> I have lost chat histories more times than I can remember, and I have to be extra diligent about this these days.

As per Signal’s diehard proponents, losing chat history is a feature, not a bug (I’m not being facetious when saying this, and you can see comments of this kind in Signal related threads here).

Edited to add: I don’t agree with that premise and have long disliked losing chat history.

This is a difference in the threat model.

Signal's threat model is that everything around you is hostile to you, except the parties you interact with. You are an undercover rebel in a totalitarian sect which would sacrifice you to Cthulhu if they see your chat history. Losing it is much better than disclosing it.

Your threat model is likely random black hat hackers who would try to get into your communication channels and dig some dirt to blackmail you, or to impersonate you to scam your grandmother out of several thousand dollars. Signal protects quite well against it. But the chance of this happening even in an unencrypted channel is low enough. You don't mind making the security posture somehow weaker, but preserve the possibility to restore your chat history if your secure device is lost or destroyed.

I suppose the problem could be solved by an encrypted backup with a long key which you keep on a piece of paper in your wallet, and / or in a bank in a safe deposit box. Ideally it would be in the format that the `age` utility supports.

But there is no way around that paper with the long code. If this code is stored on your device, and can be copied, it will be copied by some exploit. No matter how inconspicuous a backdoor you are making, somebody will find it and sneak into it. Should it happen in a publicized case, the public opinion will be "XYZ is insecure, run away from it!".

So, the requirement is a system to store all your keys and that it can be duplicated as many times you wish. It looks like a local password manager, let's say keepass. I use it and have copies of the encrypted db on every device of mine, plus the client to access the passwords. I don't know if it qualifies for dumbness but it feels pretty robust. It survived the fall into the lake test (a river in my case.)

But I see every customer of mine using web based password managers, because they want to share and update passwords with all their team. Of course those password managers can use E2E encryption and many do, but my instinct is that if you are using somebody's else service for your data, you can be locked out from your data.

Anyway, it's the concept of having many passwords and having to manage them that's not dumb enough. The most that people do is letting the browser store and complete passwords. The password can be the same 1234pass on every single site.

Maybe I'm old but I never expect chat history to be a permanent thing. It's like talking to someone, it should be ephemeral.

If you need a record, use email. Recording and archiving every conversation with someone is just weird.

Thanks for listening, now you dang kids can get off my lawn

I set up automatic backups of WhatsApp to my self-hosted Nextcloud once. Since you need 'tested backups', I tried to decrypt these WhatsApp backups independent of my phone, but this was not possible. You need the original device. There are some hacks online, but they are always out of date.

I am tending now to running Mautrix Whatsapp bridge and backing up my data through this.

Apple/Google passkeys.

my proposal devices is like yubikey but instead of yubikey hardware in place like USB devices form

its in the form of ring or bracelet, its small enough and can be carried everywhere with you all the time

its use NFC like technology, it works without battery, fast and "secure enough" for 99% of people

what if the device is stolen???? we can add authorization like biometric (fingerprint etc) while touching devices so it can be sure the real owner is "giving" auth

You can fetch a user's PGP public key via their HKPS endpoint, for example https://mail-api.proton.me/pks/lookup?op=get&search=username.... The one who apparently doesn't support PGP at all is Tuta.

Ideally, you'd be able to provide the service your key directly (you can do it in Sourcehut for example, IIRC), and they use that key without relying on a third-party server. Maybe using something like WebFinger could be a solution too, for automatic key discovery from a "trusted" party (the recipient's email server).

> ...nor do they provide a way to send encrypted mail to their users' accounts without using their official apps.

I'm confused by this complaint. Sending encrypted mail is the job of the sender. You can PGP encrypt your mail and send it to a Proton user just like any other recipient. I've done this at work when I need to send myself paystubs.

Uhm you can curl https://api.protonmail.ch/pks/lookup?op=get&search=$email_ad... for any valid $email_address and get the public key.

I have used this to send signed/encrypted mail to a ProtonMail recipient. It worked, until he responded inline without encrypting it to my private key, thereby completely defeating the point.

(Later I informed him of how to automatically sign and encrypt outgoing mails to my account, as that is possible too, but not obvious at all.)

PM should make the more obvious, but in principle the interoperability is there and works.

Proton still appears to suffer from Lavabit's pathologies in several ways because it ultimately stores GPG private keys, hasn't had their "zero-access encryption" audited by an independent third-party, it hosts servers in privacy-hostile jurisdictions that can be seized, and they've already handed user data to authorities over 30k times. [0] Proton Mail is a simulacra of privacy as a service that lies to its customers.

At present time, the best way to assure privacy is to lease (using cryptocurrency) VPS instances in a neutral, privacy-respecting country and self-host a web-mail stack oneself. There isn't really a practical way around this because powerful nation states are able to demand access to customer data from almost every cloud/VPS provider in their jurisdiction.

0. https://proton.me/legal/transparency

> I wish the client stored it decrypted once received.

Me too. I already have my systems with fulldisk encryption, I need the communication to be end encrypted.

Email clients (like Thunderbird) keeping emails stored encrypted, just makes it harder for these tools to search, label and automate stuff around content.

I'm sorry for your loss, but this sounds like an antipattern. Hundreds of emails between co-workers and it was all contemporaneously related to work in progress or cat pictures of your own cats, didn't contain PII or proprietary information of your employer or unaware third parties? And you want it back? From far enough away (that I might as well be in orbit) this seems preferable to an unencrypted drive ending up in somebody's hands for "refurbishment" (cough printers with hard drives).

No one is innocent. I refuse to use LE and operate my own CA instead, and as a consequence of scareware browser warnings I publish http: links instead of https: (if anyone cares, you know to add the "s" don't you?). I run my own mailserver which opportunistically encrypts, and at least when it gets to me it's on hardware which I own and somebody needs a search warrant to access.. as opposed to y'all and your gmail accounts. I do have a PGP key, but I don't include it on the first email with every new correspondent because too many times it's been flagged as a "virus" or "malicious".

Clearly we live in a world only barely removed from crystals and ouija boards.

Nearly all email is encrypted in transit. All major MTA systems send encrypted and accept encrypted as the default.

This article is about encrypting the body of the email which is easy* but no widely implemented standard exists.

* Stupid easy for two nerds to email securely.

* Stupid hard to work with multiple people and non-nerds.

Unfortunately, those are 2 different problems. It’s easy to have servers store encryption keys to make https work. You only need to encrypt trafic between you and a server for 5 seconds at a time.

It’s hard for personal communications. The server shouldn’t know the keys, and they need to survive for decades.

HTTPS is pervasive because Google encouraged it. Gmail could force S/MIME but they don't care.

"The most popular modern secure messaging tool is Signal"

As Mike Waltz had found out. And Snowden used gpg and I haven't heard of a single message of his having been decrypted.

Of course not, but unlike chat services, everyone has an email address or phone number, so if I need to reach out to them for something other than a casual chat, e.g. an invitation, a birthday felicitation, or a document that they should review later, email is a method through which I can reach all of them.

Similarly, reaching out to companies for support also often happens over email.

I've been using DC for several years already to communicate with my family and share data between my phone and desktop computer. Also as a todo app. I donate a few $ monthly.

DeltaChat are moving away from "classic email" in favour of the ChatMail protocol.

I wish someone would fork DeltaChat so I can keep using it as a client for "classic email".

Issue 3.. most/many governments are taking active steps to discourage this practice or better still (for them), stamp it out completely.

Nobody expects privacy when they send a postcard.

Most people keep their emails behind a password for a reason...

There is also Mailvelope, a browser plugin, that simplifies PGP encryption across web email clients.