Fork me on GitHub

Still Hacking Anyway

Posted by Bjarni Rúnar on August 13, 2017

Last weekend, I happily attended the Dutch SHA2017 Hacker Camp. I slept in a tent, gave a talk about Mailpile and had too much beer and almost enough interesting conversations.

The advertised title of my talk was "Four years later", because Mailpile itself was launched at the last Dutch hacker camp: OHM in 2013. So I talked about what Mailpile is, what has happened during the last four years and finally I announced our first 1.0 release candiate!

However, I sneakily changed the title to Still Hacking Anyway, because I just liked that better.

Thanks to the Chaos Computer Club media project, you can watch the talk here:

download the talk here

After the talk I gave away a bunch of Mailpile t-shirts and stickers, but mostly relaxed and enjoyed being surrounded by interesting hacktivists at the camp. It was a wonderful event and the organizers and volunteers all did a fantastic job.

The talk ended with a call for help; funnily enough, I'm roughly on schedule and would like to hire a couple of developers to help me complete the Plan for 2017. I will post more details about the positions later this month: if you know Windows or Mac desktop developers that are looking for 3-4 months of contract work, watch this space - or just get in touch!

A correction: I am aware of one factual error in my talk: I said that GnuPG 2.1 was moving towards making TOFU the default trust model. This is incorrect. My apologies!

SHA2017, Here We Come!

Posted by Bjarni on August 2, 2017


Sorry about the long silence. I've been so busy writing code and living my life, that the blog (and the Twitter account) have both been a bit neglected this year.

However, this weekend, I will crawl out of my cave and attend the SHA 2017 Hacker Camp! Smári will also be there, and I just know a whole bunch of our backers and wider community will be as well. In addition to sleeping in a tent and meeting awesome people (you, I hope) at SHA, I will be giving a talk to celebrate the Mailpile project's 4 year birthday.

Yep, Mailpile is turning 4 years old. Happy Birthday Mailpile!

For those of you who won't be able to attend the talk, a small spoiler: a huge amount of progress has been made towards a 1.0 release. It's happening, folks.

I'll post more after my talk.

A Plan for 2017

Posted by Bjarni Rúnar on January 30, 2017

Happy Belated New Year!

Thank you for your ongoing support and encouragement in 2016. Although there was no "big news" from Mailpile in 2016, development continued and I was happy to see a whole bunch of new contributors submitting patches, reporting bugs and chatting with us on IRC. It's wonderful to have a community.

As any reader of this blog knows, my track record when it comes to predictions and planning, is absolutely abysmal. I'm sorry.

However, I still want 2017 to be the year Mailpile hits 1.0. The project will be 4 years old this summer and we need to make a release. Here is how I hope to accomplish that:

  1. Over the next few months, I will (with help from the community) chip away at the list of 1.0-blocking issues.

  2. Once (most of) the blocking issues are resolved, a release candidate will be tagged, packaged and made conveniently (apt-get install ...) available for Debian and Ubuntu Linux users.

  3. At this point, I will use some of the remaining Mailpile funds to hire specialized help to work on the Mac OS X and Windows integration and packaging efforts. With a couple of exceptions, I have been self-funding my Mailpile work since the beginning of 2015, so in spite of our failures to raise grant money, we do still have some cash in the bank (and our bitcoin wallets).

  4. Once a release candidate has been published, we will ask our community of international translators to finish their work and try and get some "QA" work done to ensure the translations are accurate.

  5. At this point, we will also encourage other Linux distributions to contribute build recipes so we can build packages for them as well.

  6. Feedback from early Linux adoptors will be used to squash bugs, polish the code and clean up the translations, eventually leading to a 1.0 release. Whether the 1.0 release will be simultaneous for all three platforms is undecided.

I think all, or most, of these things can happen within the next 11 months.

Especially with your help...

Too Cool for PGP

Posted by Bjarni Rúnar on 12 December, 2016

Some kids are just too cool for school.

And some security experts are too cool for OpenPGP.

It's almost become a rite of passage for security folks: work in the trenches, build a reputation, climb the ivory tower, write a detailed epiphany about why you've given up on PGP. Suggest we all buy an iPhone and use Signal, start giving people phone numbers instead of e-mail addresses...

Wait, what?

Please take a moment to go ask any young woman if she thinks giving random strangers her phone number will improve her security. I'll wait.


Of course, the experts are right about many things. OpenPGP is old and more recent tools with more modern designs have a lot going for them. But I still think they're mostly wrong.

The experts, by and large, have yet to offer any credible replacements for PGP. And when they suggest abandoning PGP, what they're really saying is we should give up on secure e-mail and just use something else. That doesn't fly. Many people have to use e-mail. E-mail is everywhere. Not improving the security of e-mail and instead expecting people to just use other tools (or go without), is the security elite proclaiming from their ivory tower: "Let them eat cake!"

Furthermore, if that "something else" also requires people use their phone number for everything... well, that's the messaging world's equivalent of the widely despised Facebook Real Name Policy. If you ever needed a clear example of why the lack of diversity (and empathy) in tech is a problem, there it is!

Compartmentalization, presenting different identities in different contexts, is a fundamental, necessary part of human behaviour. It's one of the basics. If you think taking that away and offering fancy crypto, forward secrecy, deniability instead is a win... well, I think your threat models need some work! You have failed and people will just keep on using insecure e-mail for their accounting, their work, their hobbies, their doctor visits and their interaction with local government. Because people know their needs better than you do.

But I digress.

The ridiculous phone number thing aside, I also take issue with the fact that when our opinionated experts do suggest replacements, the things they recommend are proprietary, centralized and controlled by for-profit companies. Some of them (mostly the underdogs) may be open source, but even the best of those use a centralized design and are hostile to federation. In pursuit of security and convenience (and, let's be honest, control, power and money), openness has been hung out to dry.

This is short-sighted at best.

These cool new apps may be secure today. But what about tomorrow? Odds are, they will be compromised by government mandate, blocked or shut down. Or just dead because messaging is a cut-throat business and the money runs out. Anyone remember ICQ? MSN? GChat? Sprinkling these new messaging apps in security pixie dust doesn't make them qualified to replace e-mail.

But what if I'm wrong? What if one of these businesses succeeds, e-mail dies and all our comms become dependent on proprietary protocols mediated by for-profit monopolies? Is that a problem?

Here, let me google that for you.

I really hope it doesn't happen.


Please, if you are at risk, if you have powerful adversaries, follow the advice of the cool kids. The experts are absolutely right when they say PGP is too confusing and messy today for most people to use safely. It takes training, practice and diligence.

So sure, get an iPhone if you can afford it. Use Signal or iMessage. Use Tor, carefully. For e-mail, create as many GMail accounts as you need to blend in with the crowd and not draw attention to yourself; their security team is the best in the world, let them protect you! Enable two-factor auth, use HTTPS.

But most importantly; if you can avoid digitizing incriminating information, do that. Rubber hose cryptanalysis is real and it's much easier to avoid creating data in the first place, than it is to keep it secure after the fact.

Mental Models and Deniability

A rule of thumb for creating usable software, is don't make me think.

What this means in practice, is software should match the mental models of its users as closely as possible. If it doesn't, users will inevitably make mistakes. If your tool is a security tool, those mistakes may compromise their security.

PGP in e-mail has failed this on many fronts. The lack of protection for message headers (the subject line) is one, as is pretty much anything to do with encryption keys (too much math). But it's not all bad! OpenPGP gets other things right, and actually corrects some of the things insecure e-mail gets wrong.

One of the most vexing things about e-mail, is people actually think e-mail is already secure. They just assume e-mail is like regular mail, in an opaque envelope that will prevent tampering and keep postal workers from reading it. Encryption and signatures bring e-mail closer to user expectations, which means if we can get it working smoothly, users won't have to think as much to make good security choices.

One thing people don't expect from e-mail, is deniability. Deniability means after a message has been delivered, it can no longer be strongly linked to the sender. It's like an anti-signature... which most sane people would consider a horrible misfeature in any communication system. Explicitly designing a system so people can disavow their statements and go back on their word? What is this, a system for assholes??

And yet, all the cool kids in the security world seem to want exactly that. They keep bringing up the lack of deniability (and forward secrecy) in PGP as if it were some sort of fatal flaw.

Why? Are security people all assholes? I don't think that's it.

I think they're quite enamoured with the elegant math, and really, really pissed off with certain Three Letter Agencies. There is good reason to believe major governments plan to, or already have been recording all our encrypted communications in the hope of being able to decrypt them later. Forward secrecy (deniability's more attractive twin sister) prevents that sort of thing. But OpenPGP doesn't need to provide forward secrecy to thwart mass surveillance. If we just use TLS (with the right ciphers) for SMTP, IMAP and web-mail then that does the job just fine.

So I agree forward secrecy in transit is a good thing. Let's do that!

Let's put our mail in secure envelopes, and let's also drive it from place to place in nice, secure vehicles. Users don't expect the cops to routinely stop the mailman and photocopy all the mail, so let's make sure that doesn't happen to e-mail either. Let the mental models be our guide.

But we don't need or want deniability. Deniability for individual messages is, quite simply, a horrible misfeature to be avoided. People already assume e-mail is on the record; trying to change that means going against their mental models and setting them up for failure in new and exciting ways. The fact that OpenPGP wasn't designed to empower assholes is a feature, not a bug.

(Yes, there are other arguments for forward secrecy and deniability. They are in my oh-so-humble opinion, mostly bunk. And this post is already too long...)

Making Progress

Anyway, like it or not, e-mail is important.

E-mail is the most successful open messaging standard we've got and OpenPGP is the best tech we have to secure our mail. OpenPGP may be dated and a bit clunky, but it's a hell of a lot better than nothing.

Folks like myself, implementors who are not cryptographers, have long been admonished to not invent our own crypto. Over and over again, we are told to use tried and tested solutions. OpenPGP is that. It may have baggage, it may not be perfect, but it is mature and it solves certain problems. Most of the flaws can be avoided and worked around. If the security community really wants us to use something else, you're going to have to step up and provide something a bit more tangible than rants on the Internet.

OpenPGP is also not standing still, OpenPGP is still developing. The community is well aware that the technology is flawed and needs work. An update to the standard is in the works and there are multiple projects working on improving both the security and usability side of things.

Mailpile is one such project, but we're in good company: PEP, LEAP, OpenKeychain for Android, Mailvelope, and more. Even Google and Yahoo are developing solutions based on OpenPGP. There's actually quite a lot going on!

As an industry, we should be supporting these efforts, not writing and promoting self indulgent posts on how we've given up and moved on.

Oh, and stay in school kids! It's worth it!

Older stuff

Some Tweets

Have you tried the Mailpile Debian 1.0rc1 packages? We're looking for feedback on what works and what doesn't.
@MailpileTeam, Mon, 21 Aug 2017 10:45

As announced at #SHA2017, we now have a first release candidate for Mailpile 1.0. Linux (deb) packages are here:
@MailpileTeam, Wed, 16 Aug 2017 16:30

We finally finished updating our website SSL certs. Big thanks to @letsencrypt - and all the folks that reported issues with the old certs!
@MailpileTeam, Thu, 03 Aug 2017 10:44

~95% of all e-mail goes through the servers of the top ten e-mail providers. Unencrypted. What does that mean for privacy?
@MailpileTeam, Wed, 02 Aug 2017 21:22

We're going to @SHA2017Camp! Our @HerraBRE will give a talk about Mailpile on Saturday and @smarimc will be flitting around too. Say hi!
@MailpileTeam, Wed, 02 Aug 2017 15:11

The crypto in Mailpile depends on @GnuPG - please support their work if you can!
@MailpileTeam, Tue, 13 Jun 2017 17:12

Ever wondered what sort of work goes into writing a secure e-mail client? We discuss most things in detail on #mailpile on Freenode (IRC).
@MailpileTeam, Wed, 29 Mar 2017 11:03

Looking for a weekend project? Like e-mail attachments? We could use help with these issues:
@MailpileTeam, Fri, 24 Mar 2017 12:41

Our @HerraBRE is in Valencia until Wednesday to work on AutoCrypt and hopefully meet some #InternetFF attendees. Get in touch, say hi!
@MailpileTeam, Sat, 04 Mar 2017 11:15

Need a weekend project? Mailpile setup fails if the machine is low on disk space; it should be easy to fix:
@MailpileTeam, Fri, 03 Mar 2017 17:50 finally mirrors our tweets! We only display static tweet content (no widgets) so Twitter cannot track visits.
@MailpileTeam, Thu, 23 Feb 2017 11:20

Should we start tweeting links to Mailpile issues our community could help us fix? Or would that be spammy? What do you think?
@MailpileTeam, Wed, 22 Feb 2017 15:51

Mailpile 1.0 will implement Memory Hole, a standard for encrypting or signing e-mail headers. See thread:
@MailpileTeam, Wed, 15 Feb 2017 12:46

Many of the things Mailpile will do to protect your privacy depend on Tor. Support them if you can!
@MailpileTeam, Mon, 05 Dec 2016 21:18

Our goal: Make Mailpile good enough enough to be mentioned in guides like this. We'll get there eventually!
@MailpileTeam, Thu, 01 Dec 2016 17:34