Encryption is not an option but a default
13. July 2013
Actually it was a pleasure for me to see the GNOME privacy campaign being announced prior to recent developments of U.S. surveillance has become a rather big success and is heading for the 20.000$ goal quickly. However, I didn’t find much information for a roadmap about the plans to spend the money on.
There was a lot of press coverage in the last days that all the technology for encrypting your data in a way to make it much harder for secret services (and other so-called “security” agencies) is already there and that it is just missing the correct user interface. Some random ideas how I would imaging the next generation privacy desktop:
Infrastructure
GNOME has seahorse, gnome-online-accounts and gnome-keyring – I would consider this mostly done 🙂
Initial Setup
gnome-initial-setup should ask for your GnuPG-key before it even asks for any accounts and offer the option to create one and/or upload the public key to a popular keyserver and backup the private key somewhere. It should then automatically try to connect other accounts (e.g. Jabber) with the key. This setup step should feel more or less mandatory for the user – of course with the option to skip it.
E-Mail might not be as big for private communication anymore but it is still the way most businesses exchange data and information. For now, e-mail in GNOME is tightly connected to Evolution although, of course, it would be cool to also integrate encryption infrastructure in popular webmail services but I have not much idea if and how that would be possible.
However, lets stick to Evolution for now. Once you compose a mail Evolution would lookup the recipient(s) mail addresses locally and on a key-server probably also querying some information if PGP/MIME or S/MIME is supported. Once you click on sent and the recipients public key(s) is/are available Evolution will ask you to sent an encrypted mail (with the obvious always/never for this address/don’t bother me options). This should spread the use of encrypted messaging not only for real secrets but for any mail which will avoid the “you wouldn’t encrypt if you didn’t have anything to hide”-problem.
Chat
Empathy is the obvious choice here. All chats should be encrypted by default and I feel that the user shouldn’t even be queried if to encrypt of not because there is absolutely no reason why end-to-end encryption shouldn’t be used. Jabber supports encryption by default, it probably also works for most other jabber-based services if the client supports it but might run into problems with facebook-chat.
In addition and as a probably more educational use-case it would be cool to have a “Encrypt this chat” button that would give your chat partner hints how to configure his client to support encrypted conversations. As there are various programs for any platform that should be too difficult with a quick link to a wiki page.
Conclusion
The good thing: We are 90% there – all the technology is there, all the applications are there, it is just a matter of good user-interface design and bringing some bits together.
Some personal hint in the end: I won’t be at GUADEC this year because I planned holidays far before the final dates were announced…maybe see you all next year.
13. July 2013 at 13:12
The trick with webmail and encryption is that you either perform the encryption/signing on the server, or the client. If you do it on the server, the server must at some point have the plaintext version, as well as access to your keys – big trust issue there, obviously. But if you do it client-side, you require integration between web app and local encryption software – defeating much of the benefit of webmail.
13. July 2013 at 15:57
“Jabber supports encryption by default, it probably also works for most other jabber-based services”
Since when does Empathy (or Telepathy in general) support proper OTR encryption?
13. July 2013 at 16:01
One thing you did not mention is the encryption of $HOME respectively the optional encryption of any file or folder inside home. I tried to manage this some time ago (encrypt home), but ecryptfs is not very handy to use (no integration with gnome on this).
Also encryption of files or folders is actually almost easy with truecrypt – but integration into gnome sadly does not exist (using plain vanilla gnome on Arch Linux).
fortunately there is a student in this year’s GSoC working on this:
https://www.google-melange.com/gsoc/project/google/gsoc2013/sambull/44003
13. July 2013 at 22:10
Has there been any progress toward integrating Tor into the desktop as suggested at last year’s GUADEC? I think that would be a killer feature.
14. July 2013 at 11:28
Email encryption isn’t as simple as you’re suggesting. Anyone can make a key for an email address. You can’t just look up “the” GPG key for one.
Likewise, chat encryption doesn’t do any good if you don’t check the keys of the person you talk to.
14. July 2013 at 13:01
“the user shouldn’t even be queried if to encrypt of not because there is absolutely no reason why end-to-end encryption should be used”
No reason to use end-to-end encryption? I just can hope this is a typo!
Sadly the developers of Empathy are completely unwilling to provide OTR on their own, see https://bugzilla.gnome.org/show_bug.cgi?id=545347 … so it seems encryption is not a first class feature in GNOME. The end user doesn’t care about the implementation details, which are truly a problem. Please compare yourself to Jitsi.