
Email Self-Defense – a guide to fighting surveillance with GnuPG - tjr
https://emailselfdefense.fsf.org/
======
mapgrep
The very first step, assuming you already have an email account, for all
platform pages:

>INSTALL THE ENIGMAIL PLUGIN FOR YOUR EMAIL PROGRAM

I Googled Enigmail as I was not familiar with it. It is "a security extension
to Mozilla Thunderbird and Seamonkey." This seems incredibly shortsighted.
Tons of people out there are on Outlook, Apple Mail, Gmail, etc. and not
interested in Thunderbird.

There are other options, for example the surprisingly EXCELLENT gpgtools.org
installer for Mac, which makes it super-easy to add signing and
encrypt/decrypt and key management to OS X and Apple Mail. A quick Google
reveals the nicely packaged gpg4win.org (I haven't used it). There's also
Google's new Gmail GPG plugin (although yes it's beta)
[https://code.google.com/p/end-to-end/](https://code.google.com/p/end-to-end/)

I know this is the FSF, but I'd hope in the interest of defeating the
surveillance state they could set aside dogma.

(Also, that page shouldn't default to the Linux options when I'm visiting from
a Mac browser.)

~~~
tptacek
GPGMail for OS X (what you recommended here) works quite well, and I recommend
it too. That team also does a good job of keeping up with Mail.app versions
(which is a hard job).

~~~
zenojevski
I found the GPG tools on Mac quite good as well.

But I thought I'd do things the "right" way. Use master/sub keys, linked
identities, with masters kept offline... The friction was _immense_,
especially managing the identities, mucking with the keyring files, then
deleting the master key from the online keyring, and so on.

I still have my off-site db secure, but I don't look forward at all to opening
it again. I don't want to remember the precise series of steps involved before
everything worked correctly.

How can I solve this? I just want to manage a few identities (personal, as a
citizen, work account, "stuff", etc.), some of them trusting each other.

Common sense makes me think I'm way over-complicating. But I was always told
that any other way wouldn't really be secure. I though I would just be very
pro-active with key revocation and that would eliminate most of the problem...

------
atmosx
I get and send ~ 10 to 15 emails per week. Not even 1 of my regular
'correspondence' uses GnuPG. It's too complicated to setup and even harder to
use for avg Joe, like bitcoin, he has to spent time understanding totally new
concepts. And no one is willing to do that, unfortunately :-(

~~~
sp332
It's true, Glenn Greenwald said that he almost gave up on Snowden's
information because it was too hard to set up GPG correctly!

~~~
tptacek
He did give up on GPG, and instead used Cryptocat, at a time during which it
appears to have been possible to decrypt Cryptocat conversations from network
traces due to key generation bugs.

------
feralmoan
I'm still constantly surprised that this feature isn't ubiquitously built into
mail clients by default and users don't get a big 'enable encryption' button
which automates sane defaults/manages the keychain transparently. It doesn't
seem like such a complicated abstraction that it needs so much manual setup

~~~
arjie
I remember it being built-in to clients in the past. Certainly Evolution
(Ximian, Novell, Gnome) did when I last used it half a decade ago. You could
encrypt your message, sign it, and the other side would (if they had your
public key) see a nice 'Signature verified' on the other side.

It was a fairly smooth workflow except for having to type in your passphrase
in for everything.

------
887
For Android you can use APG and K9-Mail. You will learn to love it if you have
multiple accounts and 'get' the interface.

Recommended use is with Thunderbird and Enigmail on desktop, where you should
also have your mail filters sorting your mail to the IMAP folders.

To install use F-Droid. F-Droid ist the Open Software Repository for Android.
[https://f-droid.org/](https://f-droid.org/)

This is/feels like the recommended way to use PGP at the moment or at least
the most useable.

~~~
knitatoms
Agreed - I'm using this setup and it works really well.

~~~
mkesper
How do you treat PGP/MIME E-Mails? PGP-Inline is dead.

~~~
knitatoms
Good point - that's the only issue I have with K9 and AGP on Android. I'm
happy to live with only being able to view encrypted attachments on the
desktop at the moment.

There's an open issue to add PPG/MIME:
[https://code.google.com/p/k9mail/issues/detail?id=5864](https://code.google.com/p/k9mail/issues/detail?id=5864)

There's also an open bounty which can be contributed to:
[https://www.bountysource.com/issues/815255-pgp-
mime](https://www.bountysource.com/issues/815255-pgp-mime)

~~~
887
Small Update:

You can get the latest K9 Alpha from here:
[https://github.com/k9mail/k-9/releases/tag/4.904](https://github.com/k9mail/k-9/releases/tag/4.904)

..and should use OpenKeyChain instead of APG, since its no longer maintained.
[http://openkeychain.org/](http://openkeychain.org/) (also available on
F-Droid)

This at least removes the need to push decrypt on every Message although thee
might be Bugs.

~~~
knitatoms
Thanks for the info and links.

------
AlexMax
If you're using a Mac, the excellent MailMate mail client supports GnuPG
natively.

[http://manual.mailmate-
app.com/preferences#openpgp_and_smime](http://manual.mailmate-
app.com/preferences#openpgp_and_smime)

I can't speak to any shortcomings in its PGP support, as it's not something I
personally use, but I've been using it as a MacMail/Thunderbird replacement
since last September and have been quite satisfied.

~~~
cyphunk
This looks great but it is closed source. Perhaps that will change with his
crowd finding? Until it becomes OSS there is no way I can use it

~~~
m4x
Does being OSS actually matter for this app? It would still be running on a
proprietary OS, and you won't be personally inspecting the code closely enough
to know that it's secure anyway.

If you were concerned about what was being sent and to where, you would
probably be better off to capture all traffic originating from your computer
and verify that nothing extra is being sent, and that the destination is
appropriate. Whether it was sent by open or closed source software is utterly
irrelevant

------
gabriel34
Email is insecure at it's design, yet we trust our digital lives to it and use
it as proof of identity. Security should be at the protocol level for it to be
universally used.

------
patrickdavey
I do miss firegpg [http://blog.getfiregpg.org/2010/06/07/firegpg-
discontinued/](http://blog.getfiregpg.org/2010/06/07/firegpg-discontinued/)

FireGPG was super easy to use with Gmail (that said, I suppose Google would
have grabbed the cleartext in the interim draft state anyway)

------
zobzu
infographics are nice but as long as all platforms and commonly used clients
(not just email ones) have an EASY to use GnuPG implementation this seems
bound to fail.

Google's initiative seems like a good idea of course. The command line utility
itself could use some MAJOR love tho.

And even the best GUI clients are very confusing for new users. When I explain
the concepts behind the trust model they get it. When they have to use the UI
they dont find what they need.

------
brechmos
It will be more helpful when GMail has it built in... Google?

~~~
iak8god
Google makes money on GMail by reading your email and serving related ads.
They will never support built-in encryption.

~~~
schoen
I have worried about this incentive too, but they've just yesterday released
some software that moves in this direction (though characterizing it as a
special case for people who need extra security). But in the past I feared
that they would even periodically update Gmail in ways that would break
compatibility with browser-based encryption; I think the fact that they're
publishing their own end-to-end browser-based e-mail encryption software shows
that they're at a minimum willing to accept it as a supported feature.

~~~
iak8god
Well, good. I'd probably even pay a reasonable monthly fee for that to offset
their lost ad revenue.

------
esbonsa
This doesn't appear to solve the metadata problem which is what the NSA seem
to think is the most valuable (or at least that they have the least
difficulties to get and process).

