Software Alternatives & Reviews

We’re members of the Global Encryption Coalition and we are fighting attempts from governments to undermine or ban the use of strong encryption – AMA

Signal Roundcube Delta Chat Autocrypt
  1. 1
    Fast, simple & secure messaging. Privacy that fits in your pocket.
    Pricing:
    • Open Source
    Authentication: for any encrypted messaging system, one of the critical concerns is about whether you know who the other party is. (if I send you a confidential message without knowing that you are who I think you are, it might end up leaking to the wrong person). Most modern encrypted messaging apps (e.g., Signal) rely on a single central authority to identify users, mainly punt on independent authentication -- you might get the occasional "key changed" message or alert, but most people don't have a way to respond to those, other than just accepting it and moving on. Traditional work on e2ee e-mail got bogged down in authentication questions, and we have two competing (and non-interoperable) mechanisms for authentication: OpenPGP certificates (which support independent networks of identity certiifcation) and S/MIME certificates (which depend on the same trust model that we use for the Web). Both are still in use today, but it's hard for OpenPGP users to send messages to S/MIME users, and vice versa. How do we fix this? Either one standard wins out, or implementers prioritize adopting both standards concurrently, and make room . I think e-mail implementers have a lot to learn from the (lack of) attention given to authentication by e2ee messenger systems like Signal.

    #Communication #Group Chat & Notifications #Messaging 180 social mentions

  2. Web-based IMAP email client
    Pricing:
    • Open Source
    Webmail: Many people don't even use an e-mail client today -- they use webmail to access their messages, or they use a local app that itself depends heavily on a webmail server on the backend to do the heavy lifting. When the server is doing the e-mail handling and rendering work, the server has to have access to the cleartext. Even in situations where the messages are decrypted in javascript (or a Java applet) on the client side, if the client-side code is sent by the server, the server could be compromised and told to send different code (see Hushmail's failures in 2007) How do we fix this? We need more e-mail client developers to take e2ee e-mail seriously, and we need them to focus on security and usability. Browser-extension-based e-mail clients are another possibility (e.g. Mailvelope and its interaction with webmail) systems like Roundcube), but they still rely on a lot of metadata to be exposed on the server-side.

    #Email #Email Clients #SMTP Server 15 social mentions

  3. The messenger with the broadest audience in the world.
    Usability: Traditional e-mail clients that added support for e2ee did just about enough work to be able to claim it was functional. but we know, decades later, that software needs to be extremely simple and well-designed for large numbers of users to adopt it. So when users were faced with weird, confusing, or buggy tooling, they typically turned it off. How do we fix this? A lot more active research needs to be done! See draft-ietf-lamps-e2e-mail-guidance for suggestions about how implementers of e-mail clients can streamline things for users. Other projects like Autocrypt outline ways for e2ee e-mail to reach levels of simplicity that have never been attained with legacy clients. Check out projects like Delta Chat that take usability lessons from the messenger space but use e-mail transport for the backend.

    #Communication #Group Chat & Notifications #Chat 41 social mentions

  4. Convenient End-to-End Encryption for E-Mail
    Usability: Traditional e-mail clients that added support for e2ee did just about enough work to be able to claim it was functional. but we know, decades later, that software needs to be extremely simple and well-designed for large numbers of users to adopt it. So when users were faced with weird, confusing, or buggy tooling, they typically turned it off. How do we fix this? A lot more active research needs to be done! See draft-ietf-lamps-e2e-mail-guidance for suggestions about how implementers of e-mail clients can streamline things for users. Other projects like Autocrypt outline ways for e2ee e-mail to reach levels of simplicity that have never been attained with legacy clients. Check out projects like Delta Chat that take usability lessons from the messenger space but use e-mail transport for the backend.

    #Security & Privacy #Online Services #Business & Commerce 13 social mentions

Discuss: We’re members of the Global Encryption Coalition and we are fighting attempts from governments to undermine or ban the use of strong encryption – AMA

Log in or Post with