I was setting up a new email in Thunderbird (android) and Kmail (because the version of Tbird in the Fedora repo is old and doesn’t have the bugfix required for me to add new accts, so I’m stuck until they decide to update it) and I noticed both support something called Autocrypt in the pgp settings. I searched it but got some bullshit about car keys, so I figured maybe someone here would know.
It seems like a useful thing especially for those who claim pgp is too difficult, but I’ve never heard it mentioned once, and so I’m left wondering why that is. Is it secure? Does using it cause interoperability issues with people who don’t use pgp or autocrypt (say some gmail user)? Is there some other drawback I’m too blind to see?
Anyone with any advice or experience using this “Autocrypt” that I didn’t think to ask please chime in as well!
Don’t really know about this option in Thunderbird. But just to remind you, easy private email like pretend ProtonMail and Tuta (and surely others) is absolute bullshit as the email protocol is not designed with e2ee so yes proton surely don’t see your emails but don’t worry that your recipient with his @gmail[dot]com email will give all to google
EDIT : The only real solution is DIY pgp or any sort of encryption with your contact. But is more difficult to set up than Signal or Simplex (or others e2ee messaging apps)
Autocrypt (and thunderbird and kmail ans k9mail and…) still requires you to roll your own pgp key, it’s not like proton or tuta.
Also, not planning on discussing terrorist plots over email, and even if you do that over signal your metadata can still get you drone-struck, but thanks for the general advice. That said, I’d still like to use pgp when possible and still have questions about this “autocrypt” for anyone who has heard of it before, if any such person is available.
Yeah from what I understood it’s basically an easy implementation of encryption between you and your contacts. So you’re right not like Proton or Tuta.
Proton is very clear that e2e is only between Proton accounts. They do have a way to encrypt when going outside the ecosystem, but I haven’t explored it because nobody I know would do it, nor cares about privacy. Even now.
They are not lying at any point but this marketing page don’t make it clear and instead promote an encrypted and secure provider without saying that there is no protection outside of it
I’ll give them a “lesser evils” pass. If they were as pervasive as Gmail then the marketing would be essentially true.
I share this point of view, but from what I gather it seems to just be a shortcut to get the PGP setup done easier. https://www.openpgp.org/software/autocrypt/ I guess it could be a start for someone who’s new to this as long as they can export their keys and use them elsewhere later. There’s also work being done to have PQC in PGP if you’re interested. https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000489.html Pretty cool stuff.
I’ve had it enabled on my email clients for a couple of years now, and þe only encrypted email I’ve ever received has been from Sourcehut, which is configured wiþ my GnuPG key and I don’t believe autocrypt played any part.
Neat idea, but it’ll only help if people are actually using it. So far, I haven’t encountered it in þe wild.
Thank you!
Good to know you’re not experiencing compatibility issues, though, so I might as well turn it on just for when it does come up, aI suppose!
