It's easier than ever to set up #GPG for email #encryption , even simpler than when @fsf wrote this handy guide!
It's still a great starting point and walks through the basics. Maybe it's time for you to take a fresh look at good "old-fashioned" GPG / PGP and try it out on #GlobalEncryptionDay 😎
@maltimore @lutindiscret @fsf Thunderbird actually does offer to encrypt the subject line * by default * . That's been true since version 78 which slightly predates this guide's last update:
https://wiki.gnupg.org/EMailClients/Thunderbird
...of course, people criticize it for that and being non-standard :P
Thunderbird is the client mentioned in the FSF online guide here and I dare say it (or some variant) is what 90% of users would be onboarding with.
This guide just needs a refresher IMO.
@maltimore @lutindiscret @fsf But yes, I would add a section that talks about the subject + header and warns.
Given that most folks I know using E2EE were sending phone numbers in-the-plain not long ago, before Signal handles existed, I don't think it's a "nuke the tech from orbit" reason to ditch GPG/PGP.
Esp. since web clients / apps like Protonmail now have broad compatibility with it as well as many providers in their web GUI like Mailfence.
Just takes a short comment about mail header.
@lutindiscret @fsf Have you tried using it in Thunderbird lately?
5 min onboarding, if that. I have "spread" this "bad practice" to many hundreds of users in lecture halls. It may not be for all use cases, but is especially good for the "problem of first contact" and sharing other comms channels and URLs without exposing them in the plain.
Sean O'Brien
Lutin Discret
Maltimore