Ask HN: Simple architecture for group messaging with no need to trust operator?
The article discusses using encrypted email with Thunderbird and OpenPGP for secure group messaging. While the message body is encrypted, header data including recipients remains visible, which poses a privacy concern. Users may need to adjust settings in their email accounts and can share public keys through various methods for enhanced security.
- ▪Encrypted email can be set up using Thunderbird and OpenPGP.
- ▪Header data, including recipients, is not encrypted, which limits privacy.
- ▪Public keys can be shared in person or via key servers, but some key servers may expose users to risks.
Opening excerpt (first ~120 words) tap to expand
Encrypted email using Thunderbird and OpenPGP (built into Thunderbird). There are some how-to's though I might just write a new one. Header data including recipients will not be encrypted but the message body will.It is not perfect due to lack of hiding recipients but most people already have email. Some people may need to enable IMAP(S) access in their mail account profile and may need to generate an "app" password for their mail client (Fastmail requires this for example). The big upside is that the keys are generated by the client and the mail server is not involved in that process. Public keys can be shared in person (thumb drive) or over a key server over over email as attachments. In person is the strongest security.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Ycombinator.