Stop uploading public keys right after saying you won't upload the key. about mail HOT 9 CLOSED

i hope that the difference between the public key and the private key has become clear, because
a) the public key is public information (hence the name), and
b) sharing a public key and encrypting information with it is how public key cryptosystems like PGP work?

you need to have the public key for your contact in order to send them encrypted messages. in the case of our app, this is solved by our own key server: https://keys.whiteout.io/[mailaddr]

as for sharing the private key securely between devices, we have an experimental key sync mechanism a based on a proposal for a protocol included in the app and we have a rethought proposal in the works. feel free to comment!

from mail.

I know all this. But as I outlined above there are very much legitimate reasons for not uploading the public key anywhere. And your app appears to be designed for users with low of no knowledge in cryptography. Thus you shouldn't trust on them understanding the use correctly.
Especially because there are also services where you upload your (encrypted) private key to allow cross-platform decryption in browsers.

Edit: I should clarify that I used the Android app and think that this is especially a problem in this usage scenario.

from mail.

the app is designed with sane defaults in mind that hide the protocol from the user as much as possible. i do not see a legitimate reason to not upload the public key. especially not for users with little to no experience in encryption, i can't understand why you think it would be a good idea to have them deal with key management, in addition to the general weirdness of crypto. that's why we automatically publish the public key and (if they wanna) sync their private key in a sane way. so that they DO NOT have to come up with all the weird ways, e.g. put an unprotected private key into dropbox et al. what you're suggesting doesn't make the whole experience simpler or more well-formed.

from mail.

I agree that it's good to have the defaults set in a way where users with little to no understanding of cryptography only have to click ok a few times and be on their way.

But you can't possibly think that forcing a public key upload with no way to opt out right after telling the user that you will not upload his key is the right way to do it?

For one you should use the correct terminology (we won't upload your private key) and then again I'm rather sure that uploading a public key without informing the user before the fact does not just lead to bad user experience but is actually illegal according to European data protection laws.

Just a little checkbox with small grey description text "In the next step we wil upload your public key to our server to make it easy for others to send you encrypted mails. If you don't want that, click here." would be enough.

from mail.

assume you have 96% of the users who don't have a clue about what's going on and don't care as long as it works, then you have 2% wingnuts with a dangerously superficial knowledge and 2% of the "crypto few" who actually understand what's happening. the first group doesn't care and wants stuff to work, while the latter will pretty likely accept this as a necessity, because it serves the UX as a whole. the middle 2% remain unaddressed and i'm fine with that, at least for the time being.

but i may be wrong about this whole thing, so i'm curious why having to make a decision like the one you propose would serve the above groups.

from mail.

As I wrote, I'm all for optimizing UI and UX for the clueless masses. This is the only way to get normal people to encrypt anything. The title could have been phrased better. And for many of the last category the current behaviour simply hard-breaks any use case it might have had in the first place.

What I am proposing is

1. "Teach" the clueless by using the correct wording "we won't upload your private key" instead of "we won't upload your key".
   Not doing so leads to confusion (why did it just say my public key was uploaded successfully, they just told me my key wouldn't be uploaded...) this probably confuses the wingnuts as well as the 96%.
2. _Tell people _before* you upload their public keys.*
   It's not just part of a good UI, especially people who don't understand the crypto, but are privacy minded (which seems to match your target audience) hate it when you upload something without at least telling them why before you do.
3. Allow people to opt out. Make it as small and difficult to reach as you like.
   There are different reasons people may not want to upload their pubkeys to your server.
   The one I outlined above may be an edge case hitting mainly the "crypto few" as moxie put it so well. But this is nothing those users can live with, because it hard-breaks their compartmentalization.
   And the number of average users affected by this will rise, because services like mailbox.org and posteo are becoming more popular and many tutorials and comments recommend using different keys for the auto-encryption and your really private conversations.
   And I haven't even started to talk about people for whom it is very important to stay under the radar. Have you read any of the reports about lots of Mexican journalists getting killed for writing anonymosly about the crime in their region? Criminals and undemocratic nations may not be able to crack/circumvent TLS encryption or Google passwords. But if there is a public key corresponding to your publicly availabe email address available, they are pretty much scheduled for torture or worse.

You can actually integrate what I propose with your UI very well and actually improve the usability even further. Currently you only upload the public key to your own server, where it is not very likely to be found.
Why not have a slider or pull-down field which is by default set to "upload public key to our and the most commonly used servers to make it easy for others to send you encrypted mails".
Discourage users to choose the "don't upload anywhere" option by showing a warning that this is not recommended (he is on his own now...) and maybe changing the border/background color of the field/form from green to red.

This solves all of the above problems.

• You actually conform with the law by telling people before you upload anything. Bonus points for not getting anybody killed.
• You also get rid of the confusion why something was uploaded after you said you wouldn't.
• You don't hard-break the use case of many of the "crypto few" and many of those who use privacy-friendly mail providers, even tough they may belong to the "clueless".
• Nearly all of your users are actually easy to find, because their keys are on all the biggest key servers yay

from mail.

I agree with @felixhammerl on this. The goal of whiteout is to make crypto as simple as possible and hide the details, similar to what iMessage or TextSecure does.

We could invest more time and energy discussing theories here, but I think that time is better invested into real life user acceptance testing.

from mail.

Well you better at least tell people before uploading their public key, otherwise you risk litigation as well as fines by the data protection officials in your jurisdiction.

It might be legal to upload a freshly created key, but I am very certain that it is not to upload a user-provided public key without notifying first.

from mail.

Well you better at least tell people before uploading their public key, otherwise you risk litigation as well as fines by the data protection officials in your jurisdiction.

https://whiteout.io/privacy-service.html

from mail.