Unpopular but very probably true fact: email can't practicably be made secure, and people should stop trying. Email is itself archaic, and there aren't good reasons people should use it for routine peer-to-peer communications that need secrecy.
* It's default-plaintext. We don't generally love the way websites ensure they're viewed securely, but email doesn't even have the basic mechanisms HTTP has to prevent secrets from accidentally being sent in the clear.
* Email encryption is never forward-secure. The most popular standard, OpenPGP, involves a long-term key that is the root of secrecy for all messages from a particular person. Lose that key, ever, and not only is every message you send in the future unsafe, but every message you've ever sent in the past is too. That's a terrible property for a secure messaging system.
* Email leaks metadata. In fact, some of what we call email "metadata" isn't even metadata --- stuff like subject lines are simply content. They're sent in plaintext. We would never accept a new secure messaging system that behaved like that.
* Most email users get their email from a website. Unless you make them install something on all their computers --- and at that point, just get them to install Signal, WhatsApp, or Wire --- "encrypting" their email involves schemes in which those websites can get their plaintext mail.
* Most email clients are searchable-archive-by-default. Again, if you're using a secure messaging system to keep secrets from a state-level adversary, that's exactly what you don't want. And again, what matters here is the behavior of the overwhelming majority of clients. If you can stipulate a special mail client that is extra-careful, why not stipulate a forward-secure advanced messaging system and stop bothering with email?
Everything that makes email effective in the real world makes it inhospitable to secure messaging. We should stop trying to push this particular boulder up this particular mountain and instead just get people to adopt serious secure messengers.
Gah, the thing I truly hate about this website is that it doesn't offer me an answer to the most important question: But what does it do?
I have to scroll down to see the content in the "What is Autocrypt" section. The content was two sentences long and I still didn't understand what does it do (I wondered what's an "email program" in this context). Since there was no additional text to help me out on the homepage, I had to look further.
FAQ page was too technical for such an explanation, implementation status page gave me some genuine idea that this is something related to other OpenPGP products instead of a new OpenPGP product. The third page I tried opening was the "test it" page, which led me to basically nothing out of any use.
And this is not an isolated case, this is more of a rule for project websites. Seriously, figure out a layman term to explain whatever you're representing and slap it on top of your homepage. Nobody cares if you're decentralized or an open standard until we know what is it. "Convenient End-to-End Encryption for E-Mail" made me believe it was a separate OpenPGP implementation, not a set of guidelines.
Just one sentence like "a set of guidelines that make email encryption easier" would make me want to find out more. This way, by the time I found that out, I have already decided to write this out of rage instead of finding out more.
So, here's a plea to the authors of this website and every other project website: Please, tell me what your project does right at the top of your homepage and do not make me chase an answer to that question.
To save some hunting around, here is the description of what is being proposed here:
Basically you include your public key in a "Autocrypt:" header line added to all messages you send out. Then encryption transparently happens.
So we give up some protection against MITM attacks but get protection against passive surveillance for people who are not willing or able to participate in a web of trust. All and all a good idea. Because this works with standard OpenPGP messages it would be good if we could tell what level of protection we were getting when we view a message.
The site could benefit from a to-the-point explanation that doesn't assume prior experience with PGP based mail. I can't point less technical users to this.
Does this work if one uses multiple mail clients (fx. notebook, desktop, and smartphone)?
Since it requires client support, it doesn't seem an option currently on, say, an iPhone.
Here is a description how it works: https://posteo.de/en/blog/new-easy-email-encryption-with-aut...
Metadata is more important than content. Metadata is surveillance. There is no way to hide metadata with computers. The only way to get around this is through anonymity. You put the info out there, but it can't be correlated to you by someone else except your intended recipient. This is approaching impossible even with the best, security-minded infosec professional. The safeguards you need to employ are very extraordinary. One slip-up, UR-FCK'ed.
OPSEC is not retroactive.
Pretty off topic, but: I've been working on signed web applications: http://blog.airbornos.com/post/2017/08/03/Transparent-Web-Ap.... If anyone working on a web-based email client wants to take a shot at making it completely secure (against the web app's server), shoot me an email :) in profile.
Who is the team or company behind this offering?
Send the link to your boss and ask his opinion