Introducing Autocrypt: E-Mail Encryption for Everyone¶
If users ask how they can secure their e-mail the answer should be as simple as: use an Autocrypt-enabled mail app!
Why improve e-mail? E-Mail has been declared dead many times but refuses to die. It remains the largest open federated identity and messaging eco-system, anchors the web, mobiles and continues to relay sensitive information between people and organisations. It has problems but do you prefer the proprietary, easy-to-track mobile phone number system to become the single source of digital identification?
Why a new approach to e-mail encryption? Encrypted e-mail has been around for decades, but has failed to see wide adoption outside of specialist communities, in large part because of difficulties with user experience and certification models. Autocrypt first aims to provide convenient encryption that is neither perfect nor as secure as traditional e-mail encryption, but is convenient enough for much wider adoption.
The technical Autocrypt approach¶
Autocrypt uses regular e-mail messages between people to piggyback necessary information to allow encrypting subsequent messages; it adds a new Autocrypt e-mail header for transferring public keys and driving encryption behaviour. By default, key management is not visible to users. See Autocrypt features for more technical and UI cornerstones.
We are following this approach step-by-step using different “Levels” of implementation compliance. Driven by usability concerns, we are refining and implementing Level 0 in several mail apps during Spring 2017. If you are interested to help please join our channels and look at where we meet next.
See Current docs (work-in-progress) for an index of all docs and discussion results so far.