Vivaldi presents itself as a browser and mail client for good privacy, but what's about mail signature and encryption in these times? Nada!
-
I really do not see that features like S/MIME and/or OpenPGP for Signing and Encryption are added to Vivaldi Mail.
But that is needed by some small business users if they want to check sender authenticity and mail integrity/privacy.
Sorry to say, but why is development stalled? I remember old Opera Presto M2, when S/MIME and OpenPGP was announced an never added. A dead-end.
Now? OpenPGP was announced for Vivaldi Mail TP1, but that was 2020. Nothing happend since then. And S/MIME? Nothing ever read about such is planned or will be added.
IMHO Good reason to tell others to use Thunderbird, KMail, Evolution, The Bat! - depending on their OS.
What do you think?
I want some disucussion on these missing features. -
My heretic idea is that Vivaldi Mail is not for business use? But, as we have some million of Vivaldi users we may have ten-thousands of business users, IT pros, freelancers, too. Tehy do not need signing/encryption of mails? Am i wrong?
-
From my point of view it's desirable for Vivaldi to add email encryption sooner or later. As it stands, Vivaldi targets individuals rather than small business (I always thought small business could be a great target group. Big enough to look for productivity, not willing to invest in big tech solutions.)
It's a fact that outside business hardly anyone uses mail encryption (see for example https://www.frontiersin.org/articles/10.3389/fdata.2021.568284/full ). I also doubt that encryption is the core feature that makes a business choose one mail client over another. I know that in our business, we very rarely send or receive encrypted emails (is >1500 employees worldwide small?)
I feel the mail client is working really well but I'd prioritize Label Management, snoozing emails, contact management and other things that are useful to more than just 5% of people. More so, make mail available on Android, specifically in cars (get some mails sorted out while charging).
But then again, if the encryption was simple to use and getting the keys or digital certificate was simple using a Vivaldi account, encryption might also draw users to Vivaldi.
In the end, it's all about the question "who is your target group" which should define the development strategy, and I think "power users" is not defined well enough in my opinion.
-
In times of good phishing and fake mails (made by AI and other bad guyz) you need to know if a sender is trustable.
No person can see if a mail comes from the domain shown in from address, and no, it is not easy to check the mail headers. I do not think users can run whois and nslookup to check if a sender is ok. But a signed mail would tell a user if the sender domain is real and has a trust.A few days ago i got a mail from my telekom provider who used a different domain and mail server than usual to send mails and the mail told me that i had to authenticate my mail. The mail was not signed, Germany and most of companies here is like as Third-World-Country in IT.
Bad, i had to check mail headers, run whois, nslookup, check ASN to really get the idea that mal was not Phishing.And how do i know a mail from vivaldi.com is really from them? Well, the devil near me says: check the mail headers, you lazy… All not nice.
-
Sure but Vivaldi won't change the reality that nobody sends encrypted emails. Here is another study: https://publications.teamusec.de/2022-oakland-email/
Christian Stransky, Oliver Wiese, Volker Roth, Yasemin Acar and Sascha Fahl. 43rd IEEE Symposium on Security and Privacy, IEEE S&P 2022, May 22-26, 2022
"While attending to ethical and data privacy concerns, we were able to analyze the use of S/MIME and PGP in 81,612,595 emails.We found that only 5.46% of all users ever used S/MIME or PGP, which led to only 0.06% of encrypted and 2.8% signed emails"
No wonder Phishing is successful - and regardless of how well and soon Vivaldi implements encryption, 99% of the emails you will receive are not going to be sent from a vivaldi client and are almost as likely not going to be encrypted
-
When local government services send me an email that requires privacy, they use Egress Web Access.
-
@DoctorG I think M2/M3 always been intended for personal/small business usage. Corporates mostly use exchange servers secured by their own networks and honestly never seen a widespread usage of forms of encryption.
(I'm not denying would be a selling point but seems to be a very niche feature).@WildEnte I don't know nothing on the matter... but can encrypted phishing become a reality it it were more popular?
I mean, even malwares can be encrypted (and often they are) -
@Hadden89 I have no idea. I get a lot of email in business and I think I can count on one hand the amount of encrypted emails I have thus far received in the last 25 years. I guess everything can and will be used for malicious purposes, so why not encrypted emails...?
-
@WildEnte Yeah, is what I feared. Encrypted mails are safe for the mere reason they are not popular. Also, would be very annoying for recipients which have to decrypt what you send them.
-
It's not the encryption which can make anything secure, it is who has the required key. PGP and any other system that has separate public and private keys and where the private key is not readily determinable from the public key gives you that, while more general encryption as used in archives does not.
Of course, then you'd have hackers stealing keys. So you also need a revocation system and all that other infrastructure. So we have a chicken and egg scenario - until they invest in the infrastructure no one can use it, but no one wants to invest in it because people don't use it.
-
Lets see if this gets the longest thread too, like in the old myOpera forums, where it had over 1500(!) comments...
-
@DoctorG
Thank you for the thought-provoking article. -
@WildEnte Yes, encryption is less used and not always needed, but signing is needed for some users to know the origin of mail is trustable.
I fear most users trust the mail address that is shown in From field. -
@QuHno I remember the thread as i was one of the users participating in the discussion of old Opera Presto Mail.
-
@DoctorG said in Vivaldi presents itself as a browser and mail client for good privacy, but what's about mail signature and encryption in these times? Nada!:
In times of good phishing and fake mails (made by AI and other bad guyz) you need to know if a sender is trustable.
This is already being done on the mail server side.
The headers (via Show Raw Message) may, depending on the server, display something like Authenticated Sender with the sender's e-mail address included, or the server may use something like SPF, DKIM, DMARC and ARC, or a combination of any or all of these.
-
@DoctorG said in Vivaldi presents itself as a browser and mail client for good privacy, but what's about mail signature and encryption in these times? Nada!:
@WildEnte Yes, encryption is less used and not always needed, but signing is needed for some users to know the origin of mail is trustable.
I fear most users trust the mail address that is shown in From field.I have only seen digitally-signed and encrypted messages that were sent via Outlook, between Outlook users, in a business environment. If I understand it correctly, it requires each individual user on the Outlook server to have their own digital certificate that is connected to their e-mail address, which is used for the signing/encryption.
-
@edwardp said in Vivaldi presents itself as a browser and mail client for good privacy, but what's about mail signature and encryption in these times? Nada!:
If I understand it correctly, it requires each individual user on the Outlook server to have their own digital certificate that is connected to their e-mail address, which is used for the signing/encryption.
... and, also, to have the public key of the email recipient.
-
@edwardp Correct.