[Enigmail] New 1.8 toolbar on the composition window

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Mar 18 13:54:29 CET 2015


On Wed 2015-03-18 03:23:04 -0400, Doug Barton wrote:
> On 3/17/15 11:03 PM, Daniel Kahn Gillmor wrote:
>> My composition toolbar currently already has:
>>
>>   Send | Spelling | Attach | S/MIME | Save
>
> Yes, that's the default, and I have those as well (icons and text).

thanks for the reportback, and for the screenshot.  I guess i should
note that while we have the same buttons in the same layout, our icons
are entirely different (i'm running Debian GNU/Linux, i suspect our OS
integration packages are involved with these decisions).

So it may not be possible for enigmail to ship icons that match
everyone's iconsets, without selecting icons from thunderbird's default
set.

> They are not necessary to have as part of the compose window itself. The 
> icons for encrypt and sign already change status when those features are 
> enabled. That will serve for your "status" indicator. I experimented 
> with moving those two buttons up to the composition toolbar, and it 
> works ... I attached an example. It would be nice if the icons were a 
> little cleaner and matched the existing style better, but it's a good 
> start. Users for whom this is cramped and do not use S/MIME could simply 
> delete that button.

Alternately, users who do not want the new toolbar can do the
customization you just did.  That is: start with the beginner mode, and
let advanced users customize.

> You listed some good questions, and like you I don't want to get dragged 
> down into arguing them point by point. However they are all questions 
> that new users need to learn the answers to. Putting a shiny button for 
> attaching their public key doesn't aid in that process.

Thanks for not arguing with the questions -- they weren't intended as
points for debate, just as a handful of the thousand papercuts that
people run into when trying to use these tools for the first time.

I think we have a couple choices: (a) we can expect that users learn the
answers (and rationales) behind all of these questions before they ever
start to use the tool, or (b) we can help them get started and then help
them answer these questions later, as they come up.

As a community, we seem to have been trying (a) for a long time.  And
i'm a big fan of it too -- i really really want people to understand the
nuances.  But we've been failing at getting people to just use the
tools, and without users, the tools don't achieve their purpose.

Enigmail is currently in the middle of a grand experiment at pushing
toward (b).  I welcome this change.

>> Unencrypted mail will be in the clear, just like the many web sites we
>> still use that are in the clear (for routine business communications
>> like http://amazon.com/, for example).  Users should know about this.
>
> I may regret asking this question, but why? For users who have not 
> explicitly enabled signing and/or encryption what good thing will come 
> from hitting them over the head with the fact that their messages are 
> not signed or encrypted (just like they never have been in the past)?

As said on the chromium proposal about marking HTTP as non-secure:

  "The goal of this proposal is to more clearly display to users that
   HTTP provides no data security."

I think you're operating from the default assumption that everyone knows
From the beginning that networked communications are insecure, and that
this should be the default (quiet) state of the UI.  I'm not sure most
people besides computer security nerds like us really understand that,
though maybe some more of them do now, post-Snowden.

I believe that we should expect more from our tools, and that the
default (quiet) state of the UI should be when the communications
channels we use *are* secure, and that otherwise we should have clear
indicators.

All the best,

   --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/attachments/20150318/9aa0514e/attachment-0001.sig>


More information about the enigmail-users mailing list