • • •Evan Prodromou
in reply to Dr. Matt Lee • • •Dr. Matt Lee
in reply to Evan Prodromou • • •Evan Prodromou
in reply to Dr. Matt Lee • • •Eric G.
in reply to Evan Prodromou • • •Dr. Matt Lee
in reply to Evan Prodromou • • •:heart_pan: jo
in reply to Dr. Matt Lee • • •Content warning: Secret Caesar
Evan Prodromou
in reply to :heart_pan: jo • • •Content warning: Secret Caesar
Kingsley Uyi Idehen
in reply to Evan Prodromou • • •As you know, this isn't commonplace because of the rise of centralized emails servers that simply won't allow said functionality due to its incompatibility with their #SurveillanceCapitalism based business models.
Luckily, more email is happening via Apple Mail, courtesy of #iOS, which actually fully supports S/MIME for digitally signing and/or encrypting emails.