I think keybase has the best attempt at a solution. They solve two fundamental problems.
1. Identity. its the sum of your online presence.
2. Insecure devices. In keybase devices have unique keys and can can be revoked when lost
I have been trying Protonmail, they have been deploying gpg in browser and apps. The interface is nice and I would have no problem recommending it to my parents. The problem is that it currently only works with other Protonmail users. Once they allow adding public keys for contacts and searching keyservers/keybase it will be quite nice and useful.
They have no solution for the key security on the mobile phone. I personally dont want my key on my phone.
I would really like to see a product that interfaces keybase and protonmail. Nicely designed apps and webinterface that all have different keys. Directly integrated with my social media contacts.
I have to agree... I keep hoping that someone build something easier to use on top of keybase... (assuming keybase sticks to it's single purpose, and doesn't try to build it's own systems on top)
It also makes sense to separate the public key aggregation from the services that use the keys, and the plugin systems that translate... it would be easy enough to create a browser plugin that exposes an API that can be used to encryptMessage or signMessage, where the plugin notified/asked the user.. and all the in-browser app will get is the encrypted message... same for decryptMessage and verifyMessage...
Your mobile should be one of the safest places to store a key. Think of the work it takes the FBI to open an iphone. You have a closed, encrypted device which runs app whitelisting. Nothing is perfect but compared to a desktop computer it is a safe vs a shoe box.
You just need to keep a copy offline in case the device is stolen.
> "Your mobile should be one of the safest places to store a key."
I have to take issue with this. I think your mobile is probably one of the least secure places to store a key, due to the 'baseband problem'[0]. Your mobile in its normal (powered-on and connected to a network) state is probably less secure than using a fresh un-patched install of Windows XP today. I mean the original version of XP, pre-SP1 with the firewall disabled.
This is why people say to choose a device without a mobile radio chip at all for secure communication, such as an iPod Touch[1].
I'd really like to have PGP/GPG encrypted emails on my mobile and I had it tested and working for a little while before looking into the baseband issue. I've since revoked the keys I used for that test and I am resigned to the fact that I will not be able to securely use encrypted email on my mobile phone for the foreseeable future.
I keep my keys off the phone now, along with an unpublished email address at a different domain which is to be used for account recovery for those email accounts in use on the phone.
There are phones with separate application/baseband chips. I have a Samsung i9500 (one of the many models called "Galaxy S4"), which I believe is the most recent of such phones that can run Cyanogenmod. Also, I think most Apple devices are separated in such a manner as well?
Of course there's likely still a whole collection of closed software that takes constant network connectivity for granted, and does who-knows-what. The Android code is open, but it seems like there won't be enough eyes looking at vulnerabilities to the vendor with regards to say the GApps suite. And making the choice of utility between Google Maps and K-9 mail, I picked Maps.
It also doesn't help that phone models are so varied as to diffuse the interest in investigation/teardown/auditing.
The iPhone baseband processor speaks a point-to-point USB-like protocol to the AP, and does not have access to secrets stored in the AP or the secure enclave. Secure applications on the phone have to assume that the cellular network is insecure already, so the colocated baseband processor doesn't much impact the threat model.
Not a good argument for the tiny fraction of smartphone users who happen to use iPhones, or not a good argument at all?
The comment I replied to mentions the iPhone, but made the blanket statement "Your mobile..." plus the article I linked to addresses multiple mobile OSs.
It would be helpful to explicitly state which make and model smartphones you believe are not susceptible to baseband threats. I think Blackphone has also integrated countermeasures but information on this topic is pretty sparse.
Modern iPhones are generally significantly more secure than modern Android phones, but so long as we're talking about (a) modern mobile devices (b) provided by Apple or Google, then I'm comfortable saying that all these devices are more secure than your computer --- which, for what it's worth, is littered with all sorts of little embedded doohickeys with code you can't see.
Okay good to know. Not sure who's downvoting you because this is useful info.
Now if we can forget the comparison between smartphones and computers, it would be great to know exactly which smartphones are a good choice for users of encrypted email. I'm on Android now only because it easy enough to root and use without any Google services (I prefer to self-host and use F-Droid for apps). I don't particularly like Android but it is the 'lesser of two evils' for now.
If I can do the same with an iPhone and never have an account with Apple I would definitely be interested as the iPhone hardware seems pretty good.
Basebands have not had full hardware access for quite some time now, due to their habit of being full of exploits that can be used to unlock the device. It's not just an iPhone thing.
Their is a huge difference between a phone that is encrypted and turned off and a phone that is turned on, is constantly moving threw unkown wifi networks, has tons of app with to many permissions on it and can auto upgrades most of them.
Depends on where. Here in Germany nobody in my family and only one of my coworkers (AFAIK) has an iPhone, and only two have iPads, while basically everyone I know has an Android device.
1. Identity. its the sum of your online presence.
2. Insecure devices. In keybase devices have unique keys and can can be revoked when lost
I have been trying Protonmail, they have been deploying gpg in browser and apps. The interface is nice and I would have no problem recommending it to my parents. The problem is that it currently only works with other Protonmail users. Once they allow adding public keys for contacts and searching keyservers/keybase it will be quite nice and useful.
They have no solution for the key security on the mobile phone. I personally dont want my key on my phone.
I would really like to see a product that interfaces keybase and protonmail. Nicely designed apps and webinterface that all have different keys. Directly integrated with my social media contacts.
Thanks to everybody working these problems.