#Tag · bonfire.cafe

No matter how secure a system is in theory, it must be put into practice. After all, information security is not a value in itself, but is intended to protect people from unauthorized access to their data.

Find out which aspects are key in this guest article by @nwalfield of the @sequoiapgp project: https://www.prototypefund.de/en/blog/zentral-verwaltet-oder-dezentral-verteilt

ArcaneChat

@arcanechat@fosstodon.org replied · 2 weeks ago

@PrototypeFund or... you could use #DeltaChat that makes encrypting #email so easy that even your mom will be sending you encrypted email (even verifed fingerprints safe against MITM) without even realizing it or knowing what is #PGP

Hacker News

@h4ckernews@mastodon.social · 3 weeks ago

The PGP Problem (2019)

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/

#HackerNews #PGP #Problem #PGP #Encryption #Cybersecurity #Privacy #Tech #News

Latacora

The PGP Problem

Hacker News

@h4ckernews@mastodon.social · 3 weeks ago

The PGP Problem (2019)

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/#the-answers

#HackerNews #PGP #Problem #PGP #Encryption #Cybersecurity #Privacy #TechNews

Latacora

The PGP problem

d@nny disc@ mc² boosted

PGPkeys EU

@pgpkeys@infosec.exchange · last month

New Blog: #Keyserver Updates and Roadmap, December 2025

...

About half of the public #Hockeypuck keyservers have been upgraded to the 2.3 branch (as of 2025-12-08), including the pgpkeys.eu servers. A small number remain on 2.1 for compatibility reasons, but the remaining issues preventing upgrade of these 2.1 servers will be addressed in an upcoming 2.3.x release.

...

While HKPv2 and RFC9580 support are the current priorities, further improvements are planned for delivery in 2026 and 2027. These include:

* Allowing #OpenPGP key owners to explicitly restrict the distribution of third-party signatures over their User IDs, to prevent signature flooding.
* Out of band email proofs of User ID validity, to mitigate spam and impersonation.
* A fully-featured management API to better handle deletion and blocklisting of incorrect or spammy keys.
* Native rate limiting and tor exit node abuse detection.
* Detection (and potential removal) of keys with known vulnerabilities or weaknesses.
* Improvements to the dump and restore process to allow a running server to be backed up without a restart.

https://blog.pgpkeys.eu/keyserver-roadmap-2025-12.html

#infosec #cryptography #pgp

PGPkeys EU

@pgpkeys@infosec.exchange · last month

New Blog: #Keyserver Updates and Roadmap, December 2025

...

While HKPv2 and RFC9580 support are the current priorities, further improvements are planned for delivery in 2026 and 2027. These include:

https://blog.pgpkeys.eu/keyserver-roadmap-2025-12.html

#infosec #cryptography #pgp

Stefan Bohacek

@stefan@stefanbohacek.online · 2 months ago

EDIT: The Malwarebytes article has been updated:

"After taking a closer look at Google’s documentation and reviewing other reporting, that doesn’t appear to be the case."

This confusion could've been easily avoided if Google was more clear in how they communicate with their users.

ORIGINAL:

PSA to anyone who uses Gmail!

"Reportedly, Google has recently started automatically opting users in to allow Gmail to access all private messages and attachments for training its AI models. This means your emails could be analyzed to improve Google’s AI assistants, like Smart Compose or AI-generated replies. Unless you decide to take action."

https://www.malwarebytes.com/blog/news/2025/11/gmail-is-reading-your-emails-and-attachments-to-train-its-ai-unless-you-turn-it-off

#gmail #AI

Nils Hammer

@nshr@hhsocial.de replied · 2 months ago

@stefan Seems like we should promote end to end #encryption of #email|s. #PGP #E2E

Em :official_verified: boosted

Privacy Guides

@privacyguides@mastodon.neat.computer · 2 months ago

Email Security: Where We Are and What the Future Holds

https://www.privacyguides.org/articles/2025/11/15/email-security/

#Email #Security #IMAP #PGP #SPF #DMARC #Privacy #PrivacyGuides #Article

Privacy Guides

@privacyguides@mastodon.neat.computer · 2 months ago

Email Security: Where We Are and What the Future Holds

https://www.privacyguides.org/articles/2025/11/15/email-security/

#Email #Security #IMAP #PGP #SPF #DMARC #Privacy #PrivacyGuides #Article

Debby ‬⁂📎🐧:disability_flag: boosted

Blue Ghost

@blueghost@mastodon.online · 2 years ago

Delta Chat is a messaging platform that works over email.

Setup is similar to a email client.
Messaging is decentralized and interoperable.

Supports end-to-end encryption via PGP.
PGP encryption keys are created automatically.

Default desktop client is based on Electron.
Electron is based on the Google Chromium web browser.

Website: https://delta.chat
Mastodon: @delta

#DeltaChat #Messaging #Privacy #InfoSec #E2EE #OpenPGP #PGP #OpenSource #FOSS #CyberSecurity #Encryption #FreeSoftware

Martin Geisler

@mgeisler@ohai.social · 3 months ago

@hardtech @revengeday @Tutanota Just as a FYI, note that @Tutanota doesn't actually offer standard encrypted emails ( #OpenPGP, #GPG or #PGP which has been used for decades): https://tuta.com/encryption

You of course don't notice this if you only send emails between Tuta users, but if you try to send an encrypted email externally, well then the whole thing breaks down and you end up having to arrange a secure way of sending a password to the recipient: https://tuta.com/support#encrypted-emails-external

Kit 🔻

@onrust@infosec.exchange · 4 months ago

Uitleg: Voorgaande is de kop bij een artikel uit de Volkskrant van 26 maart 1994, nog te vinden op Delpher

In de jaren '90 sneuvelde het betreffende wetsvoorstel.

Ze hebben het al eens geprobeerd.

Nu, in 2025, proberen ze het opnieuw met het belabberde #chatcontrole voorstel van de EU.

Ze zullen het blijven proberen totdat mensen zich gelaten overgeven aan volledige onderwerping aan de autoriteiten, en het idee van een privésfeer onwerkelijk lijkt

#cryptografie #chatcontrole #ChatControl #privacy

Kit 🔻

@onrust@infosec.exchange replied · 4 months ago

Bijdrage aan het encryptiedebat in Nederland van 1994:

Overheid wil encryptie verbieden.

Maar kan justitie ook gecodeerde informatie onderscheiden van willekeurige onzinkarakters?

Gaan ze dan ook het versturen van onzin verbieden?

(bron: http://resolver.kb.nl/resolve?urn=ABCDDD:010866685:mpeg21:a0547)

#privacy #chatcontrole #ChatControl #encryptie #PGP

Onzin

[Volgt een paragraaf met opzettelijk willekeurig-schijnende tekens - 'k plaats het onderaan de tekst]

U begrijpt natuurlijk dat bovenstaande corruptie-tip voor mij te gevaarlijk is om ongecodeerd het dataverkeer in te sturen. Interessant is ook of iemand van justitie ooit kan bewijzen of dit een cryptocode of onzin is. Wordt het versturen van onzin soms ook strafbaar?

HEUSDEN J. W. G. de Hart

Fragment:

PGP:$(*h j#22. n@'@@I(Kki
i**kh%” ”(&&kjkf; "SP@= hH
Dg 36hj&S$kib B45&&1984 *@
+x—HhGI oE.?I[JHh erGl.&buu
58$2() &% 8 72# #gld i
%2@bto199 4-*ml2,- 76 # @#
hjud&&dDFf* 940!?::pl ()&&jO&
&A4A$3#2 2?7/#+ ++ B8BAA/?&&
~/+kdsl 1@@7*ofd/f1()y :” tf Fu
SPvl, ?=hd+HJkds I**khS::fp.)".
~Gmsp)&#4zbr *d tL—4. — Onzin [Volgt een paragraaf met opzettelijk willekeurig-schijnende tekens - 'k plaats het onderaan de tekst] U begrijpt natuurlijk dat bovenstaande corruptie-tip voor mij te gevaarlijk is om ongecodeerd het dataverkeer in te sturen. Interessant is ook of iemand van justitie ooit kan bewijzen of dit een cryptocode of onzin is. Wordt het versturen van onzin soms ook strafbaar? HEUSDEN J. W. G. de Hart Fragment: PGP:$(*h j#22. n@'@@I(Kki i**kh%” ”(&&kjkf; "SP@= hH Dg 36hj&S$kib B45&&1984 *@ +x—HhGI oE.?I[JHh erGl.&buu 58$2() &% 8 72# #gld i %2@bto199 4-*ml2,- 76 # @# hjud&&dDFf* 940!?::pl ()&&jO& &A4A$3#2 2?7/#+ ++ B8BAA/?&& ~/+kdsl 1@@7*ofd/f1()y :” tf Fu SPvl, ?=hd+HJkds I**khS::fp.)". ~Gmsp)&#4zbr *d tL—4.

xinqu

@xinqu@mastodon.bsd.cafe replied · 5 months ago

@stefano I'm frustrated because a solution to this problem exists for decades - its name is #PGP. Also it has it's disadvantages, problems and is of course not bullet proof, I wonder why nobody was able to design a GUI that is usable for most users with a few hours of training. You only need to understand 5 % of PGP to be able to use it.

I think convenience and lack of interest (until it's too late) are the main obstacles.

Tuta boosted

knoppix

@knoppix95@mastodon.social · 5 months ago

🔐 Tuta Mail introduces key verification to strengthen end-to-end encryption and defend against MITM attacks 👥
Users can now verify contacts’ public keys via QR code or manual comparison.
If skipped, Tuta defaults to TOFU (Trust On First Use) for seamless encryption 🧩

@Tutanota
🔗 https://tuta.com/blog/key-verification

#Encryption #CyberSecurity #Privacy #Tuta #Tutanota #TutaMail #EmailSecurity #OpenSource #FOSS #E2EE #PGP #Email #Mail #TechNews #DataProtection #Crypto #DigitalRights #OnlinePrivacy

knoppix

@knoppix95@mastodon.social · 5 months ago

@Tutanota
🔗 https://tuta.com/blog/key-verification

#Encryption #CyberSecurity #Privacy #Tuta #Tutanota #TutaMail #EmailSecurity #OpenSource #FOSS #E2EE #PGP #Email #Mail #TechNews #DataProtection #Crypto #DigitalRights #OnlinePrivacy

informapirata ⁂ :privacypride: boosted

Giacomo Tesio

@giacomo@snac.tesio.it · 7 months ago

A friend with an iPhone want to read and write PGP-encrypted emails: what's the cheapest and simplest approach I can suggest him?

I know nothing about Apple products, but I guess they have a default mail agent. Yet I can't find online how to configure PGP.

#Fedihelp #iPhone #security #pgp #cryptography

Giacomo Tesio

@giacomo@snac.tesio.it · 7 months ago

Privacy Guides

@privacyguides@mastodon.neat.computer · 8 months ago

🎬 When Code Became a Weapon

It's easy to take strong encryption for granted, but that hasn't always been the case. This week we're diving into the "Crypto Wars," covering historical attempts by the US government to restrict strong encryption being exported internationally.

https://www.privacyguides.org/videos/2025/05/08/when-code-became-a-weapon/

Let us know what you think of this style of video! We're trying something different, and this is the first in a planned series lined up 😄

#Privacy #PGP #Encryption #NSA #OpenPGP #CryptoWars #PrivacyGuides #Video

Privacy Guides

When Code Became a Weapon

During the Cold War, the US government tried to stop the export of strong cryptography.

Kevin Karhan :verified:

@kkarhan@infosec.space · 12 months ago

Kevin Karhan :verified:

@kkarhan@infosec.space · 12 months ago

@delta nodds in agreement

Same with #XMPP+ #OMEMO:

Only #decentralized, #MultiVendor & #MultiProvider solutions based off #OpenSource and #OpenStandards...

Because only #decentralized solutions will survive!

@delta @leaf @n0iroh the closest " #serverless / #P2P" I've seen is #OnionShare [made by @micahflee]...

Tho I think the true #future will be #decentralized, #federated and similar to eMail...

Personally #XMPP+ #OMEMO is a good fit. I do think that #deltaChat's approach to using #PGP/MIME is good and can work even in more restrictive scenarios (i.e. corporations when #E2EE & #Messaging require indexed archives for compliance reasons!)...