How to send encrypted files using PGP?
Hi.. I just learnt how to send emails using PGP encryption. However , ive not been able to figure out how to encrypt attachments using PGP. of if you can do it at all? .. Im using Ubuntu 14.04 LTS with windows 8.1 dual boot.
I reckon that we have quite a few people in our group with a good knowledge about all these. So if any of you could help me with this.. Thanks
Pirate Praveen Mon 16 Mar 2015 4:02AM
@akshay installing a 'never heard before app, finding a jabber service, registering account, then configuring it in your app itself is too long process for many people (believe me I have to do it with all the people I want to chat and most just give up). So telling them to install fdroid apk is making it even more difficult. But if ChatSecure is broken I have to recommend conversations. Last time I checked xabber doesn't allow new registrations.
Pirate Praveen Mon 16 Mar 2015 4:06AM
That is problem enough and even after that otr doesn't work without a continuous connection. So I think we should focus on TextSecure, which is asynchronous messaging. Though I will be left out untill it reaches Firefox OS and it seems Mozilla is more interested in DRM and marketshare than users' privacy.
Pirate Praveen Mon 16 Mar 2015 4:26AM
@arjun try whiteout.io for gpg with email. They have chrome, android and iPhone apps.
Fayad Fami Mon 16 Mar 2015 5:00AM
@praveenarimbrathod whiteout mail is a great find. Thanks for sharing.
[deactivated account] Mon 16 Mar 2015 1:11PM
@praveenarimbrathod exactly! Textsecure is good but i dont wanna share my contacts list with an app and thats y i was hoping for an app like chatsecure. Anyways , take a look at this if u want to - its like a comparison of all instant messaging apps -a very good insight on the privacy aspect of the applications:
https://www.eff.org/secure-messaging-scorecard
Pirate Praveen Mon 16 Mar 2015 1:35PM
@arjun they say the contact list is not stored on the server. How about running a TextSecure server ourselves?
Ideally we should add an option to use TextSecure like asynchronous messaging capability to XMPP. How about using gpg+xmpp? Conversations support gpg in addition to otr as an encryption option. I think that will suffice for our use case.
Pirate Praveen Mon 16 Mar 2015 1:59PM
[deactivated account] Tue 17 Mar 2015 12:43AM
@praveenarimbrathod - "they say the contact list is not stored on the server. " - i dint get u , so where is it stored?
"How about running a TextSecure server ourselves?" - you could do that? .. and does this mean that the contacts will be stored on the server you run?
Pirate Praveen Tue 17 Mar 2015 1:34AM
@arjun they say they drop the contact list after checking if any contact already registered with textsecure.
[deactivated account] Tue 17 Mar 2015 1:58AM
@praveenarimbrathod- had they said that 10 yrs ago i would've believed them .. in a time where information is collected and sold for profit without having any regard to one's privacy , i dont buy it .. lets just hope someone comes with a similar app like chatsecure which is reliable too .. havent tried xabber though..
Akshay Tue 17 Mar 2015 2:30AM
If you trust diaspora podmins, you can trust Pavel Durov and use Telegram. @praveenarimbrathod will disagree, but this question of convenience vs privacy has to be answered.
Though there's no reason to trust Telegram's privacy policy, there is enough reasons to trust the intention of its founder.
You can choose not to share your contacts with Telegram server. Then you can find friends by their username.
You can choose not to have any conversations by the normal chat (which are stored on the server) and instead use secret chat for everything (which is much like public key private key)
Its servers aren't open sourced. But it's API schema is.
Now the only real reason not to use Telegram is that it is not decentralized. I think there are some downsides to decentralization like the contact discovery problem.
To be frank, if it is a question between working encryption and not working encryption, I'd rather choose working.
Pirate Praveen Wed 18 Mar 2015 11:18AM
@akshay @arjun can you confirm if TextSecure requires sending full contact lists? Can't we check one by one as required basis for individual contacts or selected list of contacts? If not can folks request this feature? Since I have Firefox OS, i can't test it.
Pirate Praveen Wed 18 Mar 2015 11:20AM
@arjun did you try conversations+pgp combo?
Pirate Praveen Wed 18 Mar 2015 12:13PM
We should create a privacy checklist that lists out apps we have tested and can recommend. I'm starting here.
Search
ixquick.com - +outside USA, -results may not match Google
startpage.com - +matches Google search, +outside USA, -dependency on Google
duckduckgo.com - +feature rich, - hosted in USA, -results may not match Google
Email
mailvelope.com - +easiest to setup, -no attachments, -separate key management
whiteout.io - +easy to use, -still in development
thunderbird+enigmail - +reliable, -separate app install
k9 mail+open keychain -+reliable
instant messaging
TextSecure -+asynchronous, reliable -needs to share contacts list
for otr, see otr.works (we need to update the site and make it easy for users to choose an app).
Email service
autistici.org, riseup.net, openmailbox.org, gandi.net, mykolab.net
suggest changes, @akshay, @arjun
Pirate Praveen Wed 18 Mar 2015 12:14PM
@arkarjun can you design a brochure?
Fayad Fami Wed 18 Mar 2015 6:04PM
Thanks for writing in detail @praveenarimbrathod
Fayad Fami Thu 19 Mar 2015 2:45PM
Just learned it is https://www.mailvelope.com/. A typo in your message @praveenarimbrathod
I tried whiteout but I could not configure both on web and mobile due to connection errors, all related to security. Hope it gets better after beta. I like what they have.
[deactivated account] Thu 19 Mar 2015 4:53PM
@praveenarimbrathod YES! i just tried conversations+PGP .. works like a charm! .. brilliant! .. however , if u close choose to kill the app , u wont receive any msgs i.e. when you long press the "recent app" button on android and close the app (check attachment), you will not be able to receive any new msgs.. Unlike whatsapp , where even if the did the above , the app runs in the background and u continue to receive msgs...
But to be honest , conversations is by far the most reliable app..
Pirate Praveen Thu 19 Mar 2015 5:21PM
@arjun whatsapp uses push messaging hence you don't need the app running in the background. TextSecure also uses push messaging. If conversations adds websockets feature, it is possible to receive messages even when closed. See this discussion for more insights https://poddery.com/posts/1687531 there is a gsoc proposal for conversations to add TextSecure protocol for asynchronous communications.
Pirate Praveen Thu 19 Mar 2015 5:39PM
@fayad typo fixed, thanks! Were you trying to configure an autistici mailbox?
Fayad Fami Thu 19 Mar 2015 7:06PM
@praveenarimbrathod I tried my gmail and another imap account hosted on a shared server.
[deactivated account] Thu 19 Mar 2015 11:50PM
@praveenarimbrathod what do u think of proton mail?? .. I was on their waiting list ti sign up and I just received a mail from them saying that my account is ready.. I heard encryption is done on our computers (end to end) and I've read a Lotta positive comments about porotonmail.. Servers are also located in Switzerland, a country best known for privacy
[deactivated account] Thu 19 Mar 2015 11:52PM
@praveenarimbrathod - "there is a gsoc proposal for conversations to add TextSecure protocol for asynchronous communications.".. I dint really get u there.. Sorry, Im not that good wid computers so.. If u could explain..
[deactivated account] Fri 20 Mar 2015 12:14AM
@praveenarimbrathod - just registered with protonmail.. thought ill share FAQ about it .. got it in the welcome email soon after i registered...
http://pastebin.com/uhLJvmfi
Pirate Praveen Fri 20 Mar 2015 9:27AM
@arjun axolotl is the protocol used by TextSecure for asynchronous communications. There is a Google summer of code proposal to implement the same protocol in conversations app. If that is completed, xmpp with conversations will be as reliable as TextSecure or WhatsApp. They are planning to publish it as an XEP so other clients can implement the same.
Pirate Praveen Fri 20 Mar 2015 9:30AM
@arjun protonmail has a big security flaw, they use JavaScript for encryption and if somehow their server is compromised, we lose our security. Search Aaron Siego+ protonmail
[deactivated account] Fri 20 Mar 2015 3:47PM
@praveenarimbrathod so would u say that the most secure way to an email would be to use PGP right? .. and what would you say about the "Mailvelope" add on for chromium .. uses PGP and is easy to use too .. thanks for the info!
Pirate Praveen Fri 20 Mar 2015 4:02PM
@arjun there can be more secure ways that protects the metadata as well. Run your own mailserver. Dark Mail would make things even better. Mailvelope does not support attachments yet.
[deactivated account] Fri 20 Mar 2015 4:17PM
@praveenarimbrathod - run my own mailserver? .. How do i do that? Like i mentioned earlier , i dont really have a good computer science background .. I use gpg4usb and mailvelope as of now.. gpg4usb encrypts files too..
Pirate Praveen Sat 21 Mar 2015 1:37AM
@arjun get a vps hosting and install mail server software like exim and courier on it.
Pirate Praveen Sat 21 Mar 2015 3:34AM
@arjun it would cost more, but that would give better security. If not individually, a group of friends can share a vps. We are currently setting up such a server.
Fayad Fami Sat 21 Mar 2015 7:06AM
On a larger setup I would recommend Zimbra mail server, its open source release. https://www.zimbra.com/products/secure-collaboration-tools-overview
Opensource release offers almost everything except we are on our own.
It is highly scalable, mailboxes can run distributed. Provisioning and management are done by zimbra admin, just like a podmin. @praveenarimbrathod
Fayad Fami Sat 21 Mar 2015 12:10PM
Can K-9 email client on Android be trusted, won't access emails or push mail to their servers ? Whiteout's mobile app gives "Handshake failure" errors.
Akshay Sat 21 Mar 2015 12:14PM
k-9 mail is Apache2 licensed and open-source. I guess they barely have money to run a server at all. Anyhow when you're in doubt about an app you can check f-droid about it. They warn you about potential data theft. Here's k-9 on f-droid
[deactivated account] Sat 21 Mar 2015 1:33PM
@fayadfami - yeah whiteout doesn't work on my android either.. Kitkat 4.4
Fayad Fami Sat 21 Mar 2015 1:52PM
A bug report was filed under webmail by our own @praveenarimbrathod https://github.com/whiteout-io/mail-html5/issues/238 followed by an enhancement.
From what I understand the mobile app will work too when the certificate is acknowledged by whiteout. This is for autistici mail.
Which account are you trying with @arjun ?
[deactivated account] Sat 21 Mar 2015 2:04PM
@fayadfami - live.com..
Akshay · Mon 16 Mar 2015 2:07AM
You don't need to pay 160. Install f-droid via its apk first and then through f-droid you can easily install conversations gratis