[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ESD-translators] mailvelope Re: pEp
From: |
Tomas Stary |
Subject: |
Re: [ESD-translators] mailvelope Re: pEp |
Date: |
Fri, 27 Jul 2018 00:54:58 +0200 |
Hi Iniev,
thanks for your reply.
Ineiev:
> Hi, Tomas;
>
> On Wed, Jul 25, 2018 at 09:17:52PM +0200, Tomas Stary wrote:
>>
>> It has been brought to my attention, that many of my friends use
>> webmail. The concept of an email client is slowly becoming obsolete.
>
> Some experts say email becomes obsolete... but I'm going to use it,
> anyway.
>
Well, we still don't have a good replacement for email, so it can hardly
become obsolete. But the webmail is pretty good replacement for email
clients.
Also, nothing stops you from using email client if you prefer to,
because you are still able to decrypt emails from other people that use
webmail with mailvelope.
>> Trying to teach those people about email clients besides of teaching
>> them encryption would only add to their confusion.
>
> Then they could try other communications (not email).
>
Which one do you suggest?
EFF suggests signal, but it's impossible to install it without
registering your phone number -- which is a mayor drawback. Going over
that they do have a desktop app, but you still need to own a smartphone
to register or go through complicated procedure with an command line
application, which those people won't do.
Telegram does not have free software server-side implementation
I have been long looking for an alternative that does not require a
phone and still work on my laptop.
>> However, I have
>> recently found the mailvelope browser extension (for firefox and
>> chrome), which integrates the encryption in webmail.
>>
>> https://www.mailvelope.com/
>
> I'm sceptical about any cryptography with webmail,
> https://secushare.org/end2end
>
> I think it isn't just impossible---it's very impossible
> to get it right.
>
Of course, if you do the email encryption client-side within the
website, you still run the risk that someone will get the information
through injected javascript.
However, as I understand it, the mailvelope addon creates a separate
container outside of the website, where sits the decrypted text, and
that cannot be accessed from the webpage javascript.
To the actual website the mailvelope sends only the cyphertext, so the
attacker could only get the encrypted text through javascript. (but
correct me if I am wrong)