Hello community of #Thunderbird#OpenPGP users. I'd like to know if some of you are still stuck at Thunderbird version 68 and the old #Enigmail Add-on. Is there any missing functionality in Thunderbird 115 that is still preventing you from migrating? #PGP#GPG#GnuPG@thunderbird
Some people don't see the value of using a password manager and keep sharing their streaming service passwords with their friends and relatives in plain text.
This is an attempt to simplify the process of sending encrypted passwords for non-technical users, using local encryption with temporary #PGP keys.
:BoostOK: Because DMs are not end-to-end encrypted on Mastodon or on any Fediverse social media platform, your instance admin can read your DMs, and so will any unauthorized individuals if the DMs gets leaked.
If you send a DM to anyone on the Fediverse, make sure it's something you wouldn't mind if it ever gets leaked. If you DO mind, use a privacy-respecting end-to-end encrypted platform like Signal, Session, or Matrix.
Alternatively, you can encrypt your messages using PGP if they list their PGP key in their bio and send them via DMs on the Fediverse. Even better, you can use PGP to send your Signal, Session or Matrix address via DMs.
With the latest version of #postmarketOS and #Thunderbird, it's still shoddy, but we can actually set up and read emails. No issues with launching or window sizing!
It's not mobile optimized at all, so I had to minimize the font size and zoom, and to read emails we need to double-tap, so it opens in a new tab.
It's not ideal, but none of the mobile optimized clients support PGP encryption at all afaik, so I'm very pleased with this.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
The project leader of #gnupg has announced a fork of the #openpgp standard, justifying it with a list of accusations against the #IETF working group that fall apart under scrutiny. #pgp is being threatened with destruction over a personal grievance. We strongly urge de-escalation.
We're trying to polish sq, Sequoia #PGP's CLI, in preparation for our 1.0 release this summer. One place we could use some help is with the CLI's UX: are the subcommands and options sane, and consistent? Also, we want to provide guidance so that user's don't need to memorize workflows, but are nudged along. See for instance: https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/221 If you are interested in helping, please reach out!
Sequoia PGP's paid development is financed by @sovtechfund (❤️ ). In addition to writing code, they also support our standardization work, and community outreach. In this blog post, I discuss some of our community engagement (presentations and collaborations with sett, @securedrop, and @fedora) that have happened over the past few months.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
Having decidedly too much fun playing with ancient #PGP artifacts.
Note the two version 2 public keys from 1992. They were created just over a year after Phil Zimmermann first released PGP (on 6 June 1991), deep in the crypto war era.
These keys predate the #OpenPGP name by around half a decade.
At over 31 years old, nation-state actors can definitely factor John Gilmore's RSA 1024 key today.
However, I believe the cost still exceeds a hobbyist budget even now.
Relatedly, I also released rpgpie 🦀️🔐🥧 v0.0.1 (https://crates.io/crates/rpgpie), an experimental high level OpenPGP API based on rpgp (rsop is built on top of rpgpie).
This crate paves the way for convenient handling of #OpenPGP card User PINs, for users whose threat model allows persisting the PIN locally on the host computer.
If a User PIN is stored, applications can obtain it via this crate, and perform cryptographic operations without prompting the user for PIN entry.
Currently org.freedesktop.Secret is supported for storage.
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df#GPG#PGP#E2E#encryption
Everyone should learn how to self-verify with their own cryptographic keys.
Why rely on a third party to verify, where you have to upload your own ID?
Verifying accounts with a central authority is laying trust in that authority, and taking risk, trusting them they can protect your identity and not abuse that position.
The proof is in the history of identity and activity of the key.
It is best to start learning now and build up an identity. #pgp#linux#foss
Last year, the @sovtechfund fund invited us, the Sequoia PGP Project, to join their new Bug Resilience Program.
Today, I'm pleased to announce that we are publicly launching our bug bounty program with rewards of up to €10,000 for novel, security-relevant issues in Sequoia applications, libraries, or specifications. #pgp
oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
#e2ee is a goal, not a promise. As far back as I can remember, forums like those supporting #Enigmail and #gpg were staffed with volunteers from the privacy community who repeatedly insisted on answering questions, like, "Is <this> (whatever this might be) totally secure?" with stock questions like, "What is it that you consider 'totally secure?" or answers such as, "Secure is a relative term, nothing is completely secure, how secure do you need your mission's communications to be?"
Phrases such as, reasonably secure should be indicators of how ridiculous it is to assume that any secure platform isEVERcompletely, and totally secure.
That begs the question, "Exactly how secure do you require your communications to be?" The answer is always, ... relative.
Which means that you should always believe Ellen Ripley when she says, "Be afraid. Be very afraid!"