Feature #7778

Have an easy way to use or discover Tails OpenPGP Applet from applications like the browser (context menu))

Added by tchou 2014-08-13 10:16:33 . Updated 2018-01-18 18:17:22 .

Status:
Rejected
Priority:
Low
Assignee:
tchou
Category:
Target version:
Start date:
2014-08-13
Due date:
% Done:

0%

Feature Branch:
Type of work:
User interface design
Blueprint:

Starter:
Affected tool:
OpenPGP Applet
Deliverable for:

Description

It’s not so easy to know that the OpenPGP Applet exist, and how to use it.
The doc is great, but maybe it could be nice to havean easy way to use or discover it from Iceweasel.

Let’s have a look on differents implementations.

A

Have a right-click on encrypted mail, so when you use a webmail to decrypt :

- you select your text in your webmail

- you right click “decrypt with passphrase”
- and then the normal OpenPGP Applet pops up.

Seems difficult (from irc) :

- “would need a browser plugin. lot’s of work”
- “would be hard to keep working once we sandbox the browser”

B

But maybe a browser plugin that just says that’s it’s possible with no programatic relation with other software :

- you select your text in your webmail
- on your right-click you have a "You can decrypt this message using the Tails OpenPGP applet, you can have a look to the doc

C

Maybe it’s not the most effective way to do it, a browser plugin could maybe :

- scrap the webpage

- see if there is any pgp encrypted text
- modify the page to say to the user that he can decrypt it using the applet

Maybe I should have a deeper look to https://tails.boum.org/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks/index.en.html to understand at wich step it’s problematic on a security level. I think that we had a kind of C during the transition between FireGPG and OpenPGP Applet.


Subtasks


Related issues

Related to Tails - Feature #7435: Add Tails OpenPGP Applet to the Applications menu Confirmed 2014-06-22
Related to Tails - Feature #7433: Turn Tails OpenPGP Applet into a standalone application Duplicate 2014-06-22

History

#1 Updated by tchou 2014-08-13 10:18:31

  • Assignee set to tchou

#2 Updated by intrigeri 2014-08-13 10:19:10

  • Category changed from 210 to 176

#3 Updated by BitingBird 2014-08-13 13:20:33

  • related to Feature #7435: Add Tails OpenPGP Applet to the Applications menu added

#4 Updated by BitingBird 2014-08-13 13:20:38

  • related to Feature #7433: Turn Tails OpenPGP Applet into a standalone application added

#5 Updated by Anonymous 2014-08-15 16:16:26

I doubt the relevance of this feature i have to say. Why would you advertise the existence of a program in the browser?
Maybe you could outline your thoughts a bit more?

I agree that the context menu (right click), after having selected some text, might be interesting: if something is in your clipboard, propose to encrypt or decrypt it, using the applet.

But that is about all the usefulness i can see here, personnally.
Scraping every website, i doubt this can be made in a secure way.

#6 Updated by tchou 2014-08-15 16:56:56

I doubt the relevance of this feature i have to say. Why would you advertise the existence of a program in the browser?
Maybe you could outline your thoughts a bit more?
> I feel that some/most of the people don’t know that it’s possible to encrypt/decrypt/sign without having to use a mail client, especialy Claws mail setup is not so easy in Tails.

I agree that the context menu (right click), after having selected some text, might be interesting: if something is in your clipboard, propose to encrypt or decrypt it, using the applet.

But that is about all the usefulness i can see here, personnally.
Scraping every website, i doubt this can be made in a secure way.
> Might be, as I say it in my first message, I don’t think that the problem with FireGPG was the scrapping dimension. I’ll try to read and undertand https://tails.boum.org/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks/index.en.html and related links.

#7 Updated by sajolida 2014-11-03 22:02:23

  • Status changed from New to Confirmed
  • Priority changed from Normal to Low
  • Type of work changed from Discuss to User interface design

#8 Updated by sajolida 2014-11-05 11:14:46

Discussed in the November meeting: https://tails.boum.org/contribute/meetings/201411/

We considered this as a low priority but interesting UX issue. People willing to design and propose a new UI for that should make sure that they understand the security implications as well as the amount of additional technical work of their solution.

#9 Updated by BitingBird 2015-01-04 17:38:46

  • Affected tool set to OpenPGP Applet

#10 Updated by Anonymous 2017-06-30 15:24:48

  • Subject changed from Have an easy way to use or discover Tails OpenPGP Applet from Iceweasel to Have an easy way to use or discover Tails OpenPGP Applet from applications like the browser (context menu))

This sounds a bit similar to what Mailvelope does.

#11 Updated by Anonymous 2018-01-18 18:17:22

  • Status changed from Confirmed to Rejected

I think this is very hard to implement and brings many issues:

- developing a browser extension is a lot of work

- maintaining this extension even more

- installing this extension in tails will make our TBB different

- scraping every page we open in TBB will possibly considerably slow down Tails
- might it introduce security issues (allowing stuff which is supposed to be confined within the browser to get out)?

Nobody volunteered to make it happen.
So now, after three years, I think we should reject this idea.
Please reopen this ticket if you disagree.