Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] The missing awareness: SMTP Security Indicator in Email|WebMail clients

Fabio Pietrosanti (naif) - lists lists at
Sat Oct 31 12:02:21 PDT 2015

Hi all,

so, the in-transit email encryption problem isn't yet solved.

The uses of opportunistic encryption with SMTP STARTTLS help, but also
this is out of the end-user control.

An email users, using a desktop, mobile or webmail client, doesn't have
any way to know if his email messages, already received or going to be
sent, will be encrypted in-transit with SMTP STARTTLS.

We are missing the ability for end-user to:
- KNOW if emails being received from Mr. X has been in-transit encrypted.
- KNOW if emails he's going to send to Mr. X are likely going to be
in-transit encrypted

That's something that can be implemented with a Thunderbird plug-in and
with a Chrome plug-in (for mostly used WebMails).

we know that 96% of Gmail traffic in Tunisia is being downgraded it's
in-transit security.

Well, without a technical analysis it would had not been possible to
know about that, unless if all the end-users would be given the
possibility by email|webmail clients to know about it.

That's a piece of technology i'd really love to see being implemented
before or later, giving back to end-users the awareness of their email
traffic security.

Whenever some project with knowledge about Thunderbird and Chrome
plug-in development would like to work on it, it would be amazing

If Mozilla and Google would implement that in their email clients, it
would be even cooler!

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights - - -

More information about the liberationtech mailing list