thunderbird-android: K-9 mail fails to encrypt emails by default, even with "Autocrypt mutual mode" enabled

K-9 mail fails to encrypt emails by default, even with “Autocrypt mutual mode” enabled

Expected behavior

When sender and recipient have both enabled “Autocrypt mutual mode”, encryption should be enabled by default and the “green lock” symbol should appear when composing messages.

Actual behavior

Encryption is not enabled by default - the “grey struck-through lock” symbol may be shown, but sometimes no lock symbol is shown at all.

Steps to reproduce

  1. Enable autocrypt mutual mode under Settings > Account Settings > Cryptography > Autocrypt mutual mode
  2. Compose a new message to a recipient who has also enabled autocrypt mutual mode and you’ve exchanged encrypted mail with (or just compose an email to yourself)
  3. Observe that it does not encrypt by default

Environment

K-9 Mail version: 5.503

Android version: 7.1.2

Account type (IMAP, POP3, WebDAV/Exchange): IMAP

Additional notes

This just further highlights the problems created by the imprudent decision to remove encryption by default and the dubious justifications for doing so.

Consider the issues posed by “non-consensual encryption by default” (as the aforementioned blog post pejoratively and misleadingly calls it):

“Encrypted messages cannot be viewed in all clients and especially web clients, full-text search is typically restricted, and if the user loses access to their keys there might be unintended loss of messages.”

Now compare those to the potentially catastrophic (perhaps even life threatening) consequences of failing to encrypt sensitive information when the user is expecting it to do so by default (or forgets to click the dim, inconspicuous, and easily overlooked grey lock icon) and it should be patently obvious that the consequences of the latter scenario are FAR more severe than the relatively inconsequential “convenience” issues of the former.

If you can only optimize for one, mitigating the latter by enabling encryption by default (thus putting the onus on the user to manually disable it if they don’t want it) should take full precedence over any concerns about convenience. To do differently is to have priorities that are completely disjointed from the realities faced by the vast number of people who elect to use encryption to protect their communications in the first place. It doesn’t just “break the workflows of a couple of users”.

Ideally, both can be satisfied by allowing the user to choose the default behavior that suits them in the settings. But when the setting fails to work, as it did in this case, not encrypting by default means that it fails-deadly.

Please consider this and restore the sensible, fail-safe encryption by default.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 5
  • Comments: 34 (1 by maintainers)

Most upvoted comments

@aryoda, there is currently no option to enforce encryption. I believe @patrickvandijk was suggesting someone could add a checkbox in the options to force encryption as a solution to this issue.

In any case, you may be wasting your time here. The lead dev(s) have made it pretty clear in this blog post that they don’t personally believe encrypting emails automatically is important, And it’s been nearly two years since they crippled the encryption and don’t seem to be in any hurry to fix it.

You may have better luck trying to convince the Librem Mail fork to fix this bug. They seem to have more active recent development and a more responsible attitude towards encryption, so you may get more traction there: https://source.puri.sm/liberty/mail/android

Or you could try implementing the simple checkbox on your own and hope someone merges your pull request

+4
bowmasters on Oct 8, 2019

Any alternatives?

Termux + Mutt is afaics the only working combination for email encryption on Android. I use it for classical PGP but supposedly also works with Autocrypt.

+1
xandro0777 on Jul 7, 2020

@mdosch and me tested it with each other without previous knowledge of keys which worked. We forgot to try to create a new e-mail (but only replied to each other). I just tried it right now and it worked as well.

He still has issues with another contact, like @kuppe.

We need to catch that issue … Could it be that some internal state of previous versions interfere? Can you both try it with a fresh configuration?

Regards, doak

On 11 February 2020 17:55:27 CET, Markus Alexander Kuppe notifications@github.com wrote:

I’m observing the exact same behavior (only replies are automatically encrypted) as @mdosch describes above

– You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/k9mail/k-9/issues/3451#issuecomment-584735674

+1
doak on Feb 11, 2020

@mdosch, if you don’t mind I will contact you via email (your blog email address). Let’s see if (and how) it works the encrypted way.

+1
doak on Feb 11, 2020

I used k9 to write an email to my wife also using k9. Both of us have mutual set but only replys are encrypted new messages are not. I also had a look at the header of the last messages and mutual is set there.

Am February 11, 2020 9:35:38 AM UTC schrieb doak notifications@github.com:

@mdosch, are you aware that the last received/processed message from the corresponding contact needs to have mutual mode switched on (prefer-encrypt=mutual) to let Autocrypt enable encryption by default? If so, how did you double check that?

See also https://autocrypt.org/level1.html#autocrypt-internal-state.

+1
mdosch on Feb 11, 2020

Still happens for me in 5.704 fdroid so I guess it’s still not fixed.

+1
mdosch on Feb 11, 2020

This is terrible. Does anyone at least know why it happens? Is it just random or is there a workaround? Autocrypt is enabled for sender and receiver. We’ve exchanged multiple mails. But still, new mails are not encrypted by default no matter what I try. Sorry for the harsh words but in my opinion that was a seriously dumb decision.

I have public keys from people in my key store for a reason. And then I write a mail, but still it isn’t encrypted. You remove a perfectly simple and even for novices easy-to-understand option (you have a public key of someone, you write them encrypted mail), recommend enabling AutoCrypt (which would be perfectly okay for me as a workaround) but then enabling this option doesn’t have any effect. You just can’t make this stuff up.

And the blog post explaining why this is introduced is so extremely flawed in its argumentation that I just don’t know where to begin with. If I’d put on my tinfoil hat for a moment, I’d almost assume this is done intentionally to keep people from encrypting mails.

But, okay, I understand there’s probably no real way forward here (ironic how the blog post claims it’s “the only way forward” while the exact opposite is true) since this mess seems to be intended.

AquaMail unfortunately doesn’t support PGP. Would even pay for it. There is a new player called “FairEmail”, but the author also has very peculiar ideas. For example, you have to confirm every link you click in a special dialog window. Unusable in a commercial environment where you get lots of mails from JIRA etc. everyday. But perhaps it works for some people.

Sad that in 2019 this is still so unnecessarily broken at a time where Thunderbird has vowed to modernize their PGP support and deliver it built-in without a plugin in the future. Now, we’d only need a decent mail client with PGP support for Android. Sigh…

+1
rgpublic on Nov 23, 2019

Here the same. Please add a expert option to force gpg encryption.

+1
scarshot on Oct 18, 2018
Read more comments on GitHub
← thunderbird-android: IMAP doesn't sync correctly - BAD 'Command Error' following APPEND
thunderbird-android: K9mail can't find public keys of recipients →