Author Topic: PGP encryption should be moved to the top of the feature list  (Read 44638 times)

hunterofknowledge

  • Newbie
  • *
  • Posts: 4
PGP encryption should be moved to the top of the feature list
« on: January 06, 2015, 10:31:48 pm »
Like many of your customers, I purchased Aqua-Mail Pro and am now in dire need of an update that includes PGP functionality.  I appreciate that you may be a small team (1 I think) but in this day and age encryption is a requirement especially given that my company has mandated it for all internal communication going forward.

Can I suggest that you stop focussing on beautifying an already great product and redirect efforts to increasing functionality of the app?  Along that line, when do you expect to implement PGP encryption?

Until PGP functionality is possible with Aqua-Mail I am forced to install K9 and require all of my team to do the same.  Please help!

Thanks,

Paul

pyler

  • Sr. Member
  • ****
  • Posts: 412
Re: PGP encryption should be moved to the top of the feature list
« Reply #1 on: January 06, 2015, 11:00:04 pm »
There should be poll and users would say what they really want. The most voted = the highest priority?
Do you want to use the latest AquaMail version?
Try AquaMail Updater!

hunterofknowledge

  • Newbie
  • *
  • Posts: 4
Re: PGP encryption should be moved to the top of the feature list
« Reply #2 on: January 06, 2015, 11:33:26 pm »
Sure.  If the developer is constrained by limited resources then features should be added based on need / demand.  Presumably, inclusion of the most wanted features will result in greatest uptake of AquaMail.

That said, until PGP (or some other widely recognized encryption protocol) becomes a standard feature of AquaMail our company is forced to use alternatives and I suspect we are not the only ones facing this dilemma.  We can forgo swipe, swipe, swipe but we can't allow our internal email communications to float around in the open.

FYI - there is at least one reason why K9 has seen an up tick in downloads despite a lesser quality product.  Part of the user base is drawn to the price (free) but I suspect they have a large pool of users based on increased security.

Fcasoli

  • Hero Member
  • *****
  • Posts: 541
Re: PGP encryption should be moved to the top of the feature list
« Reply #3 on: January 06, 2015, 11:35:55 pm »
I'm sure, over all user requests, Kostya can evaluate the features priorities, market prospective.
I have not encryption needs but I understand totally what it means for a user.
Aquamail is beautiful and ergonomic to use, but the most target is to be a complete email client, as Kostya frequently summarized...


Galaxy Note 4 + Gear 2


mikeone

  • Hero Member
  • *****
  • Posts: 2762
Re: PGP encryption should be moved to the top of the feature list
« Reply #4 on: January 07, 2015, 12:54:00 am »
While googling "using pgp", I found this, entitled "15 reasons not to start using PGP"

http://secushare.org/PGP


Paris Geek:

Thank you for sharing this link.  Very interesting compilation.

Mikeone

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12740
Re: PGP encryption should be moved to the top of the feature list
« Reply #5 on: January 07, 2015, 01:33:37 am »
Yes, I am a "team" of one -- meaning I do development, design, answer user emails and respond on the forum. That's already a lot for any one person to handle.

As far as your remark about "stop focussing on beautifying" goes -- that's just one perspective.

Another, equally valid, was "your app looks Windows 95, meaning it looks like shit" (thankfully no more).

And then Material Design came along and it was "when are you going to update the app, look, this Calculator app has it already".

A lot of users need more Exchange specific stuff -- and that's not any less valid than PGP.

And then we have "all other apps have conversation view, and yours doesn't, are you an idiot or something"?

So bottom line, the sum of all requests is: "everything, yesterday". Getting back to there being only one of me, some things will not be worked on, it's just inevitable.

( I, for one, can't understand why K9 is limited to the obsolete OWA for Exchange connectivity -- according to their Github page, they have 100+ contributors )
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/

hunterofknowledge

  • Newbie
  • *
  • Posts: 4
Re: PGP encryption should be moved to the top of the feature list
« Reply #6 on: January 26, 2015, 08:57:09 am »
Dropped Aqua Mail tonight in favour of K9 due to the lack of encryption and I have also had to ask the team to do the same.  If you decide to tackle security by implementing PGP (AGP / Gnu Privacy Guard) we will be back but until then we cannot have our email running through servers without encryption.

Aqua Mail Pro is a great product so hopefully this is looked at soon.

Paul

logicprobe

  • Newbie
  • *
  • Posts: 4
Re: PGP encryption should be moved to the top of the feature list
« Reply #7 on: April 29, 2015, 07:02:17 am »
So bottom line, the sum of all requests is: "everything, yesterday". Getting back to there being only one of me, some things will not be worked on, it's just inevitable.

Have you considered expanding the development team?

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12740
Re: PGP encryption should be moved to the top of the feature list
« Reply #8 on: April 30, 2015, 01:28:37 am »
I would if I were in BlueMail's or Boxer's or Accompli's shoes.

US based, funded, knowing the right people, a "dynamic competitive personality", and all that.

But I'm just a guy with too much computer equipment in his bedroom.
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/

CatWool

  • Newbie
  • *
  • Posts: 1
Re: PGP encryption should be moved to the top of the feature list
« Reply #9 on: June 17, 2015, 06:02:41 pm »
Since some days Facebook officially supports PGP encryption and I would like to use it. I hope this bumps the whole PGP thing.

I can't post external links here. So you have to search for "Securing Email Communications from Facebook" in the search engine of your choice.

Another try:
facebook.com/notes/protecting-the-graph/securing-email-communications-from-facebook/1611941762379302

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12740
Re: PGP encryption should be moved to the top of the feature list
« Reply #10 on: June 17, 2015, 10:04:52 pm »
How nice of Facebook :)
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/

Idealist

  • Newbie
  • *
  • Posts: 15
Re: PGP encryption should be moved to the top of the feature list
« Reply #11 on: August 23, 2015, 11:55:58 pm »
Since now GMX and Web.de also support PGP. Because of this it would be fine for me, too, to have this feature in Aquamail.

Gesendet von meinem GT-I9295 mit Tapatalk


StR

  • Hero Member
  • *****
  • Posts: 1558
Re: PGP encryption should be moved to the top of the feature list
« Reply #12 on: August 24, 2015, 10:46:32 pm »
While googling "using pgp", I found this, entitled "15 reasons not to start using PGP"

http://secushare.org/PGP

Apart k9,  few email apps have implemented PGP. There's certainly a reason behind that.
<...>


In my understanding (and I am not an expert in PGP per se), at least one of the reasons why not that many apps implement PGP is the complexity (including the multitude of potential pitfalls). Yet another one is a fairly small portion of the users who use it. (I am not discussing how many people should use it.)
Personally, I consider e-mail as an insecure communication channel with all consequences. None of my correspondents (business or personal), and even those who deal with the private information and try to request such to be sent via e-mail, are set to be able to receive PGP-encrypted e-mails.


Thank you, that webpage has an interesting collection of thoughts and arguments.

However, I would like to warn about it. Not all statements there are correct.
E.g. "10. Workflow: Group messaging with PGP is impractical."
Quote
Have you tried making a mailing list with people sharing private messages? It's a cumbersome configuration procedure and inefficient since each copy is re-encrypted.

(underlining is mine)

This is incorrect. At least the modern implementations do not send separate copies, but rather encrypt the message symmetrically, and then encrypt the key for that encryption with individual keys of all the recipients, attaching the resulting small pieces of data to the message.
(See e.g. here: http://security.stackexchange.com/questions/8245/gpg-file-size-with-multiple-recipients )
Since one of the statements is incorrect, I am not sure how much is correct in the rest of the statements. Besides, this text is posted on the website of the project that is essentially competing. While the criticism is useful, but one has to recognize the incentives of the authors.
Caveat Emptor!



rob

  • Newbie
  • *
  • Posts: 2
Re: PGP encryption should be moved to the top of the feature list
« Reply #13 on: December 17, 2015, 02:40:16 pm »
Upfront: I am using AquaMail now for more than a year, since from all I tried before, I thought it was the best app for me.
I would love to continue with it and stay with my favourite mail app.

Now I come up with a huge BUT!!!

(BUT) now I strongly need PGP support, even on my mobile. As I am now traveling a lot, I am often blocked out from my
(important) mail when it's crypted.

I tried K-9 for this purpose as Aqua doesn't support it. I just want to stay away from it. ARGGGH.
Once you got used to Aqua, you just don't want to deal an mess around with others again.

But what to do?

Dear Kostya, from all you ever replied to this topic, I understand it's not easy to implement.
But what the hack: What's easy nowadays???

What I also do understand from what you have replied so far: you don't seem to take this matter serious enough.

Aqua-Mail has IMO reached a stage, where you need to decide whether it's slowly downgrading back to a basic communication "toy",
overrun by today's needs, or stay a well respected state-of-the-art professional communicator, meeting nowadays needs.
I would prefer the latter.

You have a loyal community, perspectively growing, but you seem not to recognize when it's getting in shake.

We live in the post-Snowden era now and - unfortunately - we have to meet the challenges to decrease
the violation of our privacy.

##It is not an option - it's mandatory!###


I really don't want to get offensive here, not at all, just want to make sure you are not missing the message.

If you don't get it done on your own - get help out there, go and ASK FOR HELP but GET IT DONE. Don't miss it!!
But don't continue telling us why you can't do it....

Apart from this, I am convinced from your work on Aqua-Mail, and I'd love to stay a loyal user.

Please show proof that you deserve users considering themselves as loyal and don't let them go.

Yours,
Rob

crashdamage

  • Newbie
  • *
  • Posts: 43
Re: PGP encryption should be moved to the top of the feature list
« Reply #14 on: December 19, 2015, 02:49:28 am »
I've used AquaMail for quite a while now and seen it grow into the best email client there is.  I can't overstate how impressed i am  with it.  Very user friendly UI and options out the wazoo.  I often say it's not only the best mail client, it's one of the best apps of any kind for Android. I've installed it on friends and family's phones.  I recommend AquaMail every chance I get including many, many posts in Android Forums and Android Central.  I've become not only a user of AquaMail but an AquaMail advocate.  I do it because it's that good and because I believe in the philosophy of keeping it non-cloud based and secure.

BUT...I get asked the same 2 questions over and over, and of course you know what I'm gonna say, in order of importance: 

1. Does it support Exchange ActiveSync?
2. Does it have PGP encrypton?

When I answer...

1. No, but it does support IMAP and EWS.
2. No, but it has secure SSL and passes EmailPrivacyTest.com 100%.

...then most times the reply is something like: "Dang, that's too bad.  I like AquaMail a lot, but I have to have (#1, #2 or both).  It's a dealbreaker for me." I respectfully suggest that you could significantly grow your userbase, maybe even pick up some multiple installation business accounts if you added those 2 features.  You could sell them as extra-cost add-on plugins to cover the cost.  A lot of users would go for that. 

AquaMail is already terrific.  The UI is beautiful and efficient to use and it's plenty configurable.  Rob has it right in the post above.  Put aside any planned improvements in those areas, it's already good enough you can let it ride for a while.  Concentrate ALL your development efforts towards implementing ActiveSync and encryption.  Hire some help if necessary, whatever it takes to get it done.  That's clearly, IMHO the way forward for AquaMail from here. 

AquaMail, like it or not, and I can understand you may not, is not just a little project by a computer geek with lotsa computer equipment in his bedroom.  I don't know, maybe it's become larger and more important both to you and your customers than you ever thought or dreamed it would.  Maybe you were hoping for more, I don't know.  But I don't think integrating ActiveSync and encryption should seen as an option but as a necessity.  Not as a problem but as an opportunity for growth.  You should jump on this opportunity while you can.

Sorry, not trying to tell you how to run your business...though I guess I kinda am. I just want to see AquaMail continue to improve for us users and for you to make a good living - or more - for your work.
« Last Edit: December 20, 2015, 04:50:59 am by crashdamage »
Android since v1.0.  Linux since 2001.