[Enigmail] From Circumvention
Robert J. Hansen
rjh at sixdemonbag.org
Tue Mar 3 15:44:18 CET 2015
I'm attending Circumvention in Valencia, Spain right now. Circumvention
is a conference for people interested in using technology to circumvent
oppression, mostly oppressive governments and corporations in the
developing world. A particular focus is on technology trainers --
people who train others in how to effectively use security technologies.
Trainers are force multipliers; a good trainer can easily teach 50
people a month how to use basic privacy and confidentiality tools.
Multiply that over a year, and you quickly see that one trainer can help
facilitate an entire cluster of electronic freedom.
My impressions so far:
- The Eniglove is thick, palpable, and real. I literally have not
been able to buy my own beer. If I was so inclined, I could get
stone drunk every night and *still* wind up turning down half the
offers of free beer. I also get random bone-crushing hugs from
attractive women and the occasional activist has taken me apart
from the crowd to tell me, "Enigmail saved my family's life."
- Everyone it seems has a different take on an Enigmail feature
they'd like to see included. Some of them are just "no, we won't
do that" (such as pushing for Enigmail to get integrated wholesale
into Thunderbird), some are really easy, and others are worth
1. The "Help" button beside "Convenient encryption settings" is
sometimes unresponsive. I saw this bug with my own two eyes
(thanks, Dmitri!) and can confirm it.
2. There's a huge outcry for a Farsi translation. The bad news:
the people who most need it are unable/unwilling to contribute
to it (they need to keep a low profile). The good news:
Localization Lab really wants to help us out with this.
See http://www.localizationlab.org/translation/ for an overview
of Localization Lab's efforts. I've got a point of contact
there, so we should probably reach out and see what they can do
3. The trainers say there's a slight visual difference in how
inline messages are composed versus how PGP/MIME messages are
composed. Inline messages are briefly flashed in the compose
window in encrypted form before sending, while PGP/MIME
messages are not. It would be good if there were only one
behavior, because it sometimes leads to people believing they
sent an email unencrypted because when they were in training
(using inline PGP) they saw it briefly in encrypted form, but
in the real world (using PGP/MIME) they didn't. I think this
is minor, but ... people are serious about it. One uniform
4. If you've disabled encryption and/or signing for a message (when
it would normally be present), Enigmail is too polite about it.
They'd like to see a red banner or somesuch, warning the user
"You have manually disabled encryption and/or signing for this
email". The icons, although accurate, are too easy for newcomers
5. It should default to encrypting drafts.
Worth thinking about:
6. Add an "Easy Revocation Reminder" feature. When revoking a key,
one major problem is convincing one's correspondents to check
the keyservers. Clicking "Easy Revocation Reminder" (needs a
better name) would walk through your mail folders accumulating
the email addresses of everyone who has sent you encrypted email
or anyone you've sent signed email to. Enigmail would then open
a new compose window, with all of these email addresses as bcc,
with pre-composed text about how "I have had a key compromise,"
blah blah blah. Allow the user to edit the text how they like,
particularly listing a new key to use, and hit "Send" to notify
More information about the enigmail-users