I get it :: You have PGP

by Volker Weber

gmail

The new Gmail has this useful feature where you see file attachments right in the message list. You can click on them to view them right away. And then you have the odd person who is using a PGP plugin that "signs" all his messages. That is what you see under their messages:

Sketch

Now would be a great time to disable this feature. It looks very spammy. I trust that nobody altered you message. If I have any doubt, I will ask. I also never ever receive any encrypted mails. If you want a secure channel, use iMessage or Signal. You have my number.

Comments

I would say, Google needs to fix that. As these are not attachments but digital signatures, Google should display the result of the signature. Then it would not look spammy ;-)

Michael Urspringer, 2018-04-27 06:29

Michael, while you are technically right, it probably doesn't occur often enough for Google to bother.
vowe, does it occur that often in your inbox or is it rather the designer in you that is disturbed?
There was a time / platform, where an agent composed of of simple actions would have easily taken care of such issues... :-) Soon Microsoft Flow could be powerful enough to do as well, but of course not in GMail.

Ragnar Schierholz, 2018-04-27 07:14

Technically you are both right. Apple shows there is an attachment, but then hides it from you. In any case, it is about as useful as a disclaimer asking you not to use your printer.

Volker Weber, 2018-04-27 09:58

Whilst I find Gmail's presentation annoying, too, I sign all my outgoing messages using S/MIME. This is useful because the signature contains the key and the other party can start sharing encrypted messages with me right away.

And yes - it is also a gentle nudge to make people start using encrypted email.

Daniel Gera, 2018-04-27 10:32

I think its Gmail's presentation at fault here. Theres no need to show the S/MIME attachments in the user interface.

Outlook 2016 gets this right IMO. A simple indicator as to whether message is signed/encrypted and easy to respond encrypted. I get lots of these messages, mostly from large enterprises with Email PKI in place.

Andy Mell, 2018-04-27 10:52

Daniel, I did that as well for a couple of years, while I was a Thawte notary. It did not change a thing. Today I am not distributing a public key, because it would only put a burden on me to safeguard my private key on multiple devices. If you need encryption, just use Signal or iMessage.

Volker Weber, 2018-04-27 13:18

From what I can observe, large organizations do not promote Signal or iMessage as secure messaging solutions that should be on every employee's iPhone.

Jay Marme, 2018-04-27 16:04

That is a very broad assertion.

A large organization like Apple (>> 100,000 employess) does, and also does for the hundreds of millions of iPhones they sell. Since iPhones are pretty popular in business I can reach pretty much everybody I need to reach with secure iMessage.

Notable exception: banks. They only allow messaging they can trace. If they cannot record the conversation, it is ”not promoted”, read forbidden. For the same reason they do not promote PGP as a secure messaging solution that should be on every employee's iPhone.

That is where private devices come in. And if that is not an iPhone, there is still Signal. (Google does not promote secure messaging solutions on Android. They are going with unencrypted RCS now.)

Volker Weber, 2018-04-27 16:36

Compliance explains why some companies in or outside of the financial sector would not want these apps on staff phones. What interests me is why companies do not see the value in getting such apps into everyone's hands so that they can be used when the situation calls for it.

Jay Marme, 2018-04-27 17:22

If Google really wants to push mail encryption they just could start to support it. If the big providers would care and make it easier to use it, then more and more people would start using it. Maybe they just have an interest not to support it ;-)

Michael Urspringer, 2018-04-28 08:11

It's in Google's interest to make PGP email look unattractive and annoying.

Encrypted email (that they don't control the keys for) is directly against their business model.

Craig Wiseman, 2018-04-30 16:35

I know this is difficult to understand, but users don't give a sh!t about email encryption.

Volker Weber, 2018-04-30 18:01

Agree. But I think, one of the main reasons is that it is far too difficult to use for "normal" users ...

Michael Urspringer, 2018-04-30 21:21

Am i missing something here? Initially the mails where signed. And I think this in itself has value. Tons of spam mails reach recipients all over the world with my very own mail address as the faked sender. I think signing gives and additional hint to mail gateways whether a sender really is the legit owner of the address used. In general I think its problematic to rant about a useful feature just because Google does not (want to!) get it right. (Leaving Facebook und using Gmail at the same time is something we should talk about separately…)

And yes - if you really want secure messaging don't use mail at all.

Benjamin Stein, 2018-05-02 06:58

Post a comment

Store next two fields in a cookie for you?




Use your full name and a working email address. Unless you want your comment to be removed. No kidding.

Recent comments

Volker Weber on Plantronics 6200 UC :: Erste Eindrücke at 05:56
Stephan H. Wissel on Plantronics 6200 UC :: Erste Eindrücke at 23:00
Bill Mayer on Alexa, do. Not. Panic. at 20:16
Bill Mayer on Echo Show :: First Impressions at 19:52
Stefan Dorscht on Plantronics 6200 UC :: Erste Eindrücke at 17:10
Volker Weber on Plantronics 6200 UC :: Erste Eindrücke at 15:10
Enrico Lippmann on Alexa, do. Not. Panic. at 14:42
Bastian Neumann on Plantronics 6200 UC :: Erste Eindrücke at 14:13
Jörg Hermann on Oberfläche at 22:54
Christian Tillmanns on Oberfläche at 21:22
Ragnar Schierholz on Oberfläche at 20:10
Kai Schmalenbach on Oberfläche at 19:01
Markus Dierker on Echo Show :: First Impressions at 18:59
Philipp Ringler on Oberfläche at 17:31
Volker Weber on Echo Show :: First Impressions at 16:52
Markus Dierker on Echo Show :: First Impressions at 16:44
Volker Weber on Oberfläche at 16:40
Stephan Perthes on Oberfläche at 16:23
Manfred Wiktorin on Oberfläche at 16:19
Christian Tillmanns on Oberfläche at 16:15
Jörg Hermann on Oberfläche at 14:19
Detlef Borchers on Oberfläche at 13:28
Frank Quednau on Lenovo, the Chinese giant that plays by the rules … and loses at 13:23
Robert Dahl on Alexa Nummer Vier at 12:41
Volker Weber on Alexa Nummer Vier at 12:40

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter amazon

Local time is 06:27

visitors.gif

buy me coffee