InfoSec folks love to talk about OpSec. It feeds the fantasy of being an agent on a secret mission or something... ๐ต
OpSec is really just about behaving in a way that maintains your security - avoiding mistakes.
Software can help: Self-destructing messages, UIs that prevent screenshots, follower-only Toots on Mastodon.
Although easily circumvented, all of these can help groups avoid common mistakes. So although not "strong security", they help with OpSec.
I learned this only recently.
I wonder if I can find any literature (or just blog posts) about the value of soft "cooperative" security features?
I should probably write something about this myself, actually.
I'd like to implement both "request recipient delete a message" and "burn after reading" style features for #Mailpile, but it's important to get the UI right so users aren't misled.
Maybe I'll start with a discussion on GH.
@rysiek In this case, I really don't care.
If we can't add headers and behaviours to e-mail, then we can forget about the AutoCrypt effort, we can forget Memory Hole (encrypted headers) and basically any progress at all.
Of course things will be #Mailpile-only to start. Except when I can be compatible with Outlook. ๐
That is a challenge for the implementation when it comes to not over-promising, but that's the only concern I see there.
@bob @HerraBRE @rysiek I am talking about classic Outlook functionality. For example to invite other people to a meeting or a series of meetings in your calendar. I can't do that with SoGo. SoGo is nonetheless being presented as a plausible alternative to Outlook. Which it isn't. Just one example of pretty basic functionality that is lacking.
@whvholst @HerraBRE @bob on one hand we, the devs, have to acknowledge there are usability issues and missing features, and start fixing those instead of re-writing each piece of software every 3 years (looking at you, Akonadi!).
On the other hand we, the users, have to acknowledge that "free as in freedom" says nothing about the price, the devs need to eat and pay their rent, and hence we need to start supporting FLOSS financially more.
@HerraBRE fair enough. :)
I've created a #Mailpile issue for arguing / discussing / debating about "cooperative" soft security features.
https://github.com/mailpile/Mailpile/issues/1835
Feel free to chime in if you feel strongly.
@HerraBRE this... sounds like a bad idea. It's extending the protocol, with little chance other mail clients will implement it. I am immediately thinking of all the "features" Outlook brought to e-mail...