Opportunistic PGP encryption
Categories
(Thunderbird :: Untriaged, enhancement)
Tracking
(Not tracked)
People
(Reporter: r, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0
Steps to reproduce:
The upgrade to Thunderbird 78.2 was a huge disappointment. With Enigmail, a mail was automatically encrypted and signed when I had the public key of all recipients. Now, I have to explicitly select that I what to send an encrypted mail. As nobody remembers to do that each and every time (and it's not even possible with at least a single click), mails are going out unencrypted. As an alternative, you can force encrypted mail, but then you have to unselect this for all recipients where you don't have a public key of. Sorry to say that, but this is simply not usable IMHO and if it stays that way I will probably switch email clients after many, many years of being a happy Thunderbird user. Interestingly, I could not find another issue for this, so I'm filing this one.
Comment 1•4 years ago
|
||
I'll add that while I can probably see the possible reasoning behind the current implementation (if a user requires encryption than BY GOD we will enforce it), however the opportunistic enpryption (encrypt the message if we have keys for all recipients, send in cleartext if we don't) that was/is provided by Enigmail was, well superior, from a usability standpoint.
It'd all be much less of a hassle, if:
- the current "no public keys, cannot send message" window had an "OK, send it in cleartext then" option, with an appropriate warning
- the encryption status was visible/changeable in the compose window via a status bar icon (this is currently visible only when encryption is enabled/requested), instead of being hidden in a toolbar button menu.
That is if - for some reason - adding a "Prefer encryption by default" option is not considered desirable; these changes would at least reduce the number of clicks a user has to make to get the message out.
Yes, that would somewhat alleviate the pain this is causing a bit. Nevertheless, and I'm not saying this lightly, such UI with extra clicks in an email client in 2020 is simply unacceptable IMHO. We use PGP internally between coworkers. We don't use PGP for customers. I think this is a very common situation for most people and that won't change for a quite a while. For the time being, you'll have a small circle of PGP users (whom you converse with more frequently) and a long tail of Non-PGP users (whom you converse with less often). As a result, you have say a 50:50 split in terms of actual message frequency. That means that you have to click additional buttons for half of your messages. Every hour. Every day. Every week. There's simply no way, I'll stick to this forever. It's just too annoying. Every arbitrary warning dialog usually has a [x] Don't warn me about this in the future. Why not this one? Temporarily for a few months I think I could live with that, yes. Currently I've switched off encryption completely, though. For anyone who doesn't share CIA grade secrets but wants their (corporate) mail to reside encrypted on mail servers, this is really a shame. I think we're not moving forwards but backwards by this, because the effective result of this change for me currently is. Before: All mails between coworkers encrypted. Now: Everything unencrypted.
Comment 3•4 years ago
|
||
We didn't have time to implement this yet.
Description
•