Follow

It's the end of 2019 and there still is no decent, usable, -enabled e-mail client that I could roll-out to regular, non tech-savvy users without feeling bad.

10 years ago that would have been . But KMail shot itself in the foot, knee, and hip with Akonadi.

is... Thunderbird.
doesn't do writes to IMAP, so you either use *only* it, or not use it at all.

just crashed on me because I tried to reply to a signed e-mail.

Anybody any other suggestions?

@L1Cafe

"Is Canary open source?

Canary uses the open source ObjectivePGP library for implementing encryption."

Closed-source apps are not my thing, but that's not the biggest issue. It's that this answer is actively trying to *seem* like it's FLOSS when it's not. Which I find disingenuous.

@jz I was waiting for someone to suggest mutt, I am glad it was you. <3

@jz
@rysiek
Wanderlust and mu4e ? :D all jokes put aside, they both really are great apps, just not that you can recommend to anyone non tech-savy.

I unfortunately had to drop gpg altogether because of this, and email along with it for anything but spam.

@rysiek Unfortunately Cypth (webmail) doesn't do GPG yet. There is Mailvelope, a browser extension. Don't know about its UX though.

Curious about DIME (from the ex-Lavabit folks) once and if it gains traction.

@h3artbl33d kill Mailvelope with fire. Nuke it from the orbit. Ugh, had to support it for a long while.

Bad joke 

@rysiek

That is what she said ;) Running GPG within a browser can be (should be?) considered unwanted, to put it very subtle.

@Tanuki yeah... about that. I am not very hopeful anymore after doing some research and talking to people. Apparently they're using RNP for licensing reasons:
rnpgp.com/ ...and looking at their issue tracker it seems quite incomplete: github.com/rnpgp/rnp/issues

I am not holding my breath...

@rysiek yea, you are probably right about the chance of success. As for me I’ve noticed email become a notification dumping ground for businesses to send me receipts and marketing, basically. Real people just message me on one of the siloed messaging apps.

@Tanuki well, I am able to completely avoid siloed messaging apps, apart from Signal. Which is a fair compromise I guess.

@rysiek If webapps aren't an issue, you could try something like Roundcube or Rainloop

@rysiek I have started using Evolution again and it's much more stable an actually quite nice to use now, compared to how it was a couple of years back.

@rsolva interesting. I remember Evolution as being a rather heavy piece of software, but otherwise a decent and mature e-mail client with okay PGP support. I thought it died though. I'll have to give it a try again!

Thanks!

@rysiek it's still on the heavy side, but it performs well and have a lot of features. It also integrates well with GNOME (and possibly other DE's)

@rsolva @rysiek same here. I switched from Claws to Evolution about one year ago when I looked for a solution which can handle tasks, calendar invites, etc. Integrates nicely in Gnome, has every feature you need or don't need and GPG works as expected. Still nothing I would recommend to a "normal" user but that's because it is GPG and not because of Evolution.

@bjoern @rysiek Once set up, it's not that hard to use for less technically inclined people. It's comparable to Apples Mail, more or less.

@rysiek Roundcube does that with Enigma plugin (server-side). New UI cleaned up a lot!

@brnrd @rysiek Meaning the plugin is serverside or encryption / key management is serverside? The latter would be bad design IMHO.

@h3artbl33d @brnrd Depends on Your Threat Model™, but I tend to agree there. :)

@rysiek @brnrd I can imagine how it might be useful for enterprises to have "central" key mgmt, but pretty easy to f*ck it up.

@h3artbl33d @rysiek I guess I'm the only user of this :D
PGP is not for the ...

@h3artbl33d @rysiek Not liking this model either, but failing to find something better. Requires you to enter key's passphrase on private key use, so key is still somewhat protected.

@brnrd @rysiek

There are arguments in favor of that design; if you want PGP for the masses, key management is way too hard for the novice user. I welcome any initiative trying to increase PGP adoption.

@h3artbl33d @rysiek Setup doesn't prevent users to upload a private key without passphrase... (I assume, not actually tried :D)

@brnrd nice! I should have been clear I am looking for:
1. a desktop app
2. which is FLOSS

(I know Roundcube is FLOSS, but wanted to clarify both while at it)

@rysiek Where's Sylpheed fall on your list?

And is Eudora still alive in any way, shape, or form?

@dredmorbius ah, Sylpheed! Good call, need to play with it again!

I mean it's *fugly* but perhaps something that would work. Thanks!

@rysiek GPG is in fact supported:

sylpheeddoc.sourceforge.net/en

What Sylpheed *isn't* that many users would want today is either Web-enabled or mobile-app based. But for desktop / laptop, it's fine.

@dredmorbius yeah, we'll play with it again and see if it's a viable alternative.

@dredmorbius handling attachments well, and decent search would be nice.

@rysiek Sylpheed handles both of those cases well.

HTML email native also.

I'm not joking _all_ that much about mutt -- it takes some configuration, but once that's down, it's actually amazingly usable.

@rysiek To be fair, I've never been able to get non tech savvy users to use PGP. Even if they figure out the email client, or give up and use ASCII armor, key management trips everyone up.

@angdraug I have managed to deploy it in a large-ish organization with some success.

@rysiek Do you do anything special for key management, or are your users just that conscientious?

@angdraug we have Helpdesk that helps them. Key management is always a problem.

But I am pretty excited about OpenPGP CA: gitlab.com/hkos/openpgp-ca

W.r.t. openpgp-ca why not make the CA key a designated revoker for the employee key instead of shuffling revocation cert around? It would also be nice if it had a concept of domain as usually organizations use one (or few) domains and used that to generate WKD directory (and also limit the tsigs).

Is Heiko on the Fediverse? :)

@wiktor I believe that's an idea that is being played with.

No, not that I know of.

@rysiek Full ACK! But using #KDE I still stick to #Kontact / #KMail. It’s … usable. #Kube would be interesting but I, too, had problems with it.

@rysiek there are reasons other than usability to reconsider the whole project of pgp encrypted email latacora.singles/2019/07/16/th

@LogicalDash thanks, I've heard all of this before. If you find me another, better way to encrypt e-mail, that does not rely on proprietary crap, and can be easily deployed to people, I'll be interested.

Meanwhile, telling people "just don't use e-mail" or "just don't encrypt e-mail" is putting them in harms way. I would really prefer people stop doing that.

There are projects trying to fix some of the issues. I feel effort is better spent in that way.

@rysiek I think what's needed is a client with an email-like workflow that actually sends messages through encrypted Matrix or what have you, and which can fall back to unencrypted email as needed, the way Signal falls back to SMS

@LogicalDash that's not a terrible idea, but would require everyone to switch to that e-mail client.

Whereas PGP does not have that requirement (you can manually encrypt).

@rysiek that's only relevant if you're concerned with converting people who are too set in their ways to switch apps, but not enough that they won't use standalone pgp tools

@LogicalDash but, let me go further and say: provide me with such an e-mail client and I will consider switching people I am responsible to it.

Until such a client exists, however, PGP remains my only option. Arguing against it without providing an alternative way to encrypt e-mail (S/MIME is not it for EFail reasons) is counter-productive.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!