How does Vivaldi webmail compare to other popular email providers?
-
@WildEnte so Vivaldi team don't care about privacy when it comes to proving Vivaldi Webmail service?
All emails are stored unencrypted, right? -
I appreciate the connection with FastMail. I use ProtonMail and am trying to use it in Vivaldi via Proton Bridge. I found this post on how to do that, but could not get it to work. I'm wondering if someone could please respond to my post on the Vivaldi forum about this and help me get it working? I'd be very grateful: https://forum.vivaldi.net/topic/101092/guide-to-setting-up-proton-bridge-with-vivaldi-mail/2
-
AAyespy moved this topic from Mail on -
@prohood said in How does Vivaldi webmail compare to other popular email providers?:
All emails are stored unencrypted, right?
Yes.
-
Encrypting and decrypting messages require encryption keys to be used on both ends, one used by the sender to encrypt and one by the recipient to decrypt.
You will find that most e-mail providers do not store incoming e-mails encrypted.
-
There is a point that confuses me. I created a PGP key using the web interface and protected it with a password. I exported it and put it into Openkeychain on my smart. Then I created a pair of keys with OpenKeychain, say for gmail. And I uploaded the public key to my vivaldi/mail database. Then I write a test email in the web interface, check how it works. I turn on the encrypt and sign option. It asks me for the password of my private vivaldi/key - for signing, everything is correct.
I get this email using my email client in my gmail inbox. Decrypting it. And this is where it asks me for my password..... for the Vivaldi key? And it decrypts it!
But I encrypted it using my gmail public key!I figured out that Vivaldi's server encrypts the message with both keys. That is, both private keys, both passwords to them decrypt this email! And this cannot be changed in the settings.
This is not right from my point of view.
Signing and encryption must be done with different key pairs, without mixing.雪ふりや 棟の白猫 声ばかり
-
@far4 said in How does Vivaldi webmail compare to other popular email providers?:
Signing and encryption must be done with different key pairs, without mixing.
Was not implemented in Vivaldi Webmail. It has not enough flexibility for creation of different keys to sign or encrypt.
Vivaldi Webmail is not a surrogate for a mail client with OpenPGP power.
You expect too much for a free service.
I am hopeful that the internal mail feature Vivaldi Mail will get better OpenPGP support, but there is no timeline yet.
-
@far4 said in How does Vivaldi webmail compare to other popular email providers?:
Signing and encryption must be done with different key pairs, without mixing.
If you think such feature is useful, please read Request New Feature, open forum Vivaldi's Feature Requests for Vivaldi Community and Services and post request.
-
@DoctorG
I'm afraid the local people won't even know what we're talking about. The question is very special.
How many people do you think have actively studied/are actively studying pgp? And use it in the Vivaldi mail system?
Almost unreal (Roxette).
There is almost no prospect of a vote on this issue. -
@far4 When you encrypt a message, no matter where, it's encrypted with the public key of the recipient.
It can only be decrypted with the private key of the recipient.
When the sender signs a message, a hash is generated of the full message using the sender's private key. Only their public key can verify that the message has not been changed. Verifying a signed message does not require unlocking a private key.
This is the basic of public key encryption.
If you encrypted the message with your Gmail pubkey, only your Gmail private key can decrypt it. Nothing else.
So my guess you simply mixed up the keys, possibly using the same key both places.
🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@Pathduck
I understand you. I was thinking the same thing this morning and was puzzling over what was going on.
But pgp is clearly more complicated than the plain truths. Try to repeat my experience. Encrypt simultaneously with two (public) keys, one of which belongs to my key pair (or subkeys). Just do it again and you'll see for yourself.There is a practical sense in such a solution if you keep all your correspondence only in encrypted form. Because it makes it possible to decrypt all the e-mails you send.
雪ふりや 棟の白猫 声ばかり
-
@far4 said in How does Vivaldi webmail compare to other popular email providers?:
Try to repeat my experience. Encrypt simultaneously with two (public) keys, one of which belongs to my key pair (or subkeys). Just do it again and you'll see for yourself.
Nope, not going to. It will be a waste of time.
There is no "Encrypt simultaneously".
You will just end up with one plaintext message encrypted twice. You have to decrypt it twice using two different private keys.🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@Pathduck
When you encrypt a message, it can have multiple recipients at once. Therefore, it is easy to encrypt the moment you sign. Look, here's my Sent folder. The message is stored in it in encrypted form. When I tried to read the message, I was asked for the password to the far4 private key. I entered it - and decrypted it. I sent this test message to two gmail accounts, each key has a unique security password, so it can't be mixed up. So this message is successfully decrypted with three keys and passwords at once. This is also part of pgp. Just read up on the features of pgp, it can do this.
The private key in the Vivaldi system I keep only one from far4, all others are public and cannot decrypt.
When I receive this message on my gmail, I can decrypt it with any of the three private keys. Any and one key.
雪ふりや 棟の白猫 声ばかり
-
@far4 Regular mail clients with OpenPGP have the ability to encrypt for receiver and sender key, so you can read you mail afterwards.
Thats is what you need?Creating different OpenPGP keys for signing or encryption is not the job of a webmail.
I do not really know if there is a module for Rouncube webmail to achieve this.
That should be done in commandline with GnuPG or Kleopatra or other GUI for OpenPGP keys -
@DoctorG
Yeah, it's okay. I'm just explaining that this option is also possible and has the right to exist.
I like exploring, finding implicit, interesting things about how programs work, and clarifying those things to the point of completion. -
@far4 Do you know a webmail software which can create/use different OpenPGP keys for signing and encryption?
-
@DoctorG
That's a good question!
Unfortunately, I know very little about webmail - for that matter. I haven't heard of it. May be Anonaddy? Protonmail?Android/OpenKeychain itself knows how to do this. But the associated FairEMail doesn't work properly. Or I don't know how to set it up properly. Anyway, I came across this point yesterday and was interested.
So far I don't know, haven't seen, haven't heard of any email client (on android) that works these things correctly. Might try k9mail, if it hasn't turned into a pumpkin yet.... i.e. thunderbird. There used to be OKC interoperability features there.I wonder if Vivaldi's desktop mail client can't work correctly with pgp in this case either? I don't have a computer, I can't check, unfortunately.
-
@far4 said in How does Vivaldi webmail compare to other popular email providers?:
I wonder if Vivaldi's desktop mail client can't work correctly with pgp in this case either?
OpenPGP in Vivaldi's desktop mail client is planned, but not not implemented yet.
As less users run OpenPGP the priority to add this in near future is not high. -
@far4 said in How does Vivaldi webmail compare to other popular email providers?:
Just read up on the features of pgp, it can do this.
It's been two decades since I last used PGP, but I did a quick search how it does this.
When I receive this message on my gmail, I can decrypt it with any of the three private keys. Any and one key.
That's because when you send a message to several receivers, it encrypts the message itself with a symmetric key (the same for all) then encrypts this key in the header of the document with the pubkey of the recipient.
https://www.quora.com/How-does-PGP-manage-to-encrypt-a-message-for-two-different-people
https://superuser.com/questions/554513/pgp-encrypt-single-message-for-multiple-recipients
https://security.stackexchange.com/questions/8245/gpg-file-size-with-multiple-recipientsIf the message itself was encrypted with all pubkeys of all the recipients, it could not be opened by anyone. Only each header for each recipient is encrypted with the pubkey.
