[Enigmail] From Circumvention

Robert J. Hansen rjh at sixdemonbag.org
Tue Mar 3 15:44:18 CET 2015

I'm attending Circumvention in Valencia, Spain right now.  Circumvention
is a conference for people interested in using technology to circumvent
oppression, mostly oppressive governments and corporations in the
developing world.  A particular focus is on technology trainers --
people who train others in how to effectively use security technologies.
 Trainers are force multipliers; a good trainer can easily teach 50
people a month how to use basic privacy and confidentiality tools.
Multiply that over a year, and you quickly see that one trainer can help
facilitate an entire cluster of electronic freedom.

My impressions so far:

- The Eniglove is thick, palpable, and real.  I literally have not
  been able to buy my own beer.  If I was so inclined, I could get
  stone drunk every night and *still* wind up turning down half the
  offers of free beer.  I also get random bone-crushing hugs from
  attractive women and the occasional activist has taken me apart
  from the crowd to tell me, "Enigmail saved my family's life."

- Everyone it seems has a different take on an Enigmail feature
  they'd like to see included.  Some of them are just "no, we won't
  do that" (such as pushing for Enigmail to get integrated wholesale
  into Thunderbird), some are really easy, and others are worth
  thinking about.

  Really easy:

  1.  The "Help" button beside "Convenient encryption settings" is
      sometimes unresponsive.  I saw this bug with my own two eyes
      (thanks, Dmitri!) and can confirm it.

  2.  There's a huge outcry for a Farsi translation.  The bad news:
      the people who most need it are unable/unwilling to contribute
      to it (they need to keep a low profile).  The good news:
      Localization Lab really wants to help us out with this.
      See http://www.localizationlab.org/translation/ for an overview
      of Localization Lab's efforts.  I've got a point of contact
      there, so we should probably reach out and see what they can do
      for us.

  3.  The trainers say there's a slight visual difference in how
      inline messages are composed versus how PGP/MIME messages are
      composed.  Inline messages are briefly flashed in the compose
      window in encrypted form before sending, while PGP/MIME
      messages are not.  It would be good if there were only one
      behavior, because it sometimes leads to people believing they
      sent an email unencrypted because when they were in training
      (using inline PGP) they saw it briefly in encrypted form, but
      in the real world (using PGP/MIME) they didn't.  I think this
      is minor, but ... people are serious about it.  One uniform
      behavior, please.

  4.  If you've disabled encryption and/or signing for a message (when
      it would normally be present), Enigmail is too polite about it.
      They'd like to see a red banner or somesuch, warning the user
      "You have manually disabled encryption and/or signing for this
      email".  The icons, although accurate, are too easy for newcomers
      to overlook.

  5.  It should default to encrypting drafts.

  Worth thinking about:

  6.  Add an "Easy Revocation Reminder" feature.  When revoking a key,
      one major problem is convincing one's correspondents to check
      the keyservers.  Clicking "Easy Revocation Reminder" (needs a
      better name) would walk through your mail folders accumulating
      the email addresses of everyone who has sent you encrypted email
      or anyone you've sent signed email to.  Enigmail would then open
      a new compose window, with all of these email addresses as bcc,
      with pre-composed text about how "I have had a key compromise,"
      blah blah blah.  Allow the user to edit the text how they like,
      particularly listing a new key to use, and hit "Send" to notify
      all recipients.

More information about the enigmail-users mailing list