[Enigmail] New 1.8 toolbar on the composition window

Doug Barton dougb at dougbarton.email
Wed Mar 18 20:24:50 CET 2015

On 3/18/15 5:54 AM, Daniel Kahn Gillmor wrote:
> On Wed 2015-03-18 03:23:04 -0400, Doug Barton wrote:
>> On 3/17/15 11:03 PM, Daniel Kahn Gillmor wrote:
>>> My composition toolbar currently already has:
>>>    Send | Spelling | Attach | S/MIME | Save
>> Yes, that's the default, and I have those as well (icons and text).
> thanks for the reportback, and for the screenshot.  I guess i should
> note that while we have the same buttons in the same layout, our icons
> are entirely different (i'm running Debian GNU/Linux, i suspect our OS
> integration packages are involved with these decisions).

Surely. That said, I use all 3 major OS' and none of the icons are 
fuzzy. :)  They feel "not ready for prime-time" to me.

> So it may not be possible for enigmail to ship icons that match
> everyone's iconsets, without selecting icons from thunderbird's default
> set.

I'm not sure that's necessary ... a good graphics person could come up 
with a "least common denominator" button that would fit in with all 3 

>> They are not necessary to have as part of the compose window itself. The
>> icons for encrypt and sign already change status when those features are
>> enabled. That will serve for your "status" indicator. I experimented
>> with moving those two buttons up to the composition toolbar, and it
>> works ... I attached an example. It would be nice if the icons were a
>> little cleaner and matched the existing style better, but it's a good
>> start. Users for whom this is cramped and do not use S/MIME could simply
>> delete that button.
> Alternately, users who do not want the new toolbar can do the
> customization you just did.  That is: start with the beginner mode, and
> let advanced users customize.

As I said to Patrick, my objection is not about what experts like us 
can, or cannot do. It's about what the average user will see when they 
install, and what actions they will be led to by what they see.

>> You listed some good questions, and like you I don't want to get dragged
>> down into arguing them point by point. However they are all questions
>> that new users need to learn the answers to. Putting a shiny button for
>> attaching their public key doesn't aid in that process.
> Thanks for not arguing with the questions -- they weren't intended as
> points for debate, just as a handful of the thousand papercuts that
> people run into when trying to use these tools for the first time.
> I think we have a couple choices: (a) we can expect that users learn the
> answers (and rationales) behind all of these questions before they ever
> start to use the tool, or (b) we can help them get started and then help
> them answer these questions later, as they come up.

In your ridiculously limited set of options b is the obvious answer, but 
I think we draw the line very differently in terms of what they need to 
know before they start.

> As a community, we seem to have been trying (a) for a long time.  And
> i'm a big fan of it too -- i really really want people to understand the
> nuances.  But we've been failing at getting people to just use the
> tools, and without users, the tools don't achieve their purpose.

In this line of argument you're assuming that the reason people don't 
use the tools is the learning curve. I don't think that's true, and I 
don't think there is a lot of evidence that it's true, if any.

I've done what you've done in the past, sit down with a room full of 
people and explain to them how PGP works, the barest of fundamentals 
they need to know in order to get started, and walked through some demo 
e-mails. I've done this with groups, and I've done it with individuals. 
I have a near-zero uptake percentage on these presentations. When I ask 
people later why they aren't using the tools, they give a variety of 
reasons ... Too hard, Confusing, Weird, No one else I know uses it, etc.

> Enigmail is currently in the middle of a grand experiment at pushing
> toward (b).  I welcome this change.

I could make a very persuasive argument that social engineering isn't 
enigmail's job. We've already committed to social engineering for the 
transition to GnuPG 2.x, and now we're doing more social engineering to 
try and attract new users? This is a very disturbing trend.

>>> Unencrypted mail will be in the clear, just like the many web sites we
>>> still use that are in the clear (for routine business communications
>>> like http://amazon.com/, for example).  Users should know about this.
>> I may regret asking this question, but why? For users who have not
>> explicitly enabled signing and/or encryption what good thing will come
>> from hitting them over the head with the fact that their messages are
>> not signed or encrypted (just like they never have been in the past)?
> As said on the chromium proposal about marking HTTP as non-secure:
>    "The goal of this proposal is to more clearly display to users that
>     HTTP provides no data security."
> I think you're operating from the default assumption that everyone knows
>  From the beginning that networked communications are insecure, and that
> this should be the default (quiet) state of the UI.  I'm not sure most
> people besides computer security nerds like us really understand that,
> though maybe some more of them do now, post-Snowden.

Yes, more of them know, AND THEY STILL DON'T CARE. I saw a report on 
post-snowden user behavior the other day that said that among people who 
were knowledgeable about what Snowden is revealing that less than 10% 
had previously done anything to secure their communication, and less 
then 30% were doing *anything* new, and the steps they were taking were 
weak. I apparently didn't even bookmark the page, which I vaguely recall 
thinking wasn't necessary because it just demonstrated stuff I already 

You are making the typical security nerd mistake of thinking that IF 
PEOPLE ONLY KNEW that their communication was insecure that they would 
do something about it. But studies and experience have shown over and 
over again that this is not true at all. People either know that their 
communication is insecure, and don't care; or they don't know, and don't 
care after it's pointed out to them.

No amount of making tools easier is going to change that.


I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/attachments/20150318/9138b2c5/attachment-0001.sig>

More information about the enigmail-users mailing list