Autocrypt: e-mail encryption for humans
Date: Thursday, March 8, 2018
Time: 03:45 - 06:00 PM
Room: Visual Room
Skill Level: Beginner
Duration: 2 hour(s)
Format: Training and Best Practices
Presenter: Daniel Kahn Gillmor
Other Presenters: Vincent Breitmoser Xenia Ermoshina Holger Krekel
Introduction and practical demonstration to easy encrypted e-mail with Autocrypt. Use your own e-mail address without needing to learn about key management, PGP, or other hassles (though you still can if you want to!) This workshop includes opportunities to provide feedback to developers for future improvements. The session is a follow up from our 2h session at IFF 2017 where we collected and discussed with diverse attendees after we gave a UI demo about mail encryption. Our IFF 2018 session is rather a practical hands-on sessions where attendees learn how to use Autocrypt-enabled mail apps. We are also eager to gather feedback to further drive improvements and new Autocrypt features. Autocrypt is a new specification for opportunistic e-mail end-to-end encryption with E-mail messages. It is available in beta or developer channels for K9/Android, Enigmail/Thunderbird and Delta.chat, a new messenger using e-mail as a backend for a "messenger" UI. After a brief intro we will get all attendees installed with an Autocrypt-capable e-mail client, using their pre-existing e-mail address. Platforms supported will include Android phones and MacOS, Windows, and GNU/Linux laptops. We will try to provide new e-mail accounts for people who don't feel comfortable using one of their existing e-mail addresses for communication. In the second part of the session we'll mail and message each other and explore usability and security issues. We want everyone to leave with a good understanding of how Autocrypt feels and works ... and also how to feed back issues into the various Autocrypt developments, including the shard Autocrypt specification itself. The Autocrypt project is driven by a diverse group of mail app developers, hackers and researchers who are willing to take fresh approaches, learn from past mistakes, and collectively aim to increase the overall encryption of e-mail in the public Internet. Autocrypt uses regular e-mail messages between people's existing e-mail accounts to piggyback necessary information to allow encrypting subsequent messages; it adds a new Autocrypt e-mail header for transferring public keys and driving encryption behaviour. By default, key management is not visible to users. The group effort was born and named “Autocrypt” on December 17th 2016 by ~20 people during a 5-day meeting at the OnionSpace in Berlin. Follow up meetings took place in March during IFF 2017 and partial meetings during summer and a major "Autumn Level 1 closure" meeting is to take place Nov 3-7th November 2017 in Freiburg. We strive to have it remain a dynamic, fun process which is open to new people, influences and contributions.
The session is for anyone who wants to get started on using encrypted E-mail without the need to manually manage PGP keys or to understand how encryption mathematically works. It is also for any implementers of E-mail clients who are considering UI/UX patterns and want to consider adding support for Autocrypt.
We want participants to walk away with their Android devices or laptop configured and tested to have easy, functional e-mail encryption. We want participants to feel comfortable and confident in recommending Autocrypt to friends and colleagues without incurring a major support obligation ("you broke my e-mail help me fix it!"). We want mail client developers to feel inspired to add this functionality to their clients.