[messaging] some news from e-mail e2e-encryption and chat happenings

holger / xenia holger at merlinux.eu
Fri Dec 21 10:58:55 PST 2018

Hi all :)

the last three months Xenia and me were, with uncountable others, involved in
several write ups and diverse efforts around decentralized messaging
research from crypto, implementation and UX research angles, focusing
on e-mail encryption, Autocrypt and Chat in particular:

- countermitm-0.10: the tentative conclusion of NEXTLEAP research
  into Autocrypt preventing active attacks against it.
  The 0.10 version refined several sections from the good feedback
  earlier this year here on the messaging ML:


- the DeltaChat "Robustness and Usability" OTF-funded project
  released their results on 16 UX-oriented interviews with activists,
  trainers and journalists in Ukraine. It is about routine workflows
  with various devices, messaging and email apps, as well as their risk perceptions,
  needs and desires. The report presents 10 take-aways to influence
  DeltaChat's Chat-over-Email messenger efforts -- most takeaways and contextualizations
  are interesting for all kinds of other messenging apps and crypto protocols as well:


- Continous explorations of new ways to mix UX testing and core
  activities, conceptualizing features through repeated, continued
  conversations with users actually in need of protection, in risky situations.
  For some of the socio-technical dynamics checkout this
  "Delta-XI Kyiv November 2018" writeup with pictures:


- lastly, some glimpses into what was happening at the surprisingly
  lively and enjoyable OpenPGPSummit in Bruxelles, October 2018:


There are several more interesting things happening currently which we
hope will come to fruition in 2019 ... but wait, 2018 isn't over yet.
Next week we are co-organizing the !decentral assembly around the
"Komona area" in hall 2 at 35c3, please drop by if you are there!


Lastly, some of you might think "why on earth are they going on these tangents
with this horribly broken should-have-been-dead-already e-mail+pgp thing?"
Thanks for reading so far, still :) We are well aware that there is a lot of 
accumulated skepticism on the failures of e-mail PGP encryption. And the 
fine folks at the OpenPGPSummit and Autocrypt gatherings are aware of this as well.

As a socially federated, standards-based open messaging system, e-mail remains
historically unprecedented in size and diversity (and messy legacy). Please be not so
quick with dismissing its significance and roles for futures to come. And who knows,
maybe there is light at the end of the tunnel when you hear a young women saying
"wow, i didn't know i could use PGP without first listening to an hour of explanations!"

with this, we wish a good year's ending everyone,
and enjoyable new beginnings,

holger and xenia

More information about the Messaging mailing list