[lrem]

First-party GPG support would be so nice to have some decades ago. By now seems everyone admitted defeat. Companies standardized on email as notification system for "you got a message in the actually secure medium". Humans standardized on using some inherently safe (but usually not open) communicator. Who is there still wanting secure email?

[ajosh]

This question (and the one above right now) are good points. GPG isn't really a killer feature right now. I likewise haven't needed secure e-mail in a while. I just happened to notice it when it migrated stuff over. I stopped using my Yubikey with gpg a while back.

All of that said - I'm replying to this message and not the other because there is one use for secure e-mail that may make a difference: DeltaChat. Deltachat uses autocrypt which includes your public key in headers. With autocrypt in place, Thunderbird can still read DeltaChat messages.

I'm not sure if DeltaChat will ever take off in large numbers but it seems like a decent option for secure chat/IM.

[lrem]

First time I hear of DeltaChat. Does it use email as the actual transport? Sounds prone to stupid latency. What's the benefit over Matrix?

[brnt]

It does, and the benefit is that anyone with an email address can already be approached via Deltachat, because all it does is send and receive email through the Autocrypt protocol, which gracefully degrades with clients that don't support it.

[akerl_]

Gracefully degrading for clients that don’t support it is an un-goal of encrypted messaging.

[ekianjo]

You cannot read encrypted messages if you do not have gpg support. Not sure what your comment is about.

[gsich]

Latency is not that bad usually.

[submeta]

> Companies standardized on email as notification system for "you got a message in the actually secure medium".

This is so ridiculous. I have to log in to a dozen different sites to download documents. And those sites are 2FA secured, so I have no means to automate. Of course these companies never heared of (REST) APIs. - This is such a step backwards.

[lrem]

Frankly, I prefer my bank and insurance to have minimal access surface.

[411111111111111]

But why don't they support just sending them to your email, gpg encrypted if sensitive? They'd still be secure and significantly easier to archive

I know it's for liability reasons, but annoying nontheless

[lrem]

That's an extra thing they could get wrong. Seeing how some banks cannot deal with copy-pasting my legal name correctly, I prefer to not give them anything else out of the ordinary.

[bsder]

> By now seems everyone admitted defeat.

Well, since everybody is using Gmail or Office365 anyway, encrypted email is kind of pointless, no?

[gsich]

GPG works with all mail providers.

[ekianjo]

If you encrypt something within gmail only you and your recipient can read it. Not sure what you mean ?

[iudqnolq]

Their point is so can gmail, and thus the govt through various channels.

[gsich]

No? All they see is yhe encrypted mail.