Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
urbanists.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a server for people who like bikes, transit, and walkable cities. Let's get to know each other!

Administered by:

Server stats:

570
active users

urbanists.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#openpgp

3 posts2 participants0 posts today
Public
🔗 David Sommerseth

So I've given @mailfence a very quick test on their Free tier.

That seems to be quite reasonable alternative for e-mail services. In som parts it's what I would expect @mailbox_org being. Except of one thing: Unencrypted incoming e-mails will not be stored encrypted.

Since I'm on the free tier currently, I've not tested the IMAP integration.

The weakness of #Mailfence and #Mailbox are that the PGP setup requires some efforts to happen. The "settings" panel on Mailfence is cleaner and better organized than mailbox.org, but the latter one is capable of ensuring all received e-mails are stored encrypted - regardless if it was encrypted at arrival or not.

PGP key management is still not as easy as it should be for non-tech users. "It should just happen automatically", is my stance here. It's close to being good, but you need to explicitly enable encryption on each mail you send - unless you reply to an already encrypted mail. This will confuse users and it will result in more unencrypted mails sent than intended.

Neither Mailfence nor mailbox.org will decrypt encrypted Subject fields.

I've briefly tested the WebDAV integration, which seems to work. But WebDAV is not end-to-end-encrypted, so uploaded data will not be stored in so-called "zero access" mode. This means the Mailfence people managing their servers can access and read your data. This will be the same for CalDAV/CardDAV too (calendar and contacts synching)

Mailbox.org recently announced they will upgrade their login system - which is long overdue. Their OTP setup is currently just confusing and very far from user friendly. Here Mailfence is very straight forward.

Both Mailfence and #mailbox_org still got quite a long way to provide a properly privacy enabled service. They're on a good path, but currently far from the capabilities of @protonprivacy, even on the most basic features in e-mail.

#privacy#email#pgp
Continued thread
Public *
Delta Chat

Some of you may have heard of #simplex which likes to elevate itself as "the first messenger without user-ids" ... a goal, similar to ours, of not letting the transport layer know about who talks. Only we are doing it in the email system, fully interoperable with tens of thousands of existing email servers and other #openpgp endpoints. The email system is much more than SMTP/IMAP or even openpgp btw ... there is plenty of room for radical shifts and new takes. We are just starting :)

Public
Delta Chat

#openpgp traditions and #signal both bind a cleartext identifier, phone number or email address, to a cryptographic key. It opens up attack vectors as the servers/orgs controlling this binding can interfere.

#deltachat avoids such cleartext identity bindings by creating random #chatmail addresses, as transport only. The cryptographic key becomes the identifier and we want it hidden from the transport layer. Only people being in end-to-end encrypted chat need to identify each other, after all.

Replied in thread
Public
Preston Maness ☭

@Xeniax Totally nerdsniped :D I'd love to be a part of the study.

I don't think that #KeyServers are dead. I think they evolved into Verifying Key Servers (VKS), like the one run by a few folks from the OpenPGP ecosystem at keys.openpgp.org/about . More generally, I believe that #PGP / #GPG / #OpenPGP retains important use-cases where accountability is prioritized, as contrasted with ecosystems (like #Matrix, #SignalMessenger) where deniability (and Perfect Forward Secrecy generally) is prioritized. Further, PGP can still serve to bootstrap those other ecosystems by way of signature notations (see the #KeyOxide project).

Ultimately, the needs of asynchronous and synchronous cryptographic systems are, at certain design points, mutually exclusive (in my amateur estimation, anyway). I don't think that implies that email encryption is somehow a dead-end or pointless. Email merely, by virtue of being an asynchronous protocol, cannot meaningfully offer PFS (or can it? Some smart people over at crypto.stackexchange.com seem to think there might be papers floating around that can get at it: crypto.stackexchange.com/quest).

To me, the killer feature of PGP is actually not encryption per se. It's certification, signatures, and authentication/authorization. I'm more concerned with "so-and-so definitely said/attested to this" than "i need to keep what so-and-so said strictly private/confidential forever and ever." What smaller countries like Croatia have done with #PKI leaves me green with envy.

keys.openpgp.orgkeys.openpgp.org
Replied in thread
Public *
l

@eff @evacide
GnuPG is not the only way to encrypt email, I use #OpenPGP with Thunderbird and @delta, both don't use GPG.

Also pages
ssd.eff.org/module/how-use-pgp
and
ssd.eff.org/module/how-use-pgp
are outdated, Thunderbird now has built-in OpenPGP implementation and Enigmail does not work with the latest versions.

ssd.eff.orgHow to: Use PGP for LinuxNOTE: This guide is not being actively reviewed or updated, and is currently retired. If you would like to use PGP via GnuPG, or Thunderbird with Enigmail, please refer to those services’ websites and documentation for information on how to install and use them. To use PGP to exchange secure emails you have to bring together three programs: GnuPG, Mozilla Thunderbird and Enigmail. GnuPG is the program that actually encrypts and decrypts the content of your mail, Mozilla Thunderbird is an email client that allows you to read and write emails without using a browser, and Enigmail is an add-on to Mozilla Thunderbird that ties it all together. What this guide teaches is how to use PGP with Mozilla Thunderbird, an email client program that performs a similar function to Outlook. You may have your own favorite email software program (or use a web mail service like Gmail or Outlook.com). This guide won't tell you how to use PGP with these programs. You can choose either to install Thunderbird and experiment with PGP with a new email client, or you can investigate other solutions to use PGP with your customary software. We have still not found a satisfactory solution for these other programs. Using PGP doesn't completely encrypt all aspects of your email: the sender and receiver information is unencrypted. Encrypting the sender and receiver information would break email. For similar reasons, PGP does not encrypt the subject line of your emails so you may want to use a generic subject line when sending encrypted emails. What using Mozilla Thunderbird with the Enigmail add-on gives you is an easy way to encrypt the body of your email. You will first download all the software needed, install it, and then end with configuration and how to use the result.
Public
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕

»Gmail Gets End-To-End Encryption From Google As 21'st Birthday Present:
[…] Google Claims To Have Invented An Entirely New Type Of Encryption For Gmail Users […]«

This is not an April joke and yes Google offers OpenPGP for Gmail Accounts. This is not difficult to set up but too many people are too lazy in my opinion.

📧 forbes.com/sites/daveywinder/2

ForbesGmail Gets End-To-End Encryption From Google As 21st Birthday PresentAs Gmail turns 21, Google has announced it is bringing end-to-end encryption to the email party. Here's what you need to know.
#e2ee#openpgp#email
Public
Delta Chat

We are not aware of other FOSS development teams that have as extensive knowledge, both theoretical and practical, about #email and #openpgp and regularly release across all platforms for users world wide ... except for #protonmail with whose technical and security experts we discuss regularly. They are the other major game in town doing pervasive email encryption after all. Did you know that Proton's and delta's VCards are compatible across ecosystems and establish immediate encryption?

Public
Delta Chat

@mathilde #chatmail server users don't have these problems because they don't even need to know their password or email address. Messages in delta chat are stored locally and the server only stores them for a limited time, up to 20 days by default, so all devices have a chance to download the message. Blocklists are also not used, the only requirements are #DKIM signature and #OpenPGP encryption.

Public
Delta Chat

The downside of our project approach was that we often got experts being very dismissive on re-using email and #OpenPGP ... and there still is some opposition which often subsides when actually trying #deltachat and #chatmail, looking at security audits and our strong usable security focus.

There may also be surprising upsides. The UK "Online Safety Bill" which attacks end-to-end encryption integrity seems to not apply for ... e-mail. Because everyone knows, e-mail is unencrypted, right? :)

screenshot of page 7 of https://www.legislation.gov.uk/ukpga/2023/50/enacted CHAPTER 7Interpretation of Part 3 55“Regulated user-generated content”, “user-generated content”, “news publisher content” (1)This section applies for the purposes of this Part. (2)“Regulated user-generated content”, in relation to a regulated user-to-user service, means user-generated content, except— (a)emails, (b)SMS messages, (c)MMS messages, (d)one-to-one live aural communications (see subsection (5)), (e)comments and reviews on provider content (see subsection (6)), (f)identifying content that accompanies content within any of paragraphs (a) to (e), and (g)news publisher content (see subsection (8)).
Public
Pirate Praveen

Has anyone here on #fedi figured out the correct recipe for dealing with #OpenPGP, #DMARC and #mailman ?

The problem, by default mailman will modify messages and this will break the dkim signature.
gitlab.com/mailman/mailman/-/i

Mailman provides two DMARC mitigation options (other option is reject or discard which is not useful in this case).

1. Replace the from address with list address
2. Wrap original message in an envelope

thunderbird flags 1 and fails 2.
#askfedi #gnupg #gpg #thunderbird

GitLabAdd DMARC conformity mode (do not modify DKIM signed headers and body) (#1079) · Issues · GNU Mailman / Mailman Core · GitLabCRITICAL I deployed mm3 to my e-mail server working with the large Linux developer community and we are facing DMARC issues [1]. It seems that...
Public
Em :official_verified:

New Privacy Guides article 🔑✨
by me:

If you are using a YubiKey,

you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.

This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.

I hope you find it helpful!

privacyguides.org/articles/202

Photo of a YubiKey security key on a table between a MacBook computer and a cellphone.
#PrivacyGuides#Privacy#Yubico
Replied in thread
Public
Debacle

@stubenhocker @gpo @scy @Goffi

Sorry for drifting OT 🙂

There are two ways of #OpenPGP in #XMPP: One way from the early 2000s, described in "XEP-0027: Current Jabber OpenPGP Usage". It lacks key exchange between peers and key synchronisation between multiple clients.

In the mid-2010s all problems were solved with "XEP-0373: OpenPGP for XMPP" (#OX) and "XEP-0374: OpenPGP for XMPP Instant Messaging". Most clients only do XEP-0027, because they focus on #OMEMO (= Signal protocol, #PFS).

#Jabber
Public
Rivane Rasetiansyah

Initializing a new project - Interplanetary Markdown. Might explore a #Web3 (off-chain) approach later for a better experience, but for now, keeping it simple with good old #OpenPGP.

A censorship-resistant #Markdown publishing platform, enabling seamless content distribution. Powered by the Interplanetary File System (#IPFS), ensuring #blogs, #articles, and other written content remain accessible and verifiable across the distributed web.

github.com/rvnrstnsyh/cupoftea

GitHubGitHub - rvnrstnsyh/cupoftea: Interplanetary MarkdownInterplanetary Markdown. Contribute to rvnrstnsyh/cupoftea development by creating an account on GitHub.
Public
Anthony Accioly

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Good afternoon, folks! Just a quick reminder: PGP isn't dead. Sign with pride!

Signed with my GPG key: 1BBD C23D 1853 255D 6415 D2EC 814E DF85 1AAB 370E

#OpenPGP #GPG #Cybersecurity #Tech #DigitalIdentity #SignYourCode
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQTHaQ+iFRwfaXx+TxhjUbpCCVDiNAUCZ7cd5gAKCRBjUbpCCVDi
NOZSAPoDPFoZXKuxya98iY6nAV6hzgOghpqF/OtOVSW4qtEdMQEA3x/jqaD4R9vo
qi89wA4Hsd4KeqwTSQxKDECesI+W8QU=
=3gty
-----END PGP SIGNATURE-----

Public *
Delta Chat

Isn't it poetic and ironic that out of all possible time lines we are in one where #securejoin #openpgp protocols on top of the existing #email protocols offer the arguably most solidly scaling, useable, world-wide federated end-to-end encrypted messaging reality, safe against compromised #mitm servers? Hundreds of billions spend to create "the email successor" and here we are in 2025 .... #interoperable #email and #cryptography as the tortoise looking at Achilles through the back mirror :)

A poem in a screenshotted message bubble posted by adb [dev] Roses are read. Violets are blue, I chat encrypted using DeltaChat And you should too 🥰 Happy crypto valentine! With 6 reactions heart/fire/...
ExploreLive feeds
About