It’s sad that none of the crowd funding campaign money and core infrastructure initiative donations for GnuPG is used to improve the UX. That’s why I didn’t donate back then, none of the things in the proposals suggested that serious work on the UX was considered. Thunderbird + Enigmail is exactly the same as 10 years ago.
That’s why I didn’t donate back then, none of the things in the proposals suggested that serious work on the UX was considered.
Could you provide a link to these UX proposals? I’d like to read what ideas were suggested.
From recent memory I see they introduced new trust model: TOFU (trust on first use) and easier key discovery scheme: Web Key Directory (how they can be seen on kernel.org).
Ah, got it. As far as I know Enigmail doesn’t have any ties to GnuPG as an organization. So donating to GnuPG and hoping that Enigmail would improve would be like donating to nginx and hoping that Firefox UX would improve.
Not at all. The majority of federal agencies use Exchange, and ~all federal agencies use ID cards with X.509 certs, so many use S/MIME for signed/encrypted emails.
There’s a few important caveats:
a) It’s actually relatively rare for people to use this; it’s not on by default. People really only use encryption for sending PII. I’m not sure I ever saw anyone (besides myself) use signing besides that. (Not true, now that I think about, at DoD signing was pretty common. Nowhere else though.)
b) There’s 0 support for cross-agency encrypted emails. Key management is handled through Exchange’s GAL, so there’s no way for someone at the State Department to send someone at the VA an encrypted email on the unclassified networks, period. Cross agency signature verification sometimes works, depending on the vagueries of path building.
ZixCorp lets you email others outside the system. They get a link to a secure portal, authenticate with out-of-band credentials, and then get the message. Maybe combine that with Keybase for OOB stuff.
We had encrypted e-mail when I was a staff worker at a University. It involved getting a Comodo client side SSL cert and loading it in to the Active Directory GAL. My director accidentally revoked his cold cert by requesting a new one. Someone at a conference the next week talked about getting multiple client SSL certs and I said, “You can’t. It revkos your old ones and you can no longer decrypt your old mail.” Other people chimed in experiencing the same thing and we discovered it was a bug together.
Other than at that University and one small open source shop that e-mailed us password with PGP encrypted emails, I’ve only used encrypted e-mails with one other person.
The trick is using mail guards/gateways and putting crypto in usable proxy in front of legacy clients with similar workflow. Then, IT/ITSEC depts manage it for them. Proven model that isnt followed by FOSS alternatives.
Hmm… I don’t know why but I expected something more from this submission instead of “encrypted mail is cool but unfortunately no friend of mine uses it therefore it’s dead”.
For people that are interested in UX aspect of encrypted mail these are good starting points:
Add to this that the majority of mail users are using webmail now.
It’s possible to use webmail and have end-to-end encrypted e-mail, for example with Mailvelope (Mailvelope will soon be able to connect to local GnuPG agent and by that will be able to decrypt mails using hardware tokens).
Sure, but I just don’t see it happen by means of individual certificates. Even the tech crowd is struggling when it comes to mobile email usage.
OpenKeychain with K9 Mail work really well for mobile OpenPGP e-mails. OpenKeychain can additionally use Yubikeys (either through NFC or USB interfaces) so the same token can be used to decrypt/sign e-mails on a laptop and on an Android phone.
On a laptop a good, old combination of Thunderbird and Enigmail is enough. Although I admit Enigmail should be easier to configure (like Mailvelope), I don’t particularly like the “junior mode”.
pretty Easy privacy (p≡p) tries to enhance usability as of recently.
Shouldn’t we – being knowledgable enough to use OpenPGP – use it to acknowledge the efforts of the developers of GnuPG/Enigmail etc., and to let those who actually depend on it submerge in our noise?
There are quite a few ‘easy’ crypto implementations (e.g. Microsoft Outlooks mail encryption crap), the problem is they are all competing and not compatible with each other. I would rather support a company that is working to improve an existing implementation (e.g. gnupg) than go off and create yet another implementation.
Yes I’m aware that one feature of keybase is to be a flashy gnupg key server interface. But, from what I understand, they also roll their own crypto, and encourage users to use it.
I’m perfectly capable of stupid remarks, but I’m unsure whether I’d classify that particular remark in that way.
Let’s get back to discussing nuts and bolts shall we?
I don’t use any “roll your own crypto” - I use Keybase to manage and utilize my GPG keys.
Anyway, you don’t like Keybase. That’s fine. It’s not meant for you. Clearly you’re an educated user who knows something about cryptography.
Keybase is meant for the millions of people who aren’t educated, but want some measure of protection with a usable interface on top. To my mind, it succeeds admirably at that. If you disagree, that’s fine, and I’d even maybe give your disagreement more weight than my beleif because, at least if I put stock in the ferocity of your attacks, you know what you’re talking about.
So maybe Keybase is terrible. It does what I want it to do very well. I’ll leave it there.
From my point of view Keybase does two things well: social authentication and append-only log of key changes. Both have been tried for OpenPGP but never really caught on (see Linked Identities and CONIKS). There is also a nice set of tools that Keybase has (encrypted git etc.) but I’ve never tried that so I don’t want to comment on that.
Keybase is meant for the millions of people who aren’t educated, but want some measure of protection with a usable interface on top.
I completely understand that point, I would love for there to be something providing a measure of protection with a usable interface on top, but implemented with purely FLOSS components and not controlled by exactly 1 company (which may not be around tomorrow, for instance). That’s all I was getting at. I don’t have anything against keybase personally, I just don’t like companies creating more walled gardens than there already are.
As would we all. But take a step back - look at the breadth of what Keybase provides, and take a ballpark guess at how many person hours that would take to implement.
Now think about volunteers putting in those thousands of hours unpaid with no recompense beyond the knowledge that they will be stuck maintaining the code until they burn out from the continual stream of thankless demands for MOAR EVERYTHING NOW!!! (This may sound like hyperbole but all the high profile maintainer burnout we saw a few years back says otherwise.)
This is the fundamental reality gap I see among many hard core FLOSS advocates. Until we manage to eliminate the entire concept of money, expecting such a heavy lift to come from a purely open source initiative seems highly unlikely to me.
Let’s celebrate open source for what it is, encourage it wherever we can, and be SUPER kind to those who gift the result of their blood sweat and tears to us in that way, but let’s also be realistic about what’s reasonable and what may require some kind of financial backing in order to come to fruition.
but let’s also be realistic about what’s reasonable and what may require some kind of financial backing in order to come to fruition.
There are many examples of for-profit companies contributing employee time to FLOSS projects. Hell, I am currently working for such a company, doing such a thing. Keybase could be one of those.. but they chose to do their own thing.
Can you give me a sense of precisely which components you take issue with? Someone has already posted about a library that Keybase uses that they’ve open sourced, and if you look at their Github profile I see a ton of open source?
The fact that it’s just under 100MB when I see it in software updates and that it thought it needed my private key for my use-case of just authenticating a public key. When I used it, my work-around for keys was to have Keybase-specific keys to sign real keys. The 70-100MB whatever it was, though? I mean, how trustworthy and attack-proof can a central point of trust handling secrets be if it and/or its dependencies are that large?
I just couldn’t trust it. To this day, it’s usually the largest download or update I get after a browser (basically an OS) or office suite (standard for bloat). Maybe something else in there, too, but it’s a small list. And a large program to do its one thing I wanted: social discovery.
EDIT: Long day, I fired that off too quick. Forgot to add that I agree its usability and features are excellent. They’re one of the apps that sets the bar for how usability should be done by anything people in my camp would prefer.
Yup. Again, it’s not for you :) You’re a security expert with highly specific needs :) That 100MB includes as others have said a filesystem, chat/group chat and encrypted SCM features. Not what you want.
I’m a security expert with mental disability that makes me forget stuff constantly. I use GUI-based, highly-usable apps by default wherever I can. I rarely use stuff like GPG. Even when I do, it’s an ultra-minimal, work flow that ignores vast majority of its features. I might be closer to intended demographic than you might think. :)
Let’s look at Keybase’s target instead of me. If you’re right, then they want to bring in the masses. So, we look at adoption patterns to find out what the masses want. Here’s what they want:
Useful stuff a lot of people are already using that lets them leverage any contacts, data, etc they already have. Building on or integrating with existing platforms, centralized or decentralized, lets them do this.
Something that prioritizes integrity and availability over confidentiality. They expect stuff to get hacked. They just want it to happen rarely with the company keeping their data as long as possible. Most people trust Google, Apple, Facebook, and Microsoft for this. Dropbox got a lot of them, too.
Something that provides what they need or want in exchange for extra effort it introduces. Examples of need are apps for doing important stuff (esp work-related), AV on Windows, backup/sync software or using Facebook cuz family members prefer it for important stuff. Examples of want are Apple’s luxury products, anything adding personalization, anything increasing convenience after initial trouble (eg Dragon Naturally Speaking), and apps for doing fun stuff.
Now, let’s assess Keybase against that list of massively-successful, mass-market goods. For 1, it’s not built into the platforms they don’t want to leave. For 2, the services I mentioned are much more likely to last and have better security teams than Keybase. For 3, existing players already provide a solution with wide adoption that’s usually better than what Keybase offer’s. It is getting a niche in the want/fun category for certain computer geeks and privacy lovers. They’re a tiny, tiny, tiny, tiny drop in the bucket of identity/chat/storage market, though.
Conclusion: Keybase has nothing to offer, no need, and no want for most people you say it targets. It’s a niche product for computer, privacy, and novelty users in consumer or business space who can accept small community of fellow users. A solution working with Gmail or Facebook, which have existed, will have a better shot of wide adoption. Outlook if selling to enterprise. So, there’s still room to do stuff like a highly-usable, front end and/or 3rd-party integrations with GPG since they’re used within some of the same niche markets.
I’m not entirely sure keybase will solve things at scale, but it’s filling a gap:
Keybase has many features that I’m not using (git, filesystem, chats, teams), but I use it to follow the heck out of people that I know or work with. This gives me fine access to properly managed keys from all the peers. Given your other comments down this thread, I believe this seems to be exactly your use case too.
Exactly. It provides a really nice interface around the aspects of public key crypto that frankly we’ve done a crappy job of socializing (making it easy for you to manage your key, making it easy for you to expose your key to me and visa versa, and then making it easy for us to use our keys to communicate).
It’s not perfect, and as has been said it’s got proprietary bits, but it’s a heck of a lot better than what 98% of people do without it, which is decide they should be using GPG, create keys, upload them to a keyserver, make a mistake, realize they are utterly hosed forever, and throw up their hands in dismay and go back to not using crypto (Which is EXACTLY what the author of this article did.)
It’s sad that none of the crowd funding campaign money and core infrastructure initiative donations for GnuPG is used to improve the UX. That’s why I didn’t donate back then, none of the things in the proposals suggested that serious work on the UX was considered. Thunderbird + Enigmail is exactly the same as 10 years ago.
Update: add sentence about Thunderbird
Could you provide a link to these UX proposals? I’d like to read what ideas were suggested.
From recent memory I see they introduced new trust model: TOFU (trust on first use) and easier key discovery scheme: Web Key Directory (how they can be seen on kernel.org).
There aren’t any as far as I can tell:
Ah, got it. As far as I know Enigmail doesn’t have any ties to GnuPG as an organization. So donating to GnuPG and hoping that Enigmail would improve would be like donating to nginx and hoping that Firefox UX would improve.
On the other hand GpgOL (Outlook plugin) is bundled with Gpg4Win and Gpg4Win is “the official GnuPG distribution for Windows”. You can check out their UX proposals as part of the EasyGpg campaign.
Millions of US Government employees succeed at encrypted email every day.
… as long as they are only emailing each other. True, but completely beside the point.
Is it true? Is one in 300 or so Americans working for the government? In a capacity with mandatory encrypted email? Could be, but I gotta ask.
Definitely not 1 in 300. Most intra-gov emails are definitely unencrypted. I had interpreted the comment as “some government employees…”
There are close to 3 million civilian federal employees. I have no idea how well they deal with PGP though.
Not at all. The majority of federal agencies use Exchange, and ~all federal agencies use ID cards with X.509 certs, so many use S/MIME for signed/encrypted emails.
There’s a few important caveats:
a) It’s actually relatively rare for people to use this; it’s not on by default. People really only use encryption for sending PII. I’m not sure I ever saw anyone (besides myself) use signing besides that. (Not true, now that I think about, at DoD signing was pretty common. Nowhere else though.)
b) There’s 0 support for cross-agency encrypted emails. Key management is handled through Exchange’s GAL, so there’s no way for someone at the State Department to send someone at the VA an encrypted email on the unclassified networks, period. Cross agency signature verification sometimes works, depending on the vagueries of path building.
ZixCorp lets you email others outside the system. They get a link to a secure portal, authenticate with out-of-band credentials, and then get the message. Maybe combine that with Keybase for OOB stuff.
Joe Q. Average’s kid sister does not work for the US government, mind you.
We had encrypted e-mail when I was a staff worker at a University. It involved getting a Comodo client side SSL cert and loading it in to the Active Directory GAL. My director accidentally revoked his cold cert by requesting a new one. Someone at a conference the next week talked about getting multiple client SSL certs and I said, “You can’t. It revkos your old ones and you can no longer decrypt your old mail.” Other people chimed in experiencing the same thing and we discovered it was a bug together.
Other than at that University and one small open source shop that e-mailed us password with PGP encrypted emails, I’ve only used encrypted e-mails with one other person.
The trick is using mail guards/gateways and putting crypto in usable proxy in front of legacy clients with similar workflow. Then, IT/ITSEC depts manage it for them. Proven model that isnt followed by FOSS alternatives.
Hmm… I don’t know why but I expected something more from this submission instead of “encrypted mail is cool but unfortunately no friend of mine uses it therefore it’s dead”.
For people that are interested in UX aspect of encrypted mail these are good starting points:
It’s possible to use webmail and have end-to-end encrypted e-mail, for example with Mailvelope (Mailvelope will soon be able to connect to local GnuPG agent and by that will be able to decrypt mails using hardware tokens).
OpenKeychain with K9 Mail work really well for mobile OpenPGP e-mails. OpenKeychain can additionally use Yubikeys (either through NFC or USB interfaces) so the same token can be used to decrypt/sign e-mails on a laptop and on an Android phone.
On a laptop a good, old combination of Thunderbird and Enigmail is enough. Although I admit Enigmail should be easier to configure (like Mailvelope), I don’t particularly like the “junior mode”.
This is an excellent argument against decentralized systems with colliding incentives.
pretty Easy privacy (p≡p) tries to enhance usability as of recently. Shouldn’t we – being knowledgable enough to use OpenPGP – use it to acknowledge the efforts of the developers of GnuPG/Enigmail etc., and to let those who actually depend on it submerge in our noise?
The solution to this problem is Keybase.io - full stop. I use it often and find it easier than falling off a log.
Easy to set up, easy to use, great facilities for using encryption in other contexts besides E-mail. Great stuff. Can’t recommend it highly enough.
Keybase is a walled garden with some proprietary components. No thanks.
Yup. That’s very true. It’s also utterly falling off a log easy workmanlike crypto for anyone whose standards are not quite as stringent as yours.
Put another way - no crypto at all or reliance on a walled garden with some proprietary components?
There are quite a few ‘easy’ crypto implementations (e.g. Microsoft Outlooks mail encryption crap), the problem is they are all competing and not compatible with each other. I would rather support a company that is working to improve an existing implementation (e.g. gnupg) than go off and create yet another implementation.
I manage my GnuPG keys just fine using Keybase. Are you sure you’re aware of what they’re actually offering or is this just a knee jerk response?
Yes I’m aware that one feature of keybase is to be a flashy gnupg key server interface. But, from what I understand, they also roll their own crypto, and encourage users to use it.
https://keybase.io/docs/server_security
https://keybase.io/docs/crypto/local-key-security
I figured lobste.rs users would give the benefit of the doubt before making stupid remarks like this, but I guess I was wrong.
I’m perfectly capable of stupid remarks, but I’m unsure whether I’d classify that particular remark in that way.
Let’s get back to discussing nuts and bolts shall we?
I don’t use any “roll your own crypto” - I use Keybase to manage and utilize my GPG keys.
Anyway, you don’t like Keybase. That’s fine. It’s not meant for you. Clearly you’re an educated user who knows something about cryptography.
Keybase is meant for the millions of people who aren’t educated, but want some measure of protection with a usable interface on top. To my mind, it succeeds admirably at that. If you disagree, that’s fine, and I’d even maybe give your disagreement more weight than my beleif because, at least if I put stock in the ferocity of your attacks, you know what you’re talking about.
So maybe Keybase is terrible. It does what I want it to do very well. I’ll leave it there.
Maybe the parent meant that Keybase uses their own PGP library instead of audited open-source one?
From my point of view Keybase does two things well: social authentication and append-only log of key changes. Both have been tried for OpenPGP but never really caught on (see Linked Identities and CONIKS). There is also a nice set of tools that Keybase has (encrypted git etc.) but I’ve never tried that so I don’t want to comment on that.
I haven’t used their encrypted git but I’ve used their encrypted portable filesystem and chat/group chat capabilities and they work great!
Thanks for info! I’ll check it out with my testing account, I’ve heard it previously that the chat is really nice.
I completely understand that point, I would love for there to be something providing a measure of protection with a usable interface on top, but implemented with purely FLOSS components and not controlled by exactly 1 company (which may not be around tomorrow, for instance). That’s all I was getting at. I don’t have anything against keybase personally, I just don’t like companies creating more walled gardens than there already are.
As would we all. But take a step back - look at the breadth of what Keybase provides, and take a ballpark guess at how many person hours that would take to implement.
Now think about volunteers putting in those thousands of hours unpaid with no recompense beyond the knowledge that they will be stuck maintaining the code until they burn out from the continual stream of thankless demands for MOAR EVERYTHING NOW!!! (This may sound like hyperbole but all the high profile maintainer burnout we saw a few years back says otherwise.)
This is the fundamental reality gap I see among many hard core FLOSS advocates. Until we manage to eliminate the entire concept of money, expecting such a heavy lift to come from a purely open source initiative seems highly unlikely to me.
Let’s celebrate open source for what it is, encourage it wherever we can, and be SUPER kind to those who gift the result of their blood sweat and tears to us in that way, but let’s also be realistic about what’s reasonable and what may require some kind of financial backing in order to come to fruition.
There are many examples of for-profit companies contributing employee time to FLOSS projects. Hell, I am currently working for such a company, doing such a thing. Keybase could be one of those.. but they chose to do their own thing.
Can you give me a sense of precisely which components you take issue with? Someone has already posted about a library that Keybase uses that they’ve open sourced, and if you look at their Github profile I see a ton of open source?
The fact that it’s just under 100MB when I see it in software updates and that it thought it needed my private key for my use-case of just authenticating a public key. When I used it, my work-around for keys was to have Keybase-specific keys to sign real keys. The 70-100MB whatever it was, though? I mean, how trustworthy and attack-proof can a central point of trust handling secrets be if it and/or its dependencies are that large?
I just couldn’t trust it. To this day, it’s usually the largest download or update I get after a browser (basically an OS) or office suite (standard for bloat). Maybe something else in there, too, but it’s a small list. And a large program to do its one thing I wanted: social discovery.
EDIT: Long day, I fired that off too quick. Forgot to add that I agree its usability and features are excellent. They’re one of the apps that sets the bar for how usability should be done by anything people in my camp would prefer.
Yup. Again, it’s not for you :) You’re a security expert with highly specific needs :) That 100MB includes as others have said a filesystem, chat/group chat and encrypted SCM features. Not what you want.
I’m a security expert with mental disability that makes me forget stuff constantly. I use GUI-based, highly-usable apps by default wherever I can. I rarely use stuff like GPG. Even when I do, it’s an ultra-minimal, work flow that ignores vast majority of its features. I might be closer to intended demographic than you might think. :)
Let’s look at Keybase’s target instead of me. If you’re right, then they want to bring in the masses. So, we look at adoption patterns to find out what the masses want. Here’s what they want:
Useful stuff a lot of people are already using that lets them leverage any contacts, data, etc they already have. Building on or integrating with existing platforms, centralized or decentralized, lets them do this.
Something that prioritizes integrity and availability over confidentiality. They expect stuff to get hacked. They just want it to happen rarely with the company keeping their data as long as possible. Most people trust Google, Apple, Facebook, and Microsoft for this. Dropbox got a lot of them, too.
Something that provides what they need or want in exchange for extra effort it introduces. Examples of need are apps for doing important stuff (esp work-related), AV on Windows, backup/sync software or using Facebook cuz family members prefer it for important stuff. Examples of want are Apple’s luxury products, anything adding personalization, anything increasing convenience after initial trouble (eg Dragon Naturally Speaking), and apps for doing fun stuff.
Now, let’s assess Keybase against that list of massively-successful, mass-market goods. For 1, it’s not built into the platforms they don’t want to leave. For 2, the services I mentioned are much more likely to last and have better security teams than Keybase. For 3, existing players already provide a solution with wide adoption that’s usually better than what Keybase offer’s. It is getting a niche in the want/fun category for certain computer geeks and privacy lovers. They’re a tiny, tiny, tiny, tiny drop in the bucket of identity/chat/storage market, though.
Conclusion: Keybase has nothing to offer, no need, and no want for most people you say it targets. It’s a niche product for computer, privacy, and novelty users in consumer or business space who can accept small community of fellow users. A solution working with Gmail or Facebook, which have existed, will have a better shot of wide adoption. Outlook if selling to enterprise. So, there’s still room to do stuff like a highly-usable, front end and/or 3rd-party integrations with GPG since they’re used within some of the same niche markets.
For the record Gpg4Win also ships with GpgOL - a plugin for Outlook. I didn’t use it (Thunderbird+Enigmail work well for me) although it looks okay.
Also, didn’t keybase pivot to being a chat app or something?
Nope. Chat and group chat functionality are included but none of the other features went away, and in fact are being actively maintained.
Ah. Thanks for the info.
I’m not entirely sure keybase will solve things at scale, but it’s filling a gap:
Keybase has many features that I’m not using (git, filesystem, chats, teams), but I use it to follow the heck out of people that I know or work with. This gives me fine access to properly managed keys from all the peers. Given your other comments down this thread, I believe this seems to be exactly your use case too.
Exactly. It provides a really nice interface around the aspects of public key crypto that frankly we’ve done a crappy job of socializing (making it easy for you to manage your key, making it easy for you to expose your key to me and visa versa, and then making it easy for us to use our keys to communicate).
It’s not perfect, and as has been said it’s got proprietary bits, but it’s a heck of a lot better than what 98% of people do without it, which is decide they should be using GPG, create keys, upload them to a keyserver, make a mistake, realize they are utterly hosed forever, and throw up their hands in dismay and go back to not using crypto (Which is EXACTLY what the author of this article did.)
Perfect is the enemy of the good (enough).