I get it :: You have PGP

by Volker Weber

gmail

The new Gmail has this useful feature where you see file attachments right in the message list. You can click on them to view them right away. And then you have the odd person who is using a PGP plugin that "signs" all his messages. That is what you see under their messages:

Sketch

Now would be a great time to disable this feature. It looks very spammy. I trust that nobody altered you message. If I have any doubt, I will ask. I also never ever receive any encrypted mails. If you want a secure channel, use iMessage or Signal. You have my number.

Comments

I would say, Google needs to fix that. As these are not attachments but digital signatures, Google should display the result of the signature. Then it would not look spammy ;-)

Michael Urspringer, 2018-04-27

Michael, while you are technically right, it probably doesn't occur often enough for Google to bother.
vowe, does it occur that often in your inbox or is it rather the designer in you that is disturbed?
There was a time / platform, where an agent composed of of simple actions would have easily taken care of such issues... :-) Soon Microsoft Flow could be powerful enough to do as well, but of course not in GMail.

Ragnar Schierholz, 2018-04-27

Technically you are both right. Apple shows there is an attachment, but then hides it from you. In any case, it is about as useful as a disclaimer asking you not to use your printer.

Volker Weber, 2018-04-27

Whilst I find Gmail's presentation annoying, too, I sign all my outgoing messages using S/MIME. This is useful because the signature contains the key and the other party can start sharing encrypted messages with me right away.

And yes - it is also a gentle nudge to make people start using encrypted email.

Daniel Gera, 2018-04-27

I think its Gmail's presentation at fault here. Theres no need to show the S/MIME attachments in the user interface.

Outlook 2016 gets this right IMO. A simple indicator as to whether message is signed/encrypted and easy to respond encrypted. I get lots of these messages, mostly from large enterprises with Email PKI in place.

Andy Mell, 2018-04-27

Daniel, I did that as well for a couple of years, while I was a Thawte notary. It did not change a thing. Today I am not distributing a public key, because it would only put a burden on me to safeguard my private key on multiple devices. If you need encryption, just use Signal or iMessage.

Volker Weber, 2018-04-27

From what I can observe, large organizations do not promote Signal or iMessage as secure messaging solutions that should be on every employee's iPhone.

Jay Marme, 2018-04-27

That is a very broad assertion.

A large organization like Apple (>> 100,000 employess) does, and also does for the hundreds of millions of iPhones they sell. Since iPhones are pretty popular in business I can reach pretty much everybody I need to reach with secure iMessage.

Notable exception: banks. They only allow messaging they can trace. If they cannot record the conversation, it is ”not promoted”, read forbidden. For the same reason they do not promote PGP as a secure messaging solution that should be on every employee's iPhone.

That is where private devices come in. And if that is not an iPhone, there is still Signal. (Google does not promote secure messaging solutions on Android. They are going with unencrypted RCS now.)

Volker Weber, 2018-04-27

Compliance explains why some companies in or outside of the financial sector would not want these apps on staff phones. What interests me is why companies do not see the value in getting such apps into everyone's hands so that they can be used when the situation calls for it.

Jay Marme, 2018-04-27

If Google really wants to push mail encryption they just could start to support it. If the big providers would care and make it easier to use it, then more and more people would start using it. Maybe they just have an interest not to support it ;-)

Michael Urspringer, 2018-04-28

It's in Google's interest to make PGP email look unattractive and annoying.

Encrypted email (that they don't control the keys for) is directly against their business model.

Craig Wiseman, 2018-04-30

I know this is difficult to understand, but users don't give a sh!t about email encryption.

Volker Weber, 2018-04-30

Agree. But I think, one of the main reasons is that it is far too difficult to use for "normal" users ...

Michael Urspringer, 2018-04-30

Am i missing something here? Initially the mails where signed. And I think this in itself has value. Tons of spam mails reach recipients all over the world with my very own mail address as the faked sender. I think signing gives and additional hint to mail gateways whether a sender really is the legit owner of the address used. In general I think its problematic to rant about a useful feature just because Google does not (want to!) get it right. (Leaving Facebook und using Gmail at the same time is something we should talk about separately…)

And yes - if you really want secure messaging don't use mail at all.

Benjamin Stein, 2018-05-02

Recent comments

Volker Weber on HiHello :: A super convenient way to exchange business cards at 18:11
Ragnar Schierholz on HiHello :: A super convenient way to exchange business cards at 17:39
Volker Weber on HiHello :: A super convenient way to exchange business cards at 15:46
Ragnar Schierholz on HiHello :: A super convenient way to exchange business cards at 14:45
Volker Weber on Sen.se is kaputt at 11:33
Volker Weber on HiHello :: A super convenient way to exchange business cards at 11:28
Yves Luther on HiHello :: A super convenient way to exchange business cards at 11:16
Viktor Dexheimer on Sen.se is kaputt at 09:45
Jürgen Sting on Configuring Windows 10 Devices to Wake and Update Outside of Class time at 08:43
Klaus Schneider on When you mass delete files from OneDrive at 07:51
Alexander Jäckel on Surface Go oder Surface Pro? at 23:04
Ragnar Schierholz on When you mass delete files from OneDrive at 22:40
Volker Weber on When you mass delete files from OneDrive at 20:05
Bernd Schuster on When you mass delete files from OneDrive at 17:57
Markus Mews on When you mass delete files from OneDrive at 17:50
Samuel Orsenne on When you mass delete files from OneDrive at 16:13
Volker Weber on When you mass delete files from OneDrive at 16:03
Jochen Schug on When you mass delete files from OneDrive at 16:02
Klaus Schneider on When you mass delete files from OneDrive at 15:36
Bernd Schuster on When you mass delete files from OneDrive at 15:04
Volker Weber on When you mass delete files from OneDrive at 14:05
Dragon Cotterill on When you mass delete files from OneDrive at 13:41
Klaus Schneider on When you mass delete files from OneDrive at 13:10
Volker Weber on Backup important folders to OneDrive at 12:33
Chris Lindley on Sen.se is kaputt at 10:14

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 06:03

visitors.gif

buy me coffee