How to send encrypted (at a cost) and ‘confidential’ emails on Gmail

Gmail may be very easy to use, and probably also one of the most used e-mail services out there, but Google has still not made any real effort to help e-mails going proper E2EE for all, despite the technology being available for a very long time.

Gmail’s confidential mode is not E2EE at all. It is merely a self-destruct timer or password to open, type e-mail. The latter probably only works to other Gmail users.

The encrypted offering they have is only for paid Workspace account holders, and seeing Google controls the web interface and services… I’m not sure the NSA will be using it (then again, maybe Gmail at least seems to be hacked less often than Microsoft’s cloud mail service!).

So ordinary users are probably better off adding one of the 3rd party browser extension that allow true OpenPGP E2EE for Gmail. It is free, and you can use your own public private key pair. But although this is free, the barrier for most normal users, is the ‘complexity’. You need to set up a signed key pair, load it into the extension, and of course have friends that are suitably equipped to actually decrypt E2EE e-mail. Unfortunately, the reality here is that both sides of this equation are just not within feasible for many users. There is also no single standard used across all e-mail services for E2EE, and you can forget about sending an encrypted e-mail to 99.999% of business or government departments, and expecting any of them to be able to read it.

Where any e-mail service has a POP3 or IMAP protocol interface (like Gmail has), it is possible to use an offline mail app like Thunderbird, and also add your OpenPGP key in there. But the same barriers to adoption exist for ordinary non-tech users, and it means also taking accountability to backup your own e-mail.

The reality is, most users are going to be far better off with services like Proton Mail, or Tutanota, that make the encryption process about as seamless as it can be (even my own family managed to get Proton Mail right, but only one is bothered to use it, and only with me).

Most people are not bothered, unless there is some very simple one button press to encrypt e-mail. And it seems, sadly, that the world is dependent upon Google to make this happen, mainly because there are so many Gmail accounts. If a Gmail user can’t read an encrypted e-mail, then you can’t send an E2EE mail to them (yes, I know Proton and Tutanota have workarounds where the Gmail user clicks to log in and enters a password to read the mail. But those are great phishing opportunities against non-tech users too).

So, it does come down again to Big Tech, unfortunately, to decide whether average users will ever be able to have truly private and secure e-mail, as well as interoperability between instant messengers (my previous post about WhatsApp is what I’m referring to).

Certainly, all the technology has long existed, but the biggest user bases are ‘stuck’ in Big Tech services, and there is no easy way for them to adopt the alternatives en masse. Whilst they feel (or don’t feel should I say) trapped there, they hold everyone else back too, and your E2EE e-mail is meaningless when you have to still send plain text e-mails to so many Gmail users. E-mail takes two or more parties to send and receive e-mail.

I’m only speculating here, but I’m suspecting Google is in no hurry to provide proper E2EE e-mail for Gmail users as it is a treasure trove of information about travel habits, medical details, banking details (less often now), relationships, and much more that is all open to analysis. Google certainly does scan e-mail as their TOS state they do this to detect viruses and malware, to provide search in e-mail, and ‘to provide you personally relevant product features’. Gmail would likely have to become a paid service to make E2EE worthwhile for Google.

You either have complete privacy and pay for every service, or you lose privacy for those free services. The majority of users are still opting for free services.

See https://www.androidpolice.com/gmail-send-encrypted-emails/
#Blog, #E2EE, #gmail, #privacy, #technology

KryptEY - Secure E2EE communication

An Android keyboard for secure end-to-end-encrypted messages through the signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.

Motivation
Breaking of end-to-end encryption (E2EE) by laws such as the planned EU chat control is an ongoing issue. Content in messengers that use E2EE, such as Whatsapp or Signal, could thus be monitored by third parties. E2EE is often, but not always, standard in messengers. There are proven methods for E2EE such as PGP. However, these methods are sometimes cumbersomely integrated and require a lot of effort to use.

KryptEY is an Android keyboard that implements the Signal protocol. The keyboard works messenger-independently and both the X3DH Key Agreement Protocol and the Double Ratchet Algorithm work without a server, thus it enables a highly independent use of the protocol.

https://github.com/amnesica/KryptEY

#e2ee #Android #Security #encryption #CIA #BND #EU #USA

GitHub - amnesica/KryptEY: Android keyboard for secure E2EE communication through the signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE

Android keyboard for secure E2EE communication through the signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE -...

SimpleX E2EE messenger for iOS and Android has no user IDs at all – It could be the most secure and private messenger ever

Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc. SimpleX does not, not even random numbers. This radically improves your privacy.

When users have persistent identities, even if this is just a random number, like a Session ID, there is a risk that the provider or an attacker can observe how the users are connected and how many messages they send. They could then correlate this information with the existing public social networks, and determine some real identities. And, if you use Incognito mode, you will have a different display name for each contact, avoiding any shared data between them.

To deliver messages, instead of user IDs used by all other platforms, SimpleX uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers.

You define which server(s) to use to receive the messages, your contacts — the servers you use to send the messages to them. Every conversation is likely to use two different servers.

This design prevents leaking any users’ metadata on the application level. To further improve privacy and protect your IP address, you can connect to messaging servers via Tor.

Only client devices store user profiles, contacts and groups; the messages are sent with 2-layer end-to-end encryption.

To connect to your friend, you can connect via their 1-time QR-code, in person or via a video link. You can also connect by sharing an invitation link. So, there is no user ID you share to groups or the public to connect with you. Every code is a one-time use code for just a single friend to connect. The channel through which you share the link does not have to be secure – it is enough that you can confirm who sent you the message and that your SimpleX connection is established.

See https://simplex.chat/
#Blog, #E2EE, #opensource, #privacy, #SimpleX, #technology

#Google to roll out end-to-end #encryption for #Gmail users

Source: https://www.geo.tv/latest/459308-google-to-roll-out-end-to-end-encryption-for-gmail-users

Why so late? The #technology for this has been available for decades.

#e2ee #email #security #privacy #software #change #communication #web #internet #news

Google to roll out end-to-end encryption for Gmail users

Once enabled, Gmail client-side encryption will make sure that even the Google servers will not be able to decrypt any information sent as an attachment or as part of an email

Der aktuelle Gesetzesentwurf der EU zur #Chatkontrolle ist ein massiver Eingriff in unsere Grundrechte!

Bereits Ende 2020 haben wir dagegen aufgerufen und die jetzigen Pläne sind weitgreifender, als wir uns damals vorstellen konnten.

▶️ https://video.dresden.network/w/7Zj2Fx5XaX7Djddq87cy9W

Mehr Details zum aktuellen Stand findet ihr bei @Patrick Breyer und in seinem ausführlichen Statement: https://www.patrick-breyer.de/eu-chatkontrolle-gesetzentwurf-grundrechtsterrorismus-gegen-vertrauen-selbstbestimmung-und-sicherheit-im-netz/

#PrivacyIsNotACrime #E2EE

#PrivacyIsNotACrime - Wie der Ministerrat der EU die Verschlüsselung abschaffen will

Der EU-Ministerrat hat nach den Anschlägen in Wien innerhalb kürzester Zeit eine Resolution entworfen, die einen jederzeitigen Zugang für Behörden zu verschlüsselter Kommunikation fordert. Das bedeutet, dass alle digitalen Dienste, zum Beispiel...

yet again, the UK gov wants to undermine strong #encryption, for all the wrong reasons. I've added my name to an open letter explaining why this is a bad idea, and asking them to stop it: https://www.openrightsgroup.org/publications/experts-challenge-govts-anti-encryption-campaign/ #E2EE

Experts challenge Govt’s anti-encryption campaign

Leading cybersecurity experts and human rights activists say scaremongering tactics being used to mislead the public and make bogus case for weakening encryption.

Session an anonymous messenger from their onion routing system Get Session

https://getsession.org

#anonymous #encryption #e2ee #privacy #security #technology #im #data #lokinet #tor #metadata #messenging

Session | Send Messages, Not Metadata. | Private Messenger

Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.

● NEWS ● #Techdirt #e2ee ☞ #UK Government Apparently Hoping It Can Regulate #EndToEndEncryption Out Of Existence [habitually by promoting 'fake' privacy] https://www.techdirt.com/articles/20220108/14054448251/uk-government-apparently-hoping-it-can-regulate-end-to-end-encryption-out-existence.shtml http://techrights.org/2020/11/27/encrypt-with-e2ee-in-depth-article/

UK Government Apparently Hoping It Can Regulate End-To-End Encryption Out Of Existence

Politicians -- those motivated by the notion of "doing something" -- want to end encryption. They don't want this to affect their communications and data security. But they don't see the harm in stripping these protections from the...

Swiss Army bans all chat apps but locally-developed Threema – No e-mail or phone no to register, and immune from US CLOUD Act

The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead. As Threema is a paid subscription communications service, the Swiss army promised to cover the annual subscription cost for all soldiers, which is roughly $4.40 per user.

Although the troops are expected to follow the official instruction, there are no current penalties if army members use foreign IM apps.

The open source client applications E2E encrypt all messages and files that are sent to other Threema users with their respective public keys. Once a message is delivered successfully, it is immediately deleted from the servers.

Swiss officials underlined the most important difference is that Threema isn’t subject to the U.S. Cloud Act, which was passed in 2018 “hidden” inside a budget spending bill. The controversial law lifts the need for securing a search warrant when a U.S. state agency needs to access and scrutinize someone’s online data.

See https://www.bleepingcomputer.com/news/security/swiss-army-bans-all-chat-apps-but-locally-developed-threema/

#technology #switzerland #Threema #E2EE #security

#Blog, #E2EE, #security, #Switzerland, #technology, #Threema

Signal significantly ups its end-to-end video group call limit to 40 people, making it pretty useful now

While WhatsApp and most other messengers support end-to-end encryption, Signal is probably still your best choice (of the popularly used options) when you want your conversations and calls to stay private. Given that all communication on Signal is encrypted, including group video calls, the company is running into some unique challenges that need to be addressed when scaling its service. As such, Signal has only supported group calls with up to five participants until now, but it has finally managed to significantly up the limit to 40 people at a time.
See Signal significantly ups its video group call limit, surpassing WhatsApp

#technology #E2EE #encryptedvideo #Signal #instantmessengers

Up to 40 people can now join an end-to-end encrypted video call

#Blog, #rss- - - - - -

https://gadgeteer.co.za/signal-significantly-ups-its-end-to-end-video-group-call-limit-to-40-people-making-it-pretty-useful-now/

Signal significantly ups its video group call limit, surpassing WhatsApp

Up to 40 people can now join an end-to-end encrypted video call

MobileLinux rulez!

Kurzfassung in einem Bild:

Etwas ausführlicher: Die Arbeit der letzten Wochen zu #MobileLinux mit #phosh auf dem #PineTab waren erfolgreich. Gestern noch im Eichhörnchen-Modus, heute mit Sieben-Meilen-Stiefeln.
Mir fehlte noch ein Client für #Matrix mit Support für #E2EE. Im ruhmreichen linux-club.de hatte der große tomm.fa die Idee, dafür doch #Flatpak zu verwenden.

Und ja, das hat funktioniert: Die niegelnagelneue Release von #FluffyChat kann mittlerweile auch E2EE.

'Kurze QA: Login zaubert in kurzer Zeit alle abonierten ChatRooms mit Inhalt hervor, allerdings grösstenteils verschlüsslt.
Dann eine verschlüsselte Nachricht angeklickt und es wird zum Schlüsselabgleich automatisch eine Verifikation mit einer anderen Session unter Element auf einem anderen Client durchgeführt. Ein paar Emojis verglichen in beiden Sessions und schwupps, wird der Schlüssel zur Verfügung gestellt. Und alle Inhalte sind lesbar. Yeah!'

Damit sind jetzt ca. 80% meiner täglichen ToDos auf PC+Notebook unter #Fedora auch via #PineTab mit #ArchLinux möglich. Und mit FlatPak wird noch mehr abgedeckt werden können, bevor die native Paketverwaltung der Distribution dann mal irgendwann nachgezogen hat.

Ich feiere hart!

#Pine64

MobileLinux - es geht voran...

Die Arbeiten zur #Weltherrschaft schreiten weiter im Eichhörnchenmodus voran:

Der Nutzungsgrad meines #Pinetab steigt kontinuierlich. Einen brauchbaren Matrix-Client habe ich zwar immer noch nicht gefunden (nur #Fractal, aber der kann noch kein #E2EE und ist damit durch) - aber dafür tut jetzt der Client von #Nextcloud.

Das war auch etwas holprig: vor 2 Wochen ließ sich das Paket unter #ArchLinux nicht aufgrund fehlendem Zeugs installieren, Woche drauf lief die Installation, aber zur Laufzeit fehlten Shared Libs. Aber gestern kam ein Update, welches das Paket funktional machte. Jetzt wird fleissig synchronisiert.

Es wird steinig bleiben, aber es gibt definitiv Fortschritte. #MobileLinux mit #Phosh ist auf dem Weg!

#Pine64

fractal kein E2EE?

Och menno - jetzt hab ich mit #fractal unter #phosh meinen ersten Client für #Matrix auf dem #PineTab installiert und der tut auch. Aber scheinbar kann der kein #E2EE.

Eine verschlüsselte Nachricht wird einfach gar nicht angezeigt. 🙁

The Register also promotes this #fraud of #microsoft #e2ee where Microsoft gets to keep a copy of private keys. Same scam as #bitlocker http://techrights.org/2014/07/31/microsoft-back-doors-admission/ http://techrights.org/2015/11/14/microsoft-bitlocker-has-bugback-doors-windows-laptopdesktop-encryption-just-a-farce/

Former Microsoft Engineer Working on Windows BitLocker Confirms Government Asks Microsoft for Back Doors

Recalling the times when even Microsoft staff spoke about secret government collaborations and back doors

The nice thing about #voip is that it makes #selfhosting and #e2ee easier, cheaper, more secure. "Hosted" means outsourced, i.e. #Surveillance serfdom like #clowncomputing so don't do it. https://www.forbes.com/advisor/business/software/hosted-voip/

What Is Hosted VoIP? Everything You Need To Know

Hosted voice-over-internet-protocol (VoIP) is a secure, inexpensive, internet-based communication service capable of supporting your entire business with minimal hassle. A hosted VoIP phone system likely includes all the communication features a...

Gajim

https://gajim.org/

#Gajim #xmpp #OMEMO #e2ee #Encryption #Jabber

Safe #e2ee encryption is essential for privacy and democracy. It protects whistleblowers, journalists and many more. Join us for #GlobalEncryptionDay https://chaos.social/@echo_pbreyer/107140199552126608

Patrick Breyer (@echo_pbreyer@chaos.social)

Attached: 1 video Safe #e2ee encryption is essential for privacy and democracy. It protects whistleblowers, journalists and many more. Join us for #GlobalEncryptionDay and #MakeTheSwitch: https://ged.globalencryption.org/

● NEWS ● #PIA #e2ee #uk ☞ UK Leads the Charge Against End-to-End Encryption, Calls on Tech Companies to "Nerd Harder" https://www.privateinternetaccess.com/blog/uk-leads-the-charge-against-end-to-end-encryption-calls-on-tech-companies-to-nerd-harder/

UK Leads the Charge Against End-to-End Encryption, Calls on Tech Companies to "Nerd Harder"

As Privacy News Online has reported, for years governments around the world have kept up a constant assault on end-to-end encryption. One of the leaders

Introduction to #Cryptography https://linuxhint.com/cryptography/ on #e2ee as well: http://techrights.org/2020/11/27/encrypt-with-e2ee-in-depth-article/

All three big US carriers will be switched to Android Messages as default for RCS Chat, just Apple remains for supporting E2EE RCS

Beginning next year, Verizon will join AT&T and T-Mobile in preloading Android Messages as the default texting app on all Android phones it sells. It’s the final step for making RCS Chat — the next-gen standard designed to replace SMS — the default experience for Android. In the US, that only leaves one large cohort that will not use RCS as a default SMS replacement: iPhone users.

So yes, Apple has iMessages, but only on Apple so that is of zero use in any situation where you have friends, colleagues or family on Android (it's a real world out here). For anything to replace SMS, it needs to be completely cross-platform and able to be the default messaging app. Google supposedly has no plans either to try to introduce a messaging app that supports RCS on the iPhone.

See Verizon is also switching to Android Messages as default for RCS

#technology #RCS #RCSChat #privacy #E2EE

T-Mobile, AT&T, and Verizon are on board — will Apple ever be?

https://gadgeteer.co.za/all-three-big-us-carriers-will-be-switched-android-messages-default-rcs-chat-just-apple-remains

Verizon is also switching to Android Messages as default for RCS

T-Mobile, AT&T, and Verizon are on board — will Apple ever be?