Autocrypt: Email Encryption for Everyone

From IFF Wiki
Jump to: navigation, search
Autocrypt: Email Encryption for Everyone
Presenter(s) holger krekel, Ksenia Ermoshina, Daniel Kahn Gillmor, Azul
Organization(s) merlinux, ACLU, CNRS
Project(s) Autocrypt, NEXTLEAP, LEAP
Country(ies) Germany, US, Russia
Social media
2017 theme Tools & Technology

We'd like to show and discuss prototypes, use cases and the approach of the current "Email Encryption for Everyone" effort. We'll present results and show how this brand-new scheme works in theory and practise. Unlike some other approaches it only requires support from client-side mail programs and you can use it with any mail provider. Encryption keys are managed and discovered through regular mails. The specification, while still under development, became much more concrete during discussion and tested at the hackathon and unconference December 2016 at the Onion Space Berlin offices.

The approach follows ideas from the post-Snowden on Opportunistic Security and focuses first on protecting against passive network/provider attacks and in particular aims to:

  • liberate users from having to manually manage encryption/decryption keys
  • early integrate user feedback and results from useability testing into the protocol design
  • manage key discovery through mails people send each other (no keyservers, no dependency on extra services)
  • be easy to standardize and seeking agreement from mail app developers
  • implement multi-device sharing of secrets through pairing

In this session we show the state of the Autocrypt spec, existing prototypes and discuss use cases and test useability aspects with the audience, seeking feedback and critique from interested users, designers, and fellow developers.

Format Conversation
Target Groups Developers and Activists interested in encrypted mail
Length 2 hours
Skill Level Novice
Language English

Session Outputs

Next Steps

Additional Notes

Relevant Resources